diff --git a/lib/import-agenix.nix b/lib/import-agenix.nix index 8cbd9269..059bf186 100644 --- a/lib/import-agenix.nix +++ b/lib/import-agenix.nix @@ -6,7 +6,6 @@ moduleName: { }: let machineConfigPath = config.mcl.host-info.configPath; secretDir = "${machineConfigPath}/secrets/${moduleName}"; - vmConfig = "${dirs.modules}/default-vm-config"; vmSecretDir = "${vmConfig}/secrets/${moduleName}"; secrets = import "${dirs.services}/${moduleName}/agenix.nix"; in { diff --git a/modules/default-desktop-config/boot.nix b/modules/default-desktop-config/boot.nix deleted file mode 100644 index 90ee06f1..00000000 --- a/modules/default-desktop-config/boot.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - pkgs, - ... -}: { - boot.kernelPackages = pkgs.lib.mkOverride 1 config.boot.zfs.package.latestCompatibleLinuxPackages; - boot.kernel.sysctl."kernel.perf_event_paranoid" = 1; - boot.supportedFilesystems = ["zfs" "ext4"]; - boot.zfs.forceImportRoot = false; - - boot.loader.grub.enable = false; - boot.loader.grub.devices = ["nodev"]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Reference: - # * https://wiki.archlinux.org/index.php/Linux_console - # * https://alexandre.deverteuil.net/docs/archlinux-consolefonts/ - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - systemd.extraConfig = '' - DefaultTimeoutStopSec=15s - ''; -} diff --git a/modules/default-desktop-config/default.nix b/modules/default-desktop-config/default.nix deleted file mode 100644 index 86482338..00000000 --- a/modules/default-desktop-config/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{lib, ...}: { - imports = [ - ../default-server-config - ./boot.nix - ./gnome_desktop_env.nix - ./ledger-nano-udev-rules.nix - ./packages.nix - ./sleep.nix - ./virtualisation.nix - ]; - - mcl.sleep.enable = lib.mkDefault false; -} diff --git a/modules/default-desktop-config/gnome_desktop_env.nix b/modules/default-desktop-config/gnome_desktop_env.nix deleted file mode 100644 index 70797cea..00000000 --- a/modules/default-desktop-config/gnome_desktop_env.nix +++ /dev/null @@ -1,25 +0,0 @@ -{pkgs, ...}: { - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - # Needed for Home Manager to be able to update DConf settings - # See: https://github.com/nix-community/home-manager/blob/f911ebbec927e8e9b582f2e32e2b35f730074cfc/modules/misc/dconf.nix#L25-L26 - programs.dconf.enable = true; - - hardware.pulseaudio.enable = false; - # bluezx needs pulseeaudio CLI tools to be installed - environment.systemPackages = [pkgs.pulseaudio]; - - security.rtkit.enable = true; - - services.blueman.enable = true; - - services.pipewire = { - enable = true; - alsa = { - enable = true; - }; - pulse.enable = true; - }; -} diff --git a/modules/default-desktop-config/ledger-nano-udev-rules.nix b/modules/default-desktop-config/ledger-nano-udev-rules.nix deleted file mode 100644 index 95e06a6e..00000000 --- a/modules/default-desktop-config/ledger-nano-udev-rules.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.udev.extraRules = '' - # Ledger Nano S - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001|1000|1001|1002|1003|1004|1005|1006|1007|1008|1009|100a|100b|100c|100d|100e|100f|1010|1011|1012|1013|1014|1015|1016|1017|1018|1019|101a|101b|101c|101d|101e|101f", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="plugdev" - - # Ledger Nano X - SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0004|4000|4001|4002|4003|4004|4005|4006|4007|4008|4009|400a|400b|400c|400d|400e|400f|4010|4011|4012|4013|4014|4015|4016|4017|4018|4019|401a|401b|401c|401d|401e|401f", MODE="0660", TAG+="uaccess", TAG+="udev-acl", GROUP="plugdev" - ''; -} diff --git a/modules/default-desktop-config/packages.nix b/modules/default-desktop-config/packages.nix deleted file mode 100644 index aa6877ed..00000000 --- a/modules/default-desktop-config/packages.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - ... -}: { - programs = { - gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - git = { - enable = true; - }; - neovim = { - enable = true; - viAlias = true; - vimAlias = true; - defaultEditor = true; - configure.customRC = '' - source ~/.config/nvim/init.vim - ''; - }; - }; - - environment.systemPackages = with pkgs; [ - exfat - ntfs3g - unzip - curl - openssl - bind - gnupg - nmap - wireguard-tools - iputils - pciutils - nvme-cli - htop - file - ripgrep - tree - ]; - - fonts.fonts = with pkgs; [ - (nerdfonts.override {fonts = ["DroidSansMono" "FiraCode" "FiraMono"];}) - ]; -} diff --git a/modules/default-desktop-config/sleep.nix b/modules/default-desktop-config/sleep.nix deleted file mode 100644 index 61ed10ba..00000000 --- a/modules/default-desktop-config/sleep.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ - config, - lib, - ... -}: let - enabled = config.mcl.sleep.enable; -in { - options.mcl.sleep = with lib; { - enable = mkEnableOption (mdDoc "Enable automatic sleep"); - }; - - config = { - services.xserver.displayManager.gdm.autoSuspend = enabled; - systemd.targets.sleep.enable = enabled; - systemd.targets.suspend.enable = enabled; - systemd.targets.hibernate.enable = enabled; - systemd.targets.hybrid-sleep.enable = enabled; - }; -} diff --git a/modules/default-desktop-config/users.nix b/modules/default-desktop-config/users.nix deleted file mode 100644 index 664432be..00000000 --- a/modules/default-desktop-config/users.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - users.groups.plugdev = {}; - users.includedGroups = ["plugdev" "libvirtd" "docker"]; -} diff --git a/modules/default-desktop-config/virtualisation.nix b/modules/default-desktop-config/virtualisation.nix deleted file mode 100644 index 263b026b..00000000 --- a/modules/default-desktop-config/virtualisation.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - dockerStorageDriver = - if config.fileSystems ? "/var/lib/docker" && config.fileSystems."/var/lib/docker".fsType == "zfs" - then "zfs" - else "overlay2"; - - podmanStorageDriver = - if config.fileSystems ? "/var/lib/containers" && config.fileSystems."/var/lib/containers".fsType == "zfs" - then "zfs" - else "overlay2"; -in { - virtualisation.lxd.enable = lib.mkDefault true; - virtualisation.libvirtd.enable = lib.mkDefault true; - - virtualisation.docker = { - enable = lib.mkDefault true; - storageDriver = dockerStorageDriver; - }; - - virtualisation.containers.storage.settings.storage = { - driver = podmanStorageDriver; - graphroot = "/var/lib/containers/storage"; - runroot = "/run/containers/storage"; - }; - - virtualisation.podman = { - enable = true; - dockerSocket.enable = !config.virtualisation.docker.enable; - dockerCompat = !config.virtualisation.docker.enable; - extraPackages = [pkgs.gvisor]; - }; - - boot.extraModprobeConfig = '' - options kvm_intel nested=1 - options kvm_intel emulate_invalid_guest_state=0 - options kvm ignore_msrs=1 - ''; -} diff --git a/modules/default-server-config/default.nix b/modules/default-server-config/default.nix deleted file mode 100644 index 7d32bd42..00000000 --- a/modules/default-server-config/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - imports = [ - ../host-info.nix - ../users.nix - ./i18n.nix - ./networking.nix - ./nix.nix - ./packages.nix - ./services.nix - ./motd.nix - ./users.nix - ./zfs_snapshots.nix - ]; -} diff --git a/modules/default-server-config/i18n.nix b/modules/default-server-config/i18n.nix deleted file mode 100644 index f2586b08..00000000 --- a/modules/default-server-config/i18n.