diff --git a/flake.nix b/flake.nix index f845e18..c2235ef 100644 --- a/flake.nix +++ b/flake.nix @@ -60,15 +60,6 @@ ]; }; - sombrero = inputs.nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - specialArgs = { inherit inputs; }; - modules = [ - ./hosts/sombrero/configuration.nix - ./hosts/sombrero/home.nix - ]; - }; - tadpole = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; diff --git a/hosts/pinwheel/modules/ssh/default.nix b/hosts/pinwheel/modules/ssh/default.nix index 057b5d5..a515a46 100644 --- a/hosts/pinwheel/modules/ssh/default.nix +++ b/hosts/pinwheel/modules/ssh/default.nix @@ -12,20 +12,6 @@ port = 1122; }; - "sombrero.local" = { - hostname = "192.168.50.200"; - user = "alex"; - identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero"; - port = 1122; - }; - - "sombrero" = { - hostname = "sombrero.a2x.se"; - user = "alex"; - identityFile = "/home/alex/.ssh/alex.pinwheel-sombrero"; - port = 1122; - }; - "andromeda" = { hostname = "andromeda.a2x.se"; user = "alex"; @@ -72,18 +58,6 @@ owner = "alex"; group = "users"; }; - "alex.pinwheel-sombrero" = { - file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.age; - path = "/home/alex/.ssh/alex.pinwheel-sombrero"; - owner = "alex"; - group = "users"; - }; - "alex.pinwheel-sombrero.pub" = { - file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age; - path = "/home/alex/.ssh/alex.pinwheel-sombrero.pub"; - owner = "alex"; - group = "users"; - }; "alex.pinwheel-github.com" = { file = ../../../../secrets/pinwheel/alex.pinwheel-github.com.age; diff --git a/hosts/pinwheel/modules/syncthing/default.nix b/hosts/pinwheel/modules/syncthing/default.nix index 020e21c..9473512 100644 --- a/hosts/pinwheel/modules/syncthing/default.nix +++ b/hosts/pinwheel/modules/syncthing/default.nix @@ -16,13 +16,12 @@ devices = { phone.id = config.lib.syncthing.phone; backwards.id = config.lib.syncthing.backwards; - sombrero.id = config.lib.syncthing.sombrero; }; folders = { org = { path = "/home/alex/sync/org"; - devices = [ "sombrero" "phone" "backwards" ]; + devices = [ "phone" "backwards" ]; versioning = { type = "staggered"; params = { @@ -33,7 +32,7 @@ personal = { path = "/home/alex/sync/personal"; - devices = [ "sombrero" "backwards" ]; + devices = [ "backwards" ]; versioning = { type = "staggered"; params = { @@ -44,7 +43,7 @@ work = { path = "/home/alex/sync/work"; - devices = [ "sombrero" "backwards" ]; + devices = [ "backwards" ]; versioning = { type = "staggered"; params = { @@ -55,7 +54,7 @@ books = { path = "/home/alex/sync/books"; - devices = [ "sombrero" "backwards" ]; + devices = [ "backwards" ]; versioning = { type = "staggered"; params = { diff --git a/hosts/sombrero/configuration.nix b/hosts/sombrero/configuration.nix deleted file mode 100644 index c8fab2d..0000000 --- a/hosts/sombrero/configuration.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ pkgs, ... }: -{ - imports = - [ - ../../config-manager/default.nix - ../../shared-modules/syncthing.nix - ./hardware-configuration.nix - ./modules - ]; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - - nixpkgs.config.allowUnfree = true; - - environment.variables.EDITOR = "vim"; - - hardware.enableRedistributableFirmware = true; - - # Set your time zone. - time.timeZone = "Europe/Stockholm"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkbOptions in tty. - # }; - - users = { - mutableUsers = false; - - users.root = { - hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/"; - }; - - users."alex" = { - isNormalUser = true; - hashedPassword = "$6$3mkwaUWd8NA6XuEb$x80tETKGz6FEG.kej3v5Vh6hRNoC6bikhXogTP.zZwYtISA46JaN3RMK3ckbqt8Aj52d3krSLOfBaAR1qzuJ2/"; - extraGroups = [ "wheel" ]; - }; - }; - - environment.systemPackages = with pkgs; [ - gnumake - mkpasswd - vim - ]; - - config-manager = { - flakePath = "/home/alex/config"; - }; - - mod = { - git.enable = true; - ssh.enable = true; - docker.enable = true; - nginx.enable = true; - syncthing.enable = true; - plex.enable = true; - calibre-web.enable = true; - transmission.enable = true; - restic.enable = true; - pppdotpm-site.enable = false; - }; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/hosts/sombrero/hardware-configuration.nix b/hosts/sombrero/hardware-configuration.nix deleted file mode 100644 index 3439430..0000000 --- a/hosts/sombrero/hardware-configuration.nix +++ /dev/null @@ -1,52 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ lib, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/15329cb1-655e-475d-96f0-bfb8ccd05167"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/AD29-0697"; - fsType = "vfat"; - }; - - fileSystems."