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_MEASUREMENT = "en_GB.UTF-8"; - LC_PAPER = "en_GB.UTF-8"; - LC_TIME = "en_GB.UTF-8"; - }; - }; - - time.timeZone = "Europe/Sofia"; -} diff --git a/modules/default-server-config/motd.nix b/modules/default-server-config/motd.nix deleted file mode 100644 index 7d202b16..00000000 --- a/modules/default-server-config/motd.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - pkgs, - lib, - self, - flakeArgs, - ... -}: let - baseNixOS = flakeArgs.lib.nixosSystem { - modules = [ - { - nixpkgs.hostPlatform = pkgs.system; - networking.networkmanager.enable = true; - } - ]; - }; - - baseModules = builtins.attrNames baseNixOS.config.systemd.services; - - currentModules = builtins.attrNames config.systemd.services; - - interestingModules = lib.lists.subtractLists baseModules currentModules; - - systemctlQuery = builtins.concatStringsSep " " (builtins.map (s: "${s}.service") interestingModules); -in { - systemd.services.motdScript = { - wantedBy = ["multi-user.target"]; - serviceConfig.Type = "oneshot"; - path = [ - pkgs.systemd - pkgs.sudo - pkgs.boxes - pkgs.procps - pkgs.coreutils - pkgs.gnused - ]; - script = '' - { - systemctl --type=service --all list-units ${systemctlQuery} | sed -n '/LOAD = Reflects whether the unit definition was properly loaded./q;p' | boxes -d stone - sudo df -h | boxes -d stone - free -h | boxes -d stone - date - } > /run/motd - ''; - }; - systemd.timers.motdScript = { - wantedBy = ["timers.target"]; - partOf = ["motdScript.service"]; - timerConfig = { - OnCalendar = "*-*-* *:*:00,30"; - Unit = "motdScript.service"; - }; - }; -} diff --git a/modules/default-server-config/networking.nix b/modules/default-server-config/networking.nix deleted file mode 100644 index 47775e15..00000000 --- a/modules/default-server-config/networking.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - networking.networkmanager.enable = true; - systemd.network.wait-online.anyInterface = true; - systemd.services.NetworkManager-wait-online.enable = false; -} diff --git a/modules/default-server-config/nix.nix b/modules/default-server-config/nix.nix deleted file mode 100644 index c5003686..00000000 --- a/modules/default-server-config/nix.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - nix = { - settings = { - trusted-users = ["root" "@metacraft"]; - experimental-features = ["nix-command" "flakes"]; - }; - generateNixPathFromInputs = true; - generateRegistryFromInputs = true; - linkInputs = true; - }; -} diff --git a/modules/default-server-config/packages.nix b/modules/default-server-config/packages.nix deleted file mode 100644 index 986b1ff7..00000000 --- a/modules/default-server-config/packages.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - wget - tmux - fish - neovim - jq - git - ]; -} diff --git a/modules/default-server-config/services.nix b/modules/default-server-config/services.nix deleted file mode 100644 index 12e33730..00000000 --- a/modules/default-server-config/services.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - services = { - openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - tailscale.enable = true; - }; -} diff --git a/modules/default-server-config/users.nix b/modules/default-server-config/users.nix deleted file mode 100644 index 94712537..00000000 --- a/modules/default-server-config/users.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - lib, - ... -}: let - hostname = config.networking.hostName; -in { - users = { - motdFile = "/run/motd"; - mcl.includedGroups = ["devops"]; - mutableUsers = false; - }; - security.pam.services.login.showMotd = lib.mkForce false; -} diff --git a/modules/default-server-config/zfs_snapshots.nix b/modules/default-server-config/zfs_snapshots.nix deleted file mode 100644 index 9c7ca10f..00000000 --- a/modules/default-server-config/zfs_snapshots.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - lib, - config, - ... -}: { - services.zfs = - lib.mkIf config.boot.zfs.enabled - { - autoSnapshot = { - enable = true; - }; - }; -} diff --git a/modules/default-vm-config/default.nix b/modules/default-vm-config/default.nix deleted file mode 100644 index de0fb9ef..00000000 --- a/modules/default-vm-config/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - lib, - config, - flakeArgs, - dirs, - ... -}: { - imports = [ - "${dirs.services}/hello-agenix" - ]; - - virtualisation.vmVariant = { - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.loader.grub.enable = lib.mkForce false; - - networking.hostName = lib.mkForce "${config.networking.hostName}-vm"; - - # following configuration is added only when building VM with build-vm - virtualisation = { - memorySize = 4096; # Use 4096MiB memory. - cores = 4; - diskSize = 8192; - - forwardPorts = [ - { - from = "host"; - host.port = 2222; - guest.port = 22; - } - { - from = "host"; - host.port = 8080; - guest.port = 80; - } - { - from = "host"; - host.port = 8443; - guest.port = 443; - } - ]; - }; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - - security.sudo.wheelNeedsPassword = false; - - # Add all normal users to the wheel group - users.users = lib.pipe config.users.users [ - (lib.filterAttrs (n: u: u.isNormalUser)) - (builtins.mapAttrs - (n: u: { - extraGroups = ["wheel"]; - password = "1234"; - initialPassword = "1234"; - })) - ]; - users.includedUsers = ["bean" "johnny"]; - - system.activationScripts.agenixInstall.deps = ["installSSHHostKeys"]; - - system.activationScripts.installSSHHostKeys.text = '' - - mkdir -p /etc/ssh - ( - umask u=rw,g=r,o=r - cp ${dirs.modules}/default-vm-config/example_keys/system.pub /etc/ssh/ssh_host_ed25519_key.pub - ) - ( - umask u=rw,g=,o= - cp ${dirs.modules}/default-vm-config/example_keys/system /etc/ssh/ssh_host_ed25519_key - ) - - ''; - }; -} diff --git a/modules/default-vm-config/example_keys/system b/modules/default-vm-config/example_keys/system deleted file mode 100644 index 56308852..00000000 --- a/modules/default-vm-config/example_keys/system +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN OPENSSH PRIVATE KEY----- -b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW -QyNTUxOQAAACA4UgsiQ6lg2I8iFVxucwsFo5S2SphE/gbqJmyAMm4R4AAAAJiMFcI/jBXC -PwAAAAtzc2gtZWQyNTUxOQAAACA4UgsiQ6lg2I8iFVxucwsFo5S2SphE/gbqJmyAMm4R4A -AAAECsBuwWuUeGX6j62P+Dd1X69HuEX5+ySdWDzWBmDKuoLjhSCyJDqWDYjyIVXG5zCwWj -lLZKmET+BuombIAybhHgAAAAFHJvb3RAc29sdW5za2Etc2VydmVyAQ== ------END OPENSSH PRIVATE KEY----- diff --git a/modules/default-vm-config/example_keys/system.pub b/modules/default-vm-config/example_keys/system.pub deleted file mode 100644 index d05a0790..00000000 --- a/modules/default-vm-config/example_keys/system.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhSCyJDqWDYjyIVXG5zCwWjlLZKmET+BuombIAybhHg root@solunska-server \ No newline at end of file diff --git a/modules/default-vm-config/secrets/ethereum/jwtSecret.age b/modules/default-vm-config/secrets/ethereum/jwtSecret.age deleted file mode 100644 index 619a8f78..00000000 --- a/modules/default-vm-config/secrets/ethereum/jwtSecret.age +++ /dev/null @@ -1,41 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AEYnuA WlQKQTqQ9gulVNC3iyEli/b4voZGdk1BE8rY5xq79Eg -p8BMww0GrXKMIC5PaCdx1mxr2DqeBfp9UHsveFHSRb8 --> ssh-rsa JJQlXQ -l1d2AgDGyqKpz6xBPCwGkNQ3HhEvGXdJU/9kdBOkHs73iPiRpplBQa7joHtdQhbQ -ILkEnIWdxLlWkJSqyYFB+WdHFvYky0JreSJMcd65cW4okvGJg3YeN7jWCeRRYroe -T+tToWSLTHbJD7XXWEBklv3lq0wloVnLJ8IfL2g1uMUNUqfWesFICVBQNrW2mrXB -TmApcHS4Y2bvLnrNEvzctKxqavtUA8PxsXyTzJN2o1mjmSJZcsHQlcgy8eJGOvde -E1wia2a7GsXEjuLVUG4CeJohZrZgdLQvwtBRxAfN+RHH11I1wDVmS/kbPI+ub39r -ghQG+vQm4YWUaHCN4WHuAPZsX+1zIQHuuXtxp9j+yVfI7wetK+J9JmVkdPcxENSR -7qkpzJYtqhwtirZr/66iG+rD6YaZ5ji4RoQlK2gcRU+BpRsPUiXNFxRp3XsMnyJY -fEQBlwDuMoca+uX2pyBP0sHWWp6vg/8WWuVVY88+NIW3HSt4WCGcesvrUWVcxFDa - --> ssh-rsa krDgLQ -OYmFJ24jouOpiD1mrJm+wju3g89ydjQjLDWYMhiveGayQZ35vEPQ0tQEMiZQoXH4 -W2H0Ax4QhpBUAW6CtkX3Xt+BNw341cPth5eMeMn4kkNRNnLsy8m1X16681LT+lPv -dzWQDXGt4e+L42osoiShk5c14CZTcb844+Q2gwk8U+a5HpOE9QxIQzNp4TjHwNu7 -4P3tq7XK4JIfQMHbxKmZaCchG2ymqYXJbJo+TaybHBfxZ8g/VmqH/X4hfL1o76ks -dQKAZ6Y5po97SLUHBjJCepYGz6wOecfC7HvA//4KZ/FhXGy7Zi02VQaM8kat+EXZ -HvRYmWoP0J+8Nv79z1sjkA --> ssh-ed25519 c4vZAw LbW4xI3W8LskV2G74MO0QcDPnSV5eD7PWoaxX8GNzho -bI/SYKiIeQVzRssWdM1U7KpHgiB6m21jYqm086jYQWc --> ssh-ed25519 et2NAA IyxaZ8eF15mCejXB1M0X1KZoLrYSf9TrNHG0wleS108 -3eEopaYv7P4HaCui5xIvXnFSufe2JVtD1xBo/8b3IZ0 --> ssh-rsa RLU0fA -oaIT6ZDx6lx8hoW/B+OVeEHr1yBRupJvcrhS6ScIZZ4Vj2TcuYFZLKoyXjklCeQN -dy/2SUIb2c3Nx2+oHyDyvirnWSQnQDt04NlV+2zMTLBHb5/hzaAmlJENJ+5usHu3 -BrsWRNkZsDgKmuo77nS4mZJzvYv4Ne9cVi9ri3C12EnTLlMFsGZuYsU3zcF6BXJ/ -aBKIHzU86t86TPk/pqKQlc1amtcyGNe1qjPP72fCtfqyvSjEPmvsGbh0lLswD/oY -hloEgWZterQigdCJ7aRf8fH55RtLdW7rhQTcAsXav13AHsYKs5xh8hmw/NJHd6vi -mtTgI8HIcawoVnnQuw6+lDV145BNUBNro5SMi1DVIpqPD0u+LsajagCW4d0eAs6U -qakrYTOdZRkviOdDs3Zy25C+LYvPmW2UJ9tM9Yf2/AbdbcxDWXfioc5ZHbwxhxT4 -MkOVBKrng/b6gzmZXL7tuCYfDfn1ho5OwXGOjXOt6oV+7ivZZwD2eeB8A9HcZN0n -2GRRnbrka3ppOiEbG6SKk6gF9Ow5opYnj+0FO6ilDo9VLtphizkL7cxpblRrwu2T -DkPscXLb39epALPnFomwWGNP8LN18gnrfkMls6cLvpfLkBsdatnmGQX4duUbNkgM -piUhSx5Ig+t8SyzSCpRxUcj0bgb5Hqp5ejOmKJmBwYs --> Ef@rFIL-grease # `a" Im ssh-ed25519 AEYnuA pqIoalNplMJ/Ax1MvVaTIzIF1ktOBgzZ6yZaIlgQOTA -4WRraBZm9ulOgBs6pnf/wsi4LwUZPlC1D0D+M5L2B90 --> ssh-rsa JJQlXQ -WTWtRrLZoxVDvCrBf0gxo+q2VlxxSDT4gNPgqzhGi0CP+HwPMjniclmtKI/MJIL3 -n5p3NaWhQhZWlefZxBIH1abtp4mtFg+7NvZkfqVQpzvy/y8P6w9Fh7e3u6DTUpQv -STeiwYXR/JKPSFunQj7BrksJmMJQo4MK+8e1sBpvTax4zf/XYvX8fs9mZvhu+t3y -1VF4SuA3RlbRKnhoQNedzYKJWzlTmDB/usckMnpIdT3p+p/9esjWo3IF8LcwAx1I -+KwfeKmLR0Dupz99/HpS3B9NWGKZ55qkU0lslp7tEIkPjFfcpEHt5Lud1PWXc9kp -Bpbi7lSkhh/0cY2ecr+bwrwHnT7wbLOxtq+vFzVhekuiSSEQ6YlKVx4SOGDz6MKu -pQxfym+i2Hr799iaYYISFn5A38cD4paYDrDRmgELuRwCyZNBroB29I2hVIuZoyJc -FYDKD4+5vIeRba/5ch5i2C4uoL0syIF6IaQLlvfeAmyEU6RdYNsdE+kYOomfXP7h - --> ssh-rsa krDgLQ -NhhBjpmun6FxaTLm6EMLUB+NUKtLZgruUn1s8qGb/onHUNh6Mh4BNMmkFxXGjr08 -1yrpSbcBKgP2gK46BhB1Kz/6V/fWMhNMseGHjHPv/9ZzwoCUID0tKquOWOKMDrPU -hhe5HEFTiPnXxOLwjY68kz8ES0wCh9u8Gj0GijE/H+WDZ1Cd4AKLWG6dOaD/nG6w -NDX6U4dNWvyRwM2eoh16Qp+cazQzj+iMRfRIj8th/UJs6rMOoCfw4zu11GpPvrmQ -AXHsDUbVkZBjiM6OkeRHIeFc8u3fnsMj324Ta8bGaeA4R/6yi0rOCSme+EJN8Bez -Dr9DJX844qvjRDiSjipNrA --> ssh-ed25519 c4vZAw FJF+OEEvOYv437+Vv7gqJWR45LssZeE3GEz4tbTgBic -roJgoT1fstxwiM2Rjj2Q8p4/drzhD/GIgDmRcvInwjU --> ssh-ed25519 et2NAA oisWTqTv2A87dX4LY2ChgO2zArtajrZaIBto1HVv/mc -Ucu1Dks+HWHe5r4yHph1gUJWS294RCIExT18P6+e4qw --> ssh-rsa RLU0fA -A6CizaeRv9c/UuDmy7zbXlu5m6lPMESY4tpJsnPctClTnUZHAW5l8TZrjnfjgfUh -CxWT6CzKbX4dy1GktPYA298h41CQx3vG9LEKeOn+6fet451e/wAAKPr//w78HFHC -gPbO28ktajI4yI8wF/VP+ugbe3Va0uCc4NotUYhG6+dfVn/xKuNoCdBEeQZlMYJ7 -Rwr7iZsYOyVGxtBohcrECHkcc0+Lw9YhA4/veVgnv6pXFK44W++8IXnNbp4/HJcd -aclVVmNOeRJWhQ0fUUNEQBXTjOiQTTy2SuTdtYZ2XAQVdtYrc7ZWZsDIPg9eaRxh -IuXzNSB9+djW2kZsH+EpfoXPT37ww+bwRe88pLmxNz6B2qU6C2xuCjc1K2i3Eru8 -6TNCrGcxq7V/jLrK7bu6zTuQ/augZGzYHbn8SwO1BO/OeYigBe6gu3lmtCWsZg72 -L7e8R8qa8v2ppS06OBoPY85go8LYmZaYsrKQLTjc9c0PBm6G79TxbFfXEv/hBwAD -noFixcQ/YdHJhey3laNtNGtPzeq1Jx4NqQGL2u4bnUlRwaTM6lgqHa9hCim+zd3m -L3FtEh33BxWB7lUjiQ50mdf39XgMcmj1S5I6/eXAFZzamUfnFv2jxASNrDERifi4 -tuOV52Zn5DauxwzeeUtZiSF2MmH+Aaiymra/Hk3zyHw --> F-grease -y3de62Hxb+tuKXF+ ---- kc99ufZSbLePtuTDghD7JtAR2XrCwF+hHNACUn5IUgw -!2)dؿrY)p*M:/:Igr^BWZ>$Z^̚-@3oQRW`rSՌW(P7D^͑423 ya> Qu@ysʾR?a+6 \ No newline at end of file diff --git a/modules/default-vm-config/secrets/gitlab/db_password.age b/modules/default-vm-config/secrets/gitlab/db_password.age deleted file mode 100644 index 3995d031..00000000 Binary files a/modules/default-vm-config/secrets/gitlab/db_password.age and /dev/null differ diff --git a/modules/default-vm-config/secrets/gitlab/jws.age b/modules/default-vm-config/secrets/gitlab/jws.age deleted file mode 100644 index 847e9b19..00000000 --- a/modules/default-vm-config/secrets/gitlab/jws.age +++ /dev/null @@ -1,42 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AEYnuA jyytgRaPt+eyANn7F4h6PqMUizeA31WgO7yDSqELxV4 -aplZQeI9PBqj8giy/m7fWup/N9pkxDm23OYJOfRAHyo --> ssh-rsa JJQlXQ -FyEu5QP0NZES/i6mG3SfBWuX058Hl5ZimfMiUJQjpLJTTsA1anDmKwZkOqATVM/6 -TBQ8z+yBUNk1ibxjZn/VdspFCTFHVK5yIofLcYqMHLCdaS1bE1x+23XD6MTkxNlm -Ibm+gHxBale1b6tmn6z28nvsGvsLDcKTn0grxteFtCRoJlUop/bmM/eA3IICZxze -TGhoCMCjA9g0Nd7tvl+YoDerz8TMIlMkZr1NqCNYLlGhbKbP3b2Pj9yYONFdup/h -wsm/WYm/rbVDKs4F1DPJUItHW+AO2D5fNZ7pchZFvsFZS0TGk0XcsBLphB1Xageu -QG+Wh3cTYs2N41ULZDl/A2qHSQZxqfqnJ52o7VRvYAFOP4yVo7QXs1nM1QcJqKEZ -Up40S3qHlSU1cQFO5RMghzr7OoD+AdE4v+Zzgz6CcGb5BRWVxXxghwkwKg7yFQV8 -J7FsMqZPSaE0U/utU2mdu0UdrP11uCKlf26H/wt6+1LBPW/nWbaZg3ajx2rq51vH - --> ssh-rsa krDgLQ -pDKsoNVT5H4lxX/C/LMozgFUYtZWrgIUVZ9yvZu4ds07DBYe6YIjwDa2xlFy/V5a -kgqMYd8QpPbvajfUQ2+C+EmTEO8ipKdOUQ2iHD0lRdGGyXPRoVj9xG75ampCZaJO -jj9Ayhbk73NRL4mBqFDpcXtaQt8Obj9M6CV12nls37oC0Vm1/X7vMLxaLgz9IBpN -JLCxWzGWPErDu3NJUtxnWYzrLKsS3kmdX3up4ca/vinfipw1FQ9WE0Bw64r0o6Ix -ozHUWO837k1H4Vrtgek43f7JPRQ3mnYvmeVHcSu4TkUfea6l8TK/vyvYIWQQRwMd -XfFJpu0BrR9ZNMbucCxZkQ --> ssh-ed25519 c4vZAw T04Eihp4VdHQoiuCvu3nQHvxKQmEm8kKOys66DF2ags -9p9WYXqAJhicmgu5RJ52nzr4+w0bpBqUAdVPkAb6caU --> ssh-ed25519 et2NAA Kkn8ktNspQI8TZDOxvT2pBftorqAPvqPngnpAKinTWU -l51G3f4YRmEaez8xpO/UU7oQY/+LZxVKLKZTfIB/Sa0 --> ssh-rsa RLU0fA -Uu86vdyxCqKbmdrlIYp3K5VBsgKsPxbtOBRtsdtXE9t/Cd4jpkd67kLiIGffcz6f -3t1MSRLRsqxgdQkzGlUmzR92uU/s0tqT5kmyaRTa7uC7JVTa2obM52bfiMmQXXG0 -eQ5vrKPsYa/wSIe5jY4e0ZqWA0xN2epiiY4g+DNt+6kKAi4xouZleUTSppNdCJjq -iQiX18g7j9zK5Vfmnmgp3ev4iSVaftaC5vEWBPNcXFCWBrQAdfyqJ8O8bwwYoj0C -hb2XjcWx05ZakuF3u8QfhKPkm4FkvFF5y4gc1WwPnHi0l2XGZakp9AQayQtpYfiO -EWNuEM1Vz4XB+o1yDl3cdE+pKNxMQw9Ns6L7uQllHgADLvMBP2qasWjs1zOHVZPZ -48I5uJF90Lv7ofv82Ro0gE1N03dYG49HDW31xgHFAYM9Epr4cP8FKnfqDPyfuMYG -WW/nLuZboiYesamqNE2Rjak8XlToG8gFADxJCUFnCsA6njdhJ0k2UYIDVAiW42lV -N+xvXTsQpHR/WmpCW2smsP9qgobk1GNps7PDrLfy/s8E26nG8K0hVO0nk2CL2cvh -fgEUTKIVWcGqMfeAlEHMjLUf58vpXwcGsyV96fSZVXpZwpP9gM1UQoXAAGNSKgbd -OzNd8Zik+dvf48vmFDkDQR9nGsuDrOA4pquuqgoj/Fs --> S-grease -wwSqhUbh/8tyRIzE22HOvi7SlJWSAuXEbTxf2eVilk+JH1UQp9X5MfOIMjs3b0Ib -9a807Cy0+s/KiP5AHk626RMsz55hn5nsDeena/3uYNmABqwrBm79Tx4mk6rteFU ---- 9BmN1QTxvwA/kADqAb+3bOT4jsqHHF+yV3GoRC/HrIM -od؎q*1(]86K4d zMF]^_n@vE9hG (X$jJV|t!Aqviّҥ3ߠ%R>y`yZzMm}߽6>iDH -+ \ No newline at end of file diff --git a/modules/default-vm-config/secrets/gitlab/otp.age b/modules/default-vm-config/secrets/gitlab/otp.age deleted file mode 100644 index c1a21ca8..00000000 Binary files a/modules/default-vm-config/secrets/gitlab/otp.age and /dev/null differ diff --git a/modules/default-vm-config/secrets/gitlab/root_password.age b/modules/default-vm-config/secrets/gitlab/root_password.age deleted file mode 100644 index 3f674366..00000000 Binary files a/modules/default-vm-config/secrets/gitlab/root_password.age and /dev/null differ diff --git a/modules/default-vm-config/secrets/gitlab/secret.age b/modules/default-vm-config/secrets/gitlab/secret.age deleted file mode 100644 index cd55fa6f..00000000 Binary files a/modules/default-vm-config/secrets/gitlab/secret.age and /dev/null differ diff --git a/modules/default-vm-config/secrets/gitlab/secrets.nix b/modules/default-vm-config/secrets/gitlab/secrets.nix deleted file mode 100644 index 4553e18c..00000000 --- a/modules/default-vm-config/secrets/gitlab/secrets.nix +++ /dev/null @@ -1,11 +0,0 @@ -let - system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhSCyJDqWDYjyIVXG5zCwWjlLZKmET+BuombIAybhHg root@solunska-server"; -in { - "db_password.age".publicKeys = [system]; - "root_password.age".publicKeys = [system]; - "smtp_password.age".publicKeys = [system]; - "db.age".publicKeys = [system]; - "secret.age".publicKeys = [system]; - "otp.age".publicKeys = [system]; - "jws.age".publicKeys = [system]; -} diff --git a/modules/default-vm-config/secrets/gitlab/smtp_password.age b/modules/default-vm-config/secrets/gitlab/smtp_password.age deleted file mode 100644 index 481b30b9..00000000 Binary files a/modules/default-vm-config/secrets/gitlab/smtp_password.age and /dev/null differ diff --git a/modules/default-vm-config/secrets/hello-agenix/secrets.nix b/modules/default-vm-config/secrets/hello-agenix/secrets.nix deleted file mode 100644 index 3a8e8e29..00000000 --- a/modules/default-vm-config/secrets/hello-agenix/secrets.nix +++ /dev/null @@ -1,5 +0,0 @@ -let - system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhSCyJDqWDYjyIVXG5zCwWjlLZKmET+BuombIAybhHg root@solunska-server"; -in { - "test-secret.age".publicKeys = [system]; -} diff --git a/modules/default-vm-config/secrets/hello-agenix/test-secret.age b/modules/default-vm-config/secrets/hello-agenix/test-secret.age deleted file mode 100644 index da009f39..00000000 --- a/modules/default-vm-config/secrets/hello-agenix/test-secret.age +++ /dev/null @@ -1,41 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AEYnuA M1SeUqtDO2H14b2xQIYgdNMEdxJzUTXSbNiMi3h9zwA -xxUCHTdbtxTl0VqVyHRcjdRT152IJXgQ4vIkJv/AHQI --> ssh-rsa JJQlXQ -UqzitY4YKUWKPv5un0ypIPL2zdMKmYWx76pD46jp8fVoe1pxqR1aJQ7yDv8e9tBN -UxB2g2W/Yq+tfmaBOpEeVRowYMbzivkhWNrEqNI4Yb8q9PYwlz0Y7/kXzVz4aRYx -hN1Qog5q4ciBpmX7nfi20bjiQz06e03jiNpZt7vMvpOYyXYCgObNckyzGNhltrng -roeBybF64PLi2bC5UdbFYoMNbvVK/SMRASMmQ83d+Q77BDf2jATyp/gfzcB5/sSC -W0JqIuCw7pJ4/VHx8Dcel5PPeQaZt8nsq5dFoMh4upbfmY+UfoFTMZt+uNyISkvM -XircVQTbIV1t0Zjtnt7gVTQn/+Z/HjH6/O6AiTbe4cBUAEtYM4j43RJXge1HWxhR -znnbjY+U+Gq78QX2wXZHGdaIszSuual2H2VkPl51yjXXu+IS3xe8XOWWsdZNpjIy -BkaelMJqiGKGRnmPHXmVIfyuhLf3SUgMA1WFAOsDYhAvVDfbOfKJeMIiS/n/Jvr/ - --> ssh-rsa krDgLQ -ZBMxy8bk3zX18cXcfHfdF/iVTwHjBO5gOqpa3ElBIbLtWOycZz7of+8S50h6dwZO -OVUQLi0lS8EwjXQDsnLt3BlvdQOmnXN8OzMzXuuNPWK8r7IDJRWzM+Dn5ekPxgam -PMtWtRaWsbjafErZUmgl2ViAF2cTbpLSrHO19+7Jxd7J7YnuEK5IGsYAzxvBUYW7 -WbUFt+YFzpSTNiY0QLvyLCKNC4onY7dmGV/gwmEgi4TgZly/sg3iHVxGf+fRXKrq -pC7eZs6wQYznYTxXwGscNZ/DrLXgbYXbe3nS5ho4bsVcNQAzemHR0NhS+LSe80/8 -7zepmBvYUDMebwSQQgv6Kg --> ssh-ed25519 c4vZAw WSz1QCR+5PEVBIQWfRcjjXsjBv4rVFlKCSCAapopbBU -HoFDMV9iLN5ed5iD36YX0QIw5uFP0ZOV8/UM4obJuXk --> ssh-ed25519 et2NAA 8FetOK9Izvi24/xiThrQ808QoMJ/X0AJ3jSixTvZ5xw -oc5J4byAUMOb2W7ZhUG0qiEuGagrl9dc0TIKkRQKVhc --> ssh-rsa RLU0fA -PdbOVhO+Lhd/wpgJkoKsVbTqZ9edLqVSaZQVLsvTO6hg0XN5tW98oFWXuqS/GPdh -hEL6GSUsUsKxAV42wIuCwSWpBf5jP4JO7faH1OG+OYNZwbuLouzp1gttJpkdTfXu -ftQOYlHZUj2jbvR7iHDxsAhEFQ7xlWuatJbC8AC3o3psm63mi48hkZv5SVSD41mJ -yfCuqA+lcKaAHp2PZHOIuctkGMz5p6yFrzOxvELl99hAK4OCr9QOJTWpNyiQmnIL -pCE0kS2VJqYtIxarIaQqF72yDdMSUPgNJbBA4GsbBTKrxBxscqjFaJjCes2Ks9uV -dTk+X2Uqmz1mmwnOE+7K/w5Ejtyw+P7FTjZyCVtESGpKH66m11C3VeAzFwFoIvSZ -4yIutVCJfH6nUHrVVtEfyowXQuOVcddVPr4w8h2ZRtQVoHCPFKsfNq3HsplzdTky -V+xLjGu/kxKmK62I7G8yTBv9MN22uXkn721tm3/Wcws0uzI9QiCkpo+TaL489lZw -5YmwZsjJAObJDq3RRRnWGU/HGHhu9aJLPUixrr8IIvAkfno4oqNDqsYHCicRpNNv -Z5QMojGkV6vhgSff1DgSiaF22OcZCWFjd7600Z7oOII1Y3Khz+qmJGvtyjjaTenw -dGE/1Rua698ncz0BeY00Nbnstclm+/MIFr1uiGrWCxY --> t*KKQ[gT-grease )zNR_IV0 SG 15&]Wi:t %ckEt%V" -9NLEDxJ8N1GqFhu++hPHKac11ZWy0z0N6VD00uoECBsrdeImeBJ8ryQnC9sMgnWJ -fhfIL8iYxw6/4cRRC6fbQorY1z/4dfw+TIit/blKVN9MF32h ---- d5TqgCyNvSTV3rPdgEFr6QI/g9ukbKQFwcE7fF8p284 -h{:7)P̭v?c69 \ No newline at end of file diff --git a/modules/default-vm-config/secrets/keycloak/password.age b/modules/default-vm-config/secrets/keycloak/password.age deleted file mode 100644 index db75dffc..00000000 --- a/modules/default-vm-config/secrets/keycloak/password.age +++ /dev/null @@ -1,40 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AEYnuA KjVBsv5jRZwKuaXgTaG73lcKRvn0oXEImX+GIGR9fgQ -VL1CnsPR9Zp53jQDMn3wW9pO9+VDSU+j9invZg+GIwQ --> ssh-rsa JJQlXQ -pfseMx5lNNWFQYyY1gVJSFIr1QyF9WpCg0Ko4avcNTdvyRPZ+fVDpSzJJWOWQNnh -/1MnXyvscIoe8py7WKkCZwkQGDltvgNgLAdhPi/Nx3H9n/9Huf9yaZvpfprXXliX -hz7XD9YSghmIptfJ9Aj3lDCDcNxhXdlx9cZu3hTOs88FR28iYHm1r01Flk4e5Zyz -b+E4b23wir5n+93mce6VEHUAJMSzqqg8wQ3RpfI0+5q+i18oS1dGFSJh1CyKHD7x -etNJDIPj0M8PBAuxfASChZFdC4T31zebG2etIHWu3PVA9ywtM/ar2EyNaTKY1jBY -5pQ/ivVPLusPU4cFHusOtJZeQY0aWbdLA7MZ0Bo0s1HcjvwJMF9K9UtAA0Bi6Tb3 -EclCjCbmngMsNwRMSzEEVVbpVub9pzw2D7CsbJG48c9qGqW7KwBdeyBlxmFuZxOd -zRJ+tiRzAya5Us52h7kBn1UDQNaXZeIQF5LGzaIhnNS8Cv2m2xwGeW6mOFNaQSH5 - --> ssh-rsa krDgLQ -v105wpYn/PAp0ONB3KP3IoWfDlrd93rZOjde55xnMGpjpAfG2dMgdz58Z+jafhHt -PafTM9ZccWVEflPh882WWguKtA24TjZtDsh+Tqqzp/INRZR5VN9aNFm/JCGXva6w -RYvaHD8HjETbrtgx7F8EUXlLYaHWJCiPIeCkBop7GMv0hblnJ85g3UR73QoT8uhs -pUylGIRshqWSN1Yk15ZACguwsULwyd+iDaL9QAJM/e4kEUwIT/VY2sbiVXe52mMR -x4NmffGnD18Wo36CxVUkysWeclYsXREwspFjTBQXlh8RZC/HZIhv84Rg+q85ARlh -bK9E6l+h31F55PPOrDcCHQ --> ssh-ed25519 c4vZAw Qwzuv89wtHXO01beuZfHVMJeURSfIkEtXuVGkPNkyzE -GNpmEjqzLADR9jsQOI+n80KzkS/hZGMbF7eeEQ5bfK0 --> ssh-ed25519 et2NAA 80OT03Kr0xkXiiEcAPuKUMu4Q+rNDnl6xVFYt2fUp1c -oRxi5nGkOz8IuUQM5T6hiDPVPxK3TsO/nzBPHORTUVc --> ssh-rsa RLU0fA -d3MPlOVvi1BhTA8uIY6/C7klwZO4vAbHtjSCSzIQYKlj1YmXJMosnhehvXTpCVx2 -xO9Xpdnhl3A+09TRpLsQ3Tnw09PQ6Hxw8bn5hnHeer/VsvH7NucsJBZLjpiKikiH -qJ8KkJ8bJp6Ppgz2w0geZZlwjSqsBAEvREqmYyri9Qa8p3qlFplqeFey1iU/oHMT -whOfheeaF1HkBmhHbUZO8Hsb2kPEzQ+IE5pamolWz1K+uAclDxIEHnIOwfX5zJHT -QPtOulSaVF3VyQy6KH2JOL5VucaIUzX7O1lNcSQf9JNl3J/Uwq87rzgRubpl+qOD -ZHSf5LFQmNhRNrWESckSmI9WLHcEPgBuB4laoV1BbbRNBjoBSrNeJy/iE/PfGWpt -kfttYRKK7M3tBHB8XmLnit1ySPJ+yH5GfWm08eQdY+HEMWTXNNKqiQJ0wEFL+uOh -XiePCXaoUGdNIngbc1Xy9nse2xB0AhOPiqKKdXnD/OnmRox75bnEv2Gx860uZCA8 -c2MGIjJz0TKTb7U/sQPZefSXo1fHiwHTB8XWq497r+G3/ZzaedoCZ/ZEYfaRvR1z -Zyh3lOP1cMpNo8r3Xo43MI3cyrHqCw1WtneUt/b6UIby5aAxEjfTHvQ7OSvxIxgx -8ZjqVwx/GK2EtImSW9SDQR/0wIqXbF1uxJxPkJarpuY --> ";-grease =..x -ToExsIccUOxJ6QpMKMKaMG04Jw ---- SXrzQN6AJhn31zGVQaQVglfzavMQ76dshYlGdDlnI4c -ZnCqicj'E Diw#Mw@>{o<{,=L$P~򗏆v,]('-vӕ}[ \ No newline at end of file diff --git a/modules/default-vm-config/secrets/keycloak/secrets.nix b/modules/default-vm-config/secrets/keycloak/secrets.nix deleted file mode 100644 index bb199577..00000000 --- a/modules/default-vm-config/secrets/keycloak/secrets.nix +++ /dev/null @@ -1,5 +0,0 @@ -let - system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhSCyJDqWDYjyIVXG5zCwWjlLZKmET+BuombIAybhHg root@solunska-server"; -in { - "password.age".publicKeys = [system]; -} diff --git a/modules/default-vm-config/secrets/tailscale-autoconnect/auth-key.age b/modules/default-vm-config/secrets/tailscale-autoconnect/auth-key.age deleted file mode 100644 index af77f4f2..00000000 --- a/modules/default-vm-config/secrets/tailscale-autoconnect/auth-key.age +++ /dev/null @@ -1,40 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 AEYnuA IuBb08RHXadcSfe9l3lEGL64g5erryOxP6FmXtY3bhU -WTTVitICo6PI5hjy322fqcEJqlYGG3MoBgkB015Qgn4 --> ssh-rsa JJQlXQ -UoXP5bpVCyk9PkwxqJ792/k2jqNlFkrEQs6M4zrs9UqxPzzzwq6F3j8ea8/ihYxZ -W5uZx20+HGA1eo4iJ6XAwZJDgtI95oeVPyoW5aDg1su1yELiGrvruWqfCh2YaAWt -7eckTfZ+O+G847SrazggHo01AwO3i9mQ6/6HtRp7x2ph5FCaNEMVImgy+WpfBcBP -6u4lTz0dWabwFXkzS7sa0rnSfuGpApmw1YCnJ+ZTjw5PpI1Nj0BLR/XGSZBUdStS -OqCphv8+SjaI06cABr4XCDnDyhMc7GmK0n9j2+7OZ/nn9mb9+deen9GizAqXLX1j -g9pV1Rpuy+X8OF55GfugthkI8Ga6Y2L1+BnkSMptTk/tGaxFqQKXwmg9BmRFDoR5 -eFu1JbfHV9l7NozKmiRr8PHIyo4/j5c/3WEHJdnqeU7NmJPN/rBR898Ln8FYwnx9 -F9dAIFUkPAffMwVp/3JzceAdw3sz2JTREOMWrAx/GG3Q8T6xhqcDafjHUZq6KLJQ - --> ssh-rsa krDgLQ -tTU743lBwHT6CreDi87ixHGwUgBsgyljO50OKy3LmhrcAznIw9dlCY4KF3NaJE0R -Wq8qT5gvrTDehtszUVT7JmaNzzcGpSIbUNqr3HY/Rbi0rzRxlRg5h2Va/cM0I1H9 -IS62JfbjaSMFy3+6wz9z5HAjlOUyA4Wgr5rcUl2VSi6985HUiATxP4nTNK3x1UBy -YRCAxGlsKe7g/ph9Z/lMVazq3CYoKPKlR58zUqLrc6TP65Y1GE1zUV1LJiVLp/w5 -yP2nZI2hkddiE3q2YkTI0tWXR2wpbEJ84kxNMeOdYq2zT5GSqYOUhhrqEB9tbbbV -LVPAjoZT6J/7mlwl3LMRRQ --> ssh-ed25519 c4vZAw gREVgn7VZL6HeLjrql4sKZYrhXPmXRRupA8fyXkibSA -mTBMztw4NEpRY4Idk/eXDS/5V3g9YF1+4/bo0JPzizc --> ssh-ed25519 et2NAA zrDKc2XbZ+jBjiHy+PTi93XE8TkDdgOpXM8cC2sVcXQ -vb13l3LaEXb7zcRuZPAU8J4/LR8pDN3Eb2aFKs0qLiY --> ssh-rsa RLU0fA -mgTdpZwDyfHbQc529XMOzYpnocZJBwk/ybFqfp8B+WT5eTSRG6ttHPx+zOB4b4Jh -v1NyT5Q8xbZ07I7Y5HKJnxkiOZlsb10FF60oNmE5AXayT9dvEFv2BnPbCV74klDW -kLmORRyCU5aN1dFjFY5Gr2CJukOlochYZF6NyEFe6Pm/fyFBUA6tL75m8LAUf7CZ -XsMHVKxv7G8K4dJuHlQupMsDUd+Qq3B1Nxx85AoyZIIbqrOGZfzq6TVZL5ukaotV -jwuwrrtDI1jR/0zJle7/2bab2yPQJhTct6e+LoIeoK6pfhQgj67qupi9jLU2YH2c -KXxbRELxT0s5Bc8PNYoBTqdbNZ+0GZBmCsXJ8RI25Yk1+F17PULTivG8wX7h4EFo -izEuogNynKs+/XMr2KkQ3H8sN1aHGE83Cc/yp54HZupKT1lPIXuCoCnznLecJFYa -EFJ8yBlHg18MzuxisiBKphBuU7ogS72x7PNfVMZ9a8Wlts/cuiQCzVWuqo2p5oV5 -mGTnFaaYFi5F2dVXzMAn10ODmfw0VKQ3PEPpinTpHeahQlD4l3hATIsMNXxFMrQj -e4uXy41Kya4Zi6GpR3khSAt3iGxkNMwMJx3yK10drsYsdDEanKL9mfyyNTyhzeNI -xkPXZ1SaPAGlU9oLGqMwi9I7qf99p6+UvDbNR0ze9BE --> wQ5K_m?i-grease F @o!i 9V3$9Db -xaXTjrHXTOyTiMMovbXIetw9G2efptWCBnOPfA ---- S5pH+5WO5VSzZgO0YyQ9ppIlQWGlPDBvHesOcTYCPHU -鋙}>C&kjp8dqJC. "NoJmn 0wA1xgLҰaMf \ No newline at end of file diff --git a/modules/default-vm-config/secrets/tailscale-autoconnect/secrets.nix b/modules/default-vm-config/secrets/tailscale-autoconnect/secrets.nix deleted file mode 100644 index d0c83bef..00000000 --- a/modules/default-vm-config/secrets/tailscale-autoconnect/secrets.nix +++ /dev/null @@ -1,5 +0,0 @@ -let - system = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhSCyJDqWDYjyIVXG5zCwWjlLZKmET+BuombIAybhHg root@solunska-server"; -in { - "auth-key.age".publicKeys = [system]; -} diff --git a/modules/default.nix b/modules/default.nix index 16e45f36..ed5802d4 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,7 +1,6 @@ { imports = [ ./lido - ./tailscale-autoconnect ./grafana-agent-flow ./pyroscope ./folder-size-metrics diff --git a/modules/home/base-config/default.nix b/modules/home/base-config/default.nix deleted file mode 100644 index 733320c4..00000000 --- a/modules/home/base-config/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - imports = [ - ./env-vars.nix - ./git.nix - ./home.nix - ./pkg-sets/cli-utils.nix - ./pkg-sets/nix-related.nix - ./shells/bash.nix - ./shells/direnv.nix - ./shells/fish.nix - ./shells/nushell.nix - ]; -} diff --git a/modules/home/base-config/env-vars.nix b/modules/home/base-config/env-vars.nix deleted file mode 100644 index 46da87e7..00000000 --- a/modules/home/base-config/env-vars.nix +++ /dev/null @@ -1,11 +0,0 @@ -{config, ...}: { - home.sessionVariables = rec { - DIRENV_WARN_TIMEOUT = "30s"; - CODE = "${config.home.homeDirectory}/code"; - TMPCODE = "${CODE}/tmp"; - REPOS = "${CODE}/repos"; - CFG = "${REPOS}/dotfiles"; - WORK = "${REPOS}/metacraft-labs"; - MINE = "${REPOS}/mine"; - }; -} diff --git a/modules/home/base-config/git.nix b/modules/home/base-config/git.nix deleted file mode 100644 index f9de215d..00000000 --- a/modules/home/base-config/git.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - pkgs, - username, - ... -}: { - programs.git = { - enable = true; - package = pkgs.gitFull; - delta.enable = true; - includes = [ - # {path = ../../../users + "/${username}/.gitconfig";} - ]; - }; - - home.packages = with pkgs; [ - git-filter-repo - ]; -} diff --git a/modules/home/base-config/home.nix b/modules/home/base-config/home.nix deleted file mode 100644 index 59ee2843..00000000 --- a/modules/home/base-config/home.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - pkgs, - username, - ... -}: { - home = { - inherit username; - homeDirectory = - if pkgs.hostPlatform.isDarwin - then "/Users/${username}" - else "/home/${username}"; - stateVersion = "23.05"; - }; - - manual.manpages.enable = false; - programs.home-manager.enable = true; -} diff --git a/modules/home/base-config/pkg-sets/cli-utils.nix b/modules/home/base-config/pkg-sets/cli-utils.nix deleted file mode 100644 index 1a6c0c18..00000000 --- a/modules/home/base-config/pkg-sets/cli-utils.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ - pkgs, - config, - ... -}: { - home.packages = with pkgs; [ - bat - ripgrep - gitAndTools.diff-so-fancy - jq - yq - curl - tree - htop - rage - age-plugin-yubikey - just - gh - asciinema - ]; - - programs.exa = { - enable = true; - icons = true; - git = true; - extraOptions = ["--group-directories-first"]; - }; - - programs.zellij = { - enable = true; - package = pkgs.zellij; - }; - - programs.neovim = { - enable = true; - viAlias = true; - vimAlias = true; - defaultEditor = true; - extraLuaConfig = '' - vim.cmd [[source ${config.home.sessionVariables.CFG}/.config/nvim/general-settings.vim]] - vim.cmd [[source ${config.home.sessionVariables.CFG}/.config/nvim/dein-plugins.vim]] - vim.cmd [[source ${config.home.sessionVariables.CFG}/.config/nvim/plugin-cfg.vim]] - ''; - }; - - programs.mr = { - enable = true; - settings = { - ".local/share/dein/repos/github.com/Shougo/dein.vim" = { - checkout = "git clone https://github.com/Shougo/dein.vim"; - }; - - "~/code/repos/dotfiles" = { - checkout = "git clone https://github.com/metacraft-labs/nixos-machine-config"; - }; - }; - }; -} diff --git a/modules/home/base-config/pkg-sets/nix-related.nix b/modules/home/base-config/pkg-sets/nix-related.nix deleted file mode 100644 index adc8c88d..00000000 --- a/modules/home/base-config/pkg-sets/nix-related.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - lib, - pkgs, - inputs, - inputs', - unstablePkgs, - ... -}: -with pkgs; { - home.packages = - [ - cachix - unstablePkgs.nurl - unstablePkgs.nix-init - nix-tree - patchelf - alejandra - nix-output-monitor - ] - ++ lib.optionals (stdenv.isLinux) [ - inputs'.nixd.packages.default - ] - ++ lib.optionals (stdenv.isDarwin) [ - inputs.nixd.packages.x86_64-darwin.default - ]; -} diff --git a/modules/home/base-config/shells/bash.nix b/modules/home/base-config/shells/bash.nix deleted file mode 100644 index 84155621..00000000 --- a/modules/home/base-config/shells/bash.nix +++ /dev/null @@ -1,4 +0,0 @@ -{pkgs, ...}: { - programs.bash.enable = true; - home.packages = with pkgs; [bash]; -} diff --git a/modules/home/base-config/shells/direnv.nix b/modules/home/base-config/shells/direnv.nix deleted file mode 100644 index 636a9aac..00000000 --- a/modules/home/base-config/shells/direnv.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - programs.direnv.enable = true; -} diff --git a/modules/home/base-config/shells/fish.nix b/modules/home/base-config/shells/fish.nix deleted file mode 100644 index 35ff43fb..00000000 --- a/modules/home/base-config/shells/fish.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - # Symlink `functions` folder, but not the whole `fish` directory, as it - # contains files generated by both Nix and Fish: - xdg.configFile."fish/functions".source = - config.lib.file.mkOutOfStoreSymlink - "${config.home.sessionVariables.CFG}/.config/fish/functions"; - - programs.fish = { - enable = true; - plugins = [ - { - name = "foreign-env"; - src = pkgs.fishPlugins.foreign-env.src; - } - { - name = "fish-theme-bobthefish"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "theme-bobthefish"; - rev = "76cac812064fa749ffc258a20398c6f6250860c5"; - hash = "sha256-7nZ25R75WsSPqSmyeJbRQ49cITxL3D5CfyplsixFlY8="; - }; - } - ]; - - shellInit = lib.optionalString pkgs.stdenv.isDarwin '' - source /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.fish - ''; - - interactiveShellInit = '' - # bobthefish theme settings: - set -g theme_newline_cursor yes - set -g theme_date_format "+%H:%M:%S %F (%a)" - set -g theme_color_scheme dark - set -g theme_display_vi yes - set -g theme_display_nix yes - set -g theme_use_abbreviated_branch_name no - set -g theme_display_git_master_branch yes - set -g theme_prompt_prefix '╭─' - set -g theme_newline_prompt ' ╰─➤ ' - set -g theme_nerd_fonts yes - - set -g theme_display_node yes - ''; - - shellAbbrs = { - # Basic - l = "ls -lah"; - p = "pushd"; - po = "popd"; - - # Direnv - dea = "direnv allow ."; - ded = "direnv deny ."; - der = "direnv reload"; - - # Git - gs = "git status"; - - gsh = "git show"; - gshr = "git show --color-words=\"[^[:space:]]|([[:alnum:]]|UTF_8_GUARD)+\""; - - gd = "git diff"; - gdr = "git diff --color-words=\"[^[:space:]]|([[:alnum:]]|UTF_8_GUARD)+\""; - - gdc = "git diff --staged"; - gdcr = "git diff --staged --color-words=\"[^[:space:]]|([[:alnum:]]|UTF_8_GUARD)+\""; - - ga = "git add"; - gap = "git add -p"; - gau = "git add -u"; - gai = "git add --intent-to-add"; - - gcm = "git commit -m"; - gcma = "git commit --amend --no-edit"; - - gpu = "git pull"; - - gps = "git push -u (git-default-remote) HEAD"; - gpf = "git push --force"; - - gco = "git checkout"; - gcb = "git checkout -b"; - - gstaki = "git stash --keep-index --include-untracked"; - - gspo = "git stash pop"; - gspu = "git stash --include-untracked; and git status"; - - gbr = "git branch -a"; - - glg = "git log"; - gl = "git lg"; - - grb = "git rebase"; - grbc = "git rebase --continue"; - grbi = "git rebase -i"; - - gchp = "git cherry-pick"; - gchpc = "git cherry-pick --continue"; - - # Google Chrome aliases: - igchr = "google-chrome --incognito & disown"; - }; - }; -} diff --git a/modules/home/base-config/shells/nushell.nix b/modules/home/base-config/shells/nushell.nix deleted file mode 100644 index e95f206e..00000000 --- a/modules/home/base-config/shells/nushell.nix +++ /dev/null @@ -1,13 +0,0 @@ -{config, ...}: let - nuShellCfg = "${config.home.sessionVariables.CFG}/.config/nushell"; -in { - programs.nushell = { - enable = true; - envFile.text = '' - source "${nuShellCfg}/env.nu" - ''; - configFile.text = '' - source "${nuShellCfg}/config.nu" - ''; - }; -} diff --git a/modules/home/desktop-config/dconf.nix b/modules/home/desktop-config/dconf.nix deleted file mode 100644 index c2730e2b..00000000 --- a/modules/home/desktop-config/dconf.nix +++ /dev/null @@ -1,59 +0,0 @@ -# Generated via dconf2nix: https://github.com/gvolpe/dconf2nix -{lib, ...}: let - mkTuple = lib.hm.gvariant.mkTuple; -in { - dconf.settings = { - "com/gexperts/Tilix" = { - control-scroll-zoom = true; - terminal-title-style = "none"; - window-style = "normal"; - }; - - "com/gexperts/Tilix/profiles/2b7c4080-0ddd-46c5-8f23-563fd3ba789d" = { - default-size-columns = 150; - default-size-rows = 36; - font = "FiraCode Nerd Font Mono weight=450 12"; - scrollback-unlimited = true; - use-system-font = false; - visible-name = "Default"; - }; - - "org/gnome/desktop/wm/keybindings" = { - switch-applications = []; - switch-applications-backward = []; - switch-windows = ["Tab"]; - switch-windows-backward = ["Tab"]; - }; - - "org/gnome/desktop/wm/preferences" = { - button-layout = "appmenu:minimize,maximize,close"; - }; - - "org/gnome/settings-daemon/plugins/media-keys" = { - custom-keybindings = ["/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/"]; - }; - - "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0" = { - binding = "t"; - command = "tilix"; - name = "Open Terminal"; - }; - - "org/gnome/desktop/input-sources" = { - current = "uint32 0"; - per-window = false; - sources = [(mkTuple ["xkb" "us"]) (mkTuple ["xkb" "bg+phonetic"])]; - xkb-options = ["terminate:ctrl_alt_bksp"]; - }; - - "org/gnome/desktop/interface" = { - clock-show-weekday = true; - cursor-theme = "Yaru"; - font-antialiasing = "grayscale"; - font-hinting = "slight"; - gtk-im-module = "gtk-im-context-simple"; - gtk-theme = "Yaru-dark"; - icon-theme = "Yaru"; - }; - }; -} diff --git a/modules/home/desktop-config/default.nix b/modules/home/desktop-config/default.nix deleted file mode 100644 index 4794b3cf..00000000 --- a/modules/home/desktop-config/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - imports = [ - ./dconf.nix - - ./pkg-sets/gnome-themes.nix - ./pkg-sets/gui.nix - ./pkg-sets/system-utils.nix - ]; -} diff --git a/modules/home/desktop-config/pkg-sets/gnome-themes.nix b/modules/home/desktop-config/pkg-sets/gnome-themes.nix deleted file mode 100644 index 47297198..00000000 --- a/modules/home/desktop-config/pkg-sets/gnome-themes.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - gnome3.gnome-tweaks - yaru-theme - ]; -} diff --git a/modules/home/desktop-config/pkg-sets/gui.nix b/modules/home/desktop-config/pkg-sets/gui.nix deleted file mode 100644 index afb74b1b..00000000 --- a/modules/home/desktop-config/pkg-sets/gui.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - pkgs, - unstablePkgs, - ... -}: { - home.packages = with pkgs; [ - ## Browsers: - google-chrome - firefox # opera - - ## Audio & video players: - vlc - mpv - - ## Office: - libreoffice - - ## IM / Video: - discord - slack - tdesktop - # teams - zoom-us - - ## Text editors / IDEs - unstablePkgs.vscode - - ## API clients: - # insomnia - postman - - ## Remote desktop: - # remmina - # teamviewer - - ## Terminal emulators: - # alacritty - tilix - - ## X11, OpenGL, Vulkan: - xclip - gnomeExtensions.dash-to-dock - glxinfo - vulkan-tools - - ## System: - gparted - wireshark-qt - ]; -} diff --git a/modules/home/desktop-config/pkg-sets/system-utils.nix b/modules/home/desktop-config/pkg-sets/system-utils.nix deleted file mode 100644 index 514e9dc7..00000000 --- a/modules/home/desktop-config/pkg-sets/system-utils.nix +++ /dev/null @@ -1,19 +0,0 @@ -{pkgs, ...}: { - home.packages = with pkgs; [ - ## Disk partitioning: - # gptfdisk parted - - ## Monitoring: - btop - # iotop - # nethogs - - ## Inspecting devices: - usbutils - pciutils - - ## Archival and compression (unzip is installed via sys/*.nix): - p7zip - unrar - ]; -} diff --git a/modules/hw/default.nix b/modules/hw/default.nix deleted file mode 100644 index 77c3d06d..00000000 --- a/modules/hw/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - notebooks = { - asus = import ./notebooks/asus; - }; - zfs = import ./zfs.nix; -} diff --git a/modules/hw/notebooks/asus.nix b/modules/hw/notebooks/asus.nix deleted file mode 100644 index 67a8ddfb..00000000 --- a/modules/hw/notebooks/asus.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.asusd = { - enable = true; - enableUserService = true; - }; -} diff --git a/modules/hw/zfs.nix b/modules/hw/zfs.nix deleted file mode 100644 index 74e293ec..00000000 --- a/modules/hw/zfs.nix +++ /dev/null @@ -1,7 +0,0 @@ -{pkgs, ...}: { - services.zfs = { - trim.enable = true; - autoScrub.enable = true; - autoScrub.pools = ["zfs_root"]; - }; -} diff --git a/modules/tailscale-autoconnect/default.nix b/modules/tailscale-autoconnect/default.nix deleted file mode 100644 index 94c6d008..00000000 --- a/modules/tailscale-autoconnect/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{withSystem, ...}: { - flake.nixosModules.tailscale-autoconnect = { - lib, - pkgs, - config, - ... - }: let - cfg = config.services.mcl.tailscale-autoconnect; - in - with lib; { - options.services.mcl.tailscale-autoconnect = { - enable = mkEnableOption (mdDoc "Enable automatic connection to Tailscale"); - - auth-key = mkOption { - type = types.str; - description = mdDoc "Path to the auth-key file"; - }; - }; - - config = { - systemd.services.tailscale-autoconnect = lib.mkIf cfg.enable { - description = "Automatic connection to Tailscale"; - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; - serviceConfig.Type = "oneshot"; - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 - - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi - - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --ssh --authkey file:${cfg.auth-key} - ''; - }; - }; - }; -} diff --git a/services/ethereum/agenix.nix b/services/ethereum/agenix.nix deleted file mode 100644 index fef1e9ca..00000000 --- a/services/ethereum/agenix.nix +++ /dev/null @@ -1,8 +0,0 @@ -secretDir: { - "ethereum/erigon-goerli/jwtSecret" = { - file = "${secretDir}/jwtSecret.age"; - }; - "ethereum/nimbus-eth2/jwtSecret" = { - file = "${secretDir}/jwtSecret.age"; - }; -} diff --git a/services/ethereum/default.nix b/services/ethereum/default.nix deleted file mode 100644 index a8a15e1c..00000000 --- a/services/ethereum/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - pkgs, - config, - dirs, - ... -}: let - rpcPort = 8545; - network = "goerli"; - rpcProtocol = "http"; -in { - imports = [ - (import "${dirs.lib}/import-agenix.nix" "ethereum") - ]; - services.ethereum.erigon.${network} = { - enable = true; - openFirewall = true; - args = { - chain = "${network}"; - authrpc.jwtsecret = config.age.secrets."ethereum/erigon-goerli/jwtSecret".path; - ${rpcProtocol} = { - enable = true; - addr = "0.0.0.0"; - port = rpcPort; - api = ["eth" "erigon" "engine" "sealer" "net" "web3"]; - vhosts = ["localhost" "phoebe"]; - }; - }; - extraArgs = [ - "--bootnodes" - "enode://8ae4559db1b1e160be8cc46018d7db123ed6d03fbbfe481da5ec05f71f0aa4d5f4b02ad059127096aa994568706a0d02933984083b87c5e1e3de2b7692444d37@35.161.233.158:46855,enode://d0b3b290422f35ec3e68356f3a4cdf9c661f71a868110670e31441a5021d7abd0440ae8dfb9360aafdd0198f177863361e3a7a7eb5e1a3e26575bf1ac3ef4ab3@162.19.136.65:48264,enode://d64624bda3cdb65d542c90757a4a661cfe9dddf8328bdb1ea97a8d70fad287c360f0101c492d8fd6ab30d79160a3bf148cacfd68f5d2e47eab0b709516419304@51.195.63.10:30040,enode://c7df835939e027325c6bba926220fae5912a33c83d96b3eef8ef445c98083f3191788581c9a0e8f74cadb0b13229b847f5c1ebd315b22bcf11faf6468020eb48@54.163.51.157:30303,enode://da0609bad3afcab9b93175a41a2d621d07aa7ff6c134a00792d4541f0ce8d30d8f3c51bb37a47573508a0bf18865b04066af2a661edf1d3a3d8d133fc1031aa0@88.151.101.14:45192,enode://7a4534d392c59369eae6befa56ac670476d9edc16597cf53c92bbefa6e741b6b0b9e6822cab12afb09123e03ca1131026fbef145adec429fe2e50182dfb650a5@94.130.18.108:31312,enode://db6fa13b63a885440de581ee3fc8df9c6a590326b39fc5ccba7991707ee0cebac306211f7eca5270a350201a3132511f2338481edd81f3dc819c2a1c60419cf2@65.21.89.157:30303,enode://fcf03e9404cace34c60e4eed374ef9a779471014319b3346352fbc2f992a399af6517486e8e65a4ab55f4645fe55420bbea1cddc13a4af4df63b0f731915c6a6@13.125.238.49:46173,enode://8b973816278fdd56966709e4794c7ccce1f256eaa9165a6b013b991a9bdf3886a8f2d23af50ee723a5614a9fe9d197252b803b4455a87ab2468e128f7b06e0ca@172.104.107.145:30303,enode://5a1fb15f826a213d3ef4adb9be47ab58b2240ea05df0d760a244f04762b0847dcb08276b1284f726c22eea30fce0c601cf121b81bac0c151f1b3b4ad00d1482a@34.159.55.147:51262,enode://560928dd14819f88113586726e452b16bbc694ed4144ddadd6290053e7f3fc66bfad13add6889f7d8f37e0c21ccbb6948eb8899c8b30743f4b45a3081f1efed8@34.138.254.5:29888,enode://69a13b575b8c5278431409e9f7db36e7218667ae286bfb65a72dfec9201b2c5bbbe2797a1babbdf17a7bf7ca68fa3fbe1554612637eb1b2425fa975e1bccb54c@35.223.41.3:30303,enode://66158b31eecff939f220b291d2b448edbfe94f1d4c992d9395b5d476e55e54b5abd11d3ee44daf1e18ee27b910ef99cdf6f19775eb4820ebe4f77d7aa948e3b6@51.195.63.10:55198,enode://bf94acbd51170bf075cacb9f149b21ff46354d659ab434a0d40688f776e1e1556bc62be2dc2867ba513844268c0dc8240099a6b60efe1713fbc25da7fdeb6ff1@3.82.105.139:30303,enode://41329e5ceb51cdddbe6a475db00b682505768b71ff8ee37d2d3500ca1b78918f9fad57d6006dd9f79cd418437dbcf87ec2fd58d60710f925cb17da05a51197cf@65.21.34.60:30303" - ]; - }; - - services.ethereum.nimbus-eth2."${network}" = { - enable = true; - openFirewall = true; - args = { - inherit network; - metrics = { - enable = true; - }; - web3-urls = ["${rpcProtocol}://localhost:${toString rpcPort}/"]; - rest.enable = true; - jwt-secret = config.age.secrets."ethereum/nimbus-eth2/jwtSecret".path; - trusted-node-url = "http://unstable.prater.beacon-api.nimbus.team/"; - backfill = false; - }; - }; - - services.prometheus.scrapeConfigs = [ - { - job_name = "nimbus-eth2"; - static_configs = [ - { - targets = ["127.0.0.1:${toString config.services.ethereum.nimbus-eth2.goerli.args.metrics.port}"]; - } - ]; - } - ]; -} diff --git a/services/gitlab/agenix.nix b/services/gitlab/agenix.nix deleted file mode 100644 index c4992187..00000000 --- a/services/gitlab/agenix.nix +++ /dev/null @@ -1,37 +0,0 @@ -secretsDir: { - "gitlab/db" = { - file = "${secretsDir}/db.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/db_password" = { - file = "${secretsDir}/db_password.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/root_password" = { - file = "${secretsDir}/root_password.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/secret" = { - file = "${secretsDir}/secret.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/otp" = { - file = "${secretsDir}/otp.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/jws" = { - file = "${secretsDir}/jws.age"; - owner = "gitlab"; - group = "gitlab"; - }; - "gitlab/smtp_password" = { - file = "${secretsDir}/smtp_password.age"; - owner = "gitlab"; - group = "gitlab"; - }; -} diff --git a/services/gitlab/default.nix b/services/gitlab/default.nix deleted file mode 100644 index 0c0fddea..00000000 --- a/services/gitlab/default.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - pkgs, - config, - lib, - dirs, - ... -}: let -in { - imports = [ - ../nginx - (import "${dirs.lib}/import-agenix.nix" "gitlab") - ]; - services.gitlab = { - enable = true; - port = 443; - https = true; - host = "gitlab.metacraft-labs.com"; - user = "gitlab"; - group = "gitlab"; - databasePasswordFile = config.age.secrets."gitlab/db_password".path; - initialRootPasswordFile = config.age.secrets."gitlab/root_password".path; - secrets = { - secretFile = config.age.secrets."gitlab/secret".path; - otpFile = config.age.secrets."gitlab/otp".path; - dbFile = config.age.secrets."gitlab/db".path; - jwsFile = config.age.secrets."gitlab/jws".path; - }; - smtp = { - enable = true; - address = "smtp.mailgun.org"; - port = 587; - authentication = "plain"; - username = "postmaster@metacraft-labs.com"; - passwordFile = config.age.secrets."gitlab/smtp_password".path; - domain = "metacraft-labs.com"; - }; - }; - - services.nginx.virtualHosts."gitlab.metacraft-labs.com" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket"; - }; - - security.acme.certs."gitlab.metacraft-labs.com" = {}; - - networking.firewall.allowedTCPPorts = lib.mkBefore [80 443]; -} diff --git a/services/hello-agenix/agenix.nix b/services/hello-agenix/agenix.nix deleted file mode 100644 index da85b90a..00000000 --- a/services/hello-agenix/agenix.nix +++ /dev/null @@ -1,8 +0,0 @@ -secretDir: { - "hello-agenix/test-secret" = { - file = "${secretDir}/test-secret.age"; - owner = "johnny"; - group = "metacraft"; - mode = "440"; - }; -} diff --git a/services/hello-agenix/default.nix b/services/hello-agenix/default.nix deleted file mode 100644 index 07352b57..00000000 --- a/services/hello-agenix/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - config, - dirs, - ... -}: { - imports = [ - (import "${dirs.lib}/import-agenix.nix" "hello-agenix") - ]; - environment.etc."hello-agenix".source = - config.age.secrets."hello-agenix/test-secret".path; -} diff --git a/services/home-assistant/default.nix b/services/home-assistant/default.nix deleted file mode 100644 index 7826039b..00000000 --- a/services/home-assistant/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: { - services.home-assistant = { - enable = true; - extraComponents = [ - "esphome" - "met" - "radio_browser" - ]; - config = { - default_config = {}; - http = { - server_host = "localhost"; - trusted_proxies = ["localhost"]; - use_x_forwarded_for = true; - }; - }; - }; - - networking.firewall.interfaces.tailscale0.allowedTCPPorts = lib.mkIf (config.services.tailscale.enable == true) [8123]; -} diff --git a/services/keycloak/agenix.nix b/services/keycloak/agenix.nix deleted file mode 100644 index 6cac2af5..00000000 --- a/services/keycloak/agenix.nix +++ /dev/null @@ -1,7 +0,0 @@ -secretDir: { - "keycloak/password" = { - file = "${secretDir}/password.age"; - owner = "keycloak"; - group = "keycloak"; - }; -} diff --git a/services/keycloak/default.nix b/services/keycloak/default.nix deleted file mode 100644 index a64ae4ce..00000000 --- a/services/keycloak/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - config, - dirs, - ... -}: { - imports = [ - ../nginx - (import "${dirs.lib}/import-agenix.nix" "keycloak") - ]; - - services.nginx.virtualHosts = { - "keycloak.metacraft-labs.com" = { - forceSSL = true; - enableACME = true; - locations = { - "/" = { - proxyPass = "http://localhost:${toString config.services.keycloak.settings.http-port}/"; - }; - }; - }; - }; - - security.acme.certs."keycloak.metacraft-labs.com" = {}; - - services.postgresql.enable = true; - - services.keycloak = { - enable = true; - - database = { - type = "postgresql"; - createLocally = true; - - username = "keycloak"; - passwordFile = config.age.secrets."keycloak/password".path; - }; - - settings = { - hostname = "keycloak.com"; - http-relative-path = "/"; - http-port = 38080; - proxy = "passthrough"; - http-enabled = true; - }; - }; -} diff --git a/services/monitoring/grafana.nix b/services/monitoring/grafana.nix deleted file mode 100644 index 587fe547..00000000 --- a/services/monitoring/grafana.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - config, - lib, - ... -}: let - http_addr = "localhost"; - http_port = 3000; - domain = "grafana.metacraft-labs.com"; -in { - imports = [ - ../nginx - ]; - services.grafana = { - enable = true; - settings = { - security.admin_user = "zahary"; - server = { - inherit http_addr http_port domain; - }; - }; - provision = { - enable = true; - datasources.settings = { - datasources = [ - { - name = "Prometheus"; - type = "prometheus"; - access = "proxy"; - url = "http://${http_addr}:${toString config.services.prometheus.port}"; - } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "http://${http_addr}:${toString config.services.loki.configuration.server.http_listen_port}"; - } - ]; - }; - }; - }; - - services.nginx.virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${toString http_addr}:${toString http_port}/"; - proxyWebsockets = true; - }; - }; - security.acme.certs."${domain}" = {}; - - networking.firewall.allowedTCPPorts = lib.mkBefore [3000]; -} diff --git a/services/monitoring/loki.nix b/services/monitoring/loki.nix deleted file mode 100644 index 48656ee1..00000000 --- a/services/monitoring/loki.nix +++ /dev/null @@ -1,81 +0,0 @@ -{lib, ...}: { - services.loki = { - enable = true; - configuration = { - server.http_listen_port = 3100; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - max_transfer_retries = 0; - }; - - schema_config = { - configs = [ - { - from = "2022-06-06"; - # The BoltDB back-end is the standard one for on-premise storage - # See https://grafana.com/docs/loki/latest/operations/storage/table-manager/ - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - } - ]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - chunk_store_config = { - max_look_back_period = "0s"; - }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - # user, group, dataDir, extraFlags, (configFile) - }; -} diff --git a/services/monitoring/node-exporter.nix b/services/monitoring/node-exporter.nix deleted file mode 100644 index 78fd1d68..00000000 --- a/services/monitoring/node-exporter.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - services.prometheus.exporters = { - node = { - enable = true; - enabledCollectors = ["systemd"]; - port = 9111; - }; - }; -} diff --git a/services/monitoring/prometheus.nix b/services/monitoring/prometheus.nix deleted file mode 100644 index c14efcb2..00000000 --- a/services/monitoring/prometheus.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - ... -}: { - imports = [ - ./node-exporter.nix - ]; - services.prometheus = { - enable = true; - port = 9090; - scrapeConfigs = [ - { - job_name = "exporter"; - static_configs = [ - { - targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; - } - ]; - } - ]; - }; -} diff --git a/services/monitoring/promtail.nix b/services/monitoring/promtail.nix deleted file mode 100644 index 9a988d0b..00000000 --- a/services/monitoring/promtail.nix +++ /dev/null @@ -1,37 +0,0 @@ -{config, ...}: { - services.promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 3031; - grpc_listen_port = 0; - }; - positions = { - filename = "/tmp/positions.yaml"; - }; - clients = [ - { - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; - } - ]; - scrape_configs = [ - { - job_name = "journal"; - journal = { - max_age = "168h"; - labels = { - job = "systemd-journal"; - }; - }; - relabel_configs = [ - { - source_labels = ["__journal__systemd_unit"]; - target_label = "unit"; - } - ]; - } - ]; - }; - # extraFlags - }; -} diff --git a/services/monitoring/uptime-kuma.nix b/services/monitoring/uptime-kuma.nix deleted file mode 100644 index 67cadd9c..00000000 --- a/services/monitoring/uptime-kuma.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - services.uptime-kuma = { - enable = true; - settings = { - PORT = "4000"; - }; - }; -} diff --git a/services/nginx/default.nix b/services/nginx/default.nix deleted file mode 100644 index 16f457a9..00000000 --- a/services/nginx/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "admin@metacraft-labs.com"; - }; -} diff --git a/services/tailscale-autoconnect/agenix.nix b/services/tailscale-autoconnect/agenix.nix deleted file mode 100644 index 285c4464..00000000 --- a/services/tailscale-autoconnect/agenix.nix +++ /dev/null @@ -1,6 +0,0 @@ -secretDir: { - "tailscale-autoconnect/auth-key" = { - file = "${secretDir}/auth-key.age"; - mode = "700"; - }; -} diff --git a/services/tailscale-autoconnect/default.nix b/services/tailscale-autoconnect/default.nix deleted file mode 100644 index 69697dd3..00000000 --- a/services/tailscale-autoconnect/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - config, - dirs, - ... -}: { - imports = [ - "${dirs.modules}/tailscale-autoconnect" - (import "${dirs.lib}/import-agenix.nix" "tailscale-autoconnect") - ]; - - services.mcl.tailscale-autoconnect = { - enable = true; - auth-key = config.age.secrets."tailscale-autoconnect/auth-key".path; - }; -} diff --git a/services/yubikey-agent/default.nix b/services/yubikey-agent/default.nix deleted file mode 100644 index c9d7a39c..00000000 --- a/services/yubikey-agent/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - config, - pkgs, - ... -}: { - services.yubikey-agent.enable = true; - environment.systemPackages = with pkgs; [yubikey-manager]; -}