/home/alex/media" = - { device = "/dev/disk/by-uuid/ad4acc0f-172c-40f8-8473-777c957e8764"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - - fileSystems."/home/alex/backup" = - { device = "/dev/disk/by-uuid/34601701-65e6-4b2c-ac4d-8bef3dfd743f"; - fsType = "ext4"; - options = [ "nofail" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/98c46b15-7efe-43fd-8812-7e2c01f5a40a"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eth0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlan0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; -} diff --git a/hosts/sombrero/home.nix b/hosts/sombrero/home.nix deleted file mode 100644 index 94a9b6d..0000000 --- a/hosts/sombrero/home.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ inputs, pkgs, ... }: -{ - imports = [ inputs.home-manager.nixosModules.home-manager ]; - - config = { - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - - users.alex = { - programs.home-manager.enable = true; - - home.username = "alex"; - home.homeDirectory = "/home/alex"; - - home.packages = [ - pkgs.unar - ]; - - home.stateVersion = "22.11"; - }; - }; - }; - -} diff --git a/hosts/sombrero/modules/age/default.nix b/hosts/sombrero/modules/age/default.nix deleted file mode 100644 index 4576422..0000000 --- a/hosts/sombrero/modules/age/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ inputs, pkgs, ... }: -{ - imports = [ inputs.agenix.nixosModules.default ]; - - config = { - age = { - identityPaths = [ "/etc/ssh/sombrero" ]; - }; - - environment.systemPackages = [ - inputs.agenix.packages."${pkgs.system}".default - ]; - }; -} diff --git a/hosts/sombrero/modules/boot/default.nix b/hosts/sombrero/modules/boot/default.nix deleted file mode 100644 index 0122e75..0000000 --- a/hosts/sombrero/modules/boot/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, ... }: { - boot = { - loader = { - grub.enable = false; - efi.canTouchEfiVariables = true; - - raspberryPi = { - enable = true; - version = 4; - }; - }; - - tmp = { - useTmpfs = true; - }; - - kernelPackages = pkgs.linuxPackages_rpi4; - kernelParams = [ - "8250.nr_uarts=1" - "console=ttyAMA0,115200" - "console=tty1" - "cma=128M" - ]; - }; -} diff --git a/hosts/sombrero/modules/calibre-web/default.nix b/hosts/sombrero/modules/calibre-web/default.nix deleted file mode 100644 index 32ac39a..0000000 --- a/hosts/sombrero/modules/calibre-web/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ lib, config, ... }: -let - enabled = config.mod.calibre-web.enable; - nginxEnabled = config.mod.nginx.enable; -in -{ - options = { - mod.calibre-web = { - enable = lib.mkEnableOption "add calibre-web module"; - }; - }; - - config = lib.mkIf (enabled && nginxEnabled) { - services = { - calibre-web = { - enable = true; - - user = "alex"; - group = "users"; - - listen = { - ip = "127.0.0.1"; - port = 8083; - }; - - options = { - calibreLibrary = "/home/alex/backup/books"; - enableBookUploading = true; - }; - }; - }; - - networking = { - firewall = { - allowedTCPPorts = [ 8083 ]; - }; - }; - - services = { - nginx = { - virtualHosts."books.sombrero.a2x.se" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://127.0.0.1:8083"; - }; - }; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/default.nix b/hosts/sombrero/modules/default.nix deleted file mode 100644 index 4f74ef5..0000000 --- a/hosts/sombrero/modules/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ lib, ... }: -let - toModulePath = dir: _: ./. + "/${dir}"; - filterDirs = dirs: lib.attrsets.filterAttrs (_: type: type == "directory") dirs; -in -{ - imports = lib.mapAttrsToList toModulePath (filterDirs (builtins.readDir ./.)); -} diff --git a/hosts/sombrero/modules/docker/default.nix b/hosts/sombrero/modules/docker/default.nix deleted file mode 100644 index 177add8..0000000 --- a/hosts/sombrero/modules/docker/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.docker.enable; -in -{ - options = { - mod.docker = { - enable = lib.mkEnableOption "enable docker module"; - }; - }; - - config = lib.mkIf enabled { - virtualisation = { - docker = { - enable = true; - }; - - oci-containers = { - backend = "docker"; - }; - }; - - users.users.alex.extraGroups = [ "docker" ]; - - home-manager.users.alex = { - home.packages = [ pkgs.docker-compose ]; - }; - }; -} diff --git a/hosts/sombrero/modules/git/default.nix b/hosts/sombrero/modules/git/default.nix deleted file mode 100644 index b50b146..0000000 --- a/hosts/sombrero/modules/git/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.git.enable; -in -{ - options = { - mod.git = { - enable = lib.mkEnableOption "enable git module"; - }; - }; - - config = lib.mkIf enabled { - home-manager.users.alex = { - programs.git = { - enable = true; - - includes = [ - { path = ./gitconfig; } - ]; - }; - - home.packages = [ pkgs.tig ]; - - home.file.".tigrc".text = '' - set main-view-line-number = yes - set main-view-line-number-interval = 1 - ''; - }; - }; -} diff --git a/hosts/sombrero/modules/git/gitconfig b/hosts/sombrero/modules/git/gitconfig deleted file mode 100644 index 9e0f5d1..0000000 --- a/hosts/sombrero/modules/git/gitconfig +++ /dev/null @@ -1,10 +0,0 @@ -[user] - name = Alexander Heldt - email = me@alexanderheldt.se - -[url "git@github.com:"] - insteadOf = https://github.com/ - -[url "git@codeberg.org:"] - insteadOf = https://codeberg.org/ - diff --git a/hosts/sombrero/modules/mullvad/default.nix b/hosts/sombrero/modules/mullvad/default.nix deleted file mode 100644 index 3f630df..0000000 --- a/hosts/sombrero/modules/mullvad/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - services.mullvad-vpn = { - enable = true; - }; -} diff --git a/hosts/sombrero/modules/network/default.nix b/hosts/sombrero/modules/network/default.nix deleted file mode 100644 index 95af1e9..0000000 --- a/hosts/sombrero/modules/network/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - networking = { - hostName = "sombrero"; - - defaultGateway = "192.168.50.1"; - nameservers = [ "8.8.8.8" ]; - interfaces = { - eth0 = { - ipv4 = { - addresses = [{ - address = "192.168.50.200"; - prefixLength = 24; - }]; - }; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/nginx/default.nix b/hosts/sombrero/modules/nginx/default.nix deleted file mode 100644 index ed90b6f..0000000 --- a/hosts/sombrero/modules/nginx/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, config, ... }: -let - enabled = config.mod.nginx.enable; -in -{ - options = { - mod.nginx = { - enable = lib.mkEnableOption "add nginx module"; - }; - }; - - config = lib.mkIf enabled { - security = { - acme = { - acceptTerms = true; - - defaults = { - email = "p@ppp.pm"; - }; - }; - }; - - services = { - nginx = { - enable = true; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - }; - }; - - networking = { - firewall = { - allowedTCPPorts = [ 80 443 ]; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/plex/default.nix b/hosts/sombrero/modules/plex/default.nix deleted file mode 100644 index 01c9aba..0000000 --- a/hosts/sombrero/modules/plex/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ lib, config, ... }: -let - enable = config.mod.plex.enable; - dockerEnabled = config.mod.docker.enable; -in -{ - options = { - mod.plex = { - enable = lib.mkEnableOption "enable plex module"; - }; - }; - - config = lib.mkIf (enable && dockerEnabled) { - virtualisation = { - oci-containers.containers = { - plex = { - image = "linuxserver/plex"; - autoStart = true; - - environment = { - TZ = "Europe/Stockholm"; - VERSION = "latest"; - }; - - extraOptions = [ "--network=host" ]; - - volumes = [ - "/home/alex/media/plex/db:/config" - "/home/alex/media/movies:/movies" - "/home/alex/media/tv:/tv" - ]; - }; - }; - }; - - networking = { - firewall = { - allowedTCPPorts = [ 32400 ]; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/ppp.pm-site/default.nix b/hosts/sombrero/modules/ppp.pm-site/default.nix deleted file mode 100644 index 06d889d..0000000 --- a/hosts/sombrero/modules/ppp.pm-site/default.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ inputs, lib, config, ... }: -let - enabled = config.mod.pppdotpm-site.enable; - - nginxEnabled = config.mod.nginx.enable; -in -{ - imports = [ inputs.pppdotpm-site.nixosModules.default ]; - - options = { - mod.pppdotpm-site = { - enable = lib.mkEnableOption "enable ppp.pm site"; - }; - }; - - config = lib.mkIf (enabled && nginxEnabled) { - security.acme = { - certs = { - "ppp.pm" = { - webroot = "/var/lib/acme/acme-challenge/"; - email = "p@ppp.pm"; - group = "nginx"; - }; - }; - }; - - services.pppdotpm-site = { - enable = true; - domain = "ppp.pm"; - useACMEHost = "ppp.pm"; - }; - }; -} diff --git a/hosts/sombrero/modules/restic/default.nix b/hosts/sombrero/modules/restic/default.nix deleted file mode 100644 index 752992d..0000000 --- a/hosts/sombrero/modules/restic/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.restic.enable; -in -{ - options = { - mod.restic = { - enable = lib.mkEnableOption "enable restic module"; - }; - }; - - config = lib.mkIf enabled { - services = { - restic.backups = { - "sync" = { - initialize = true; - - user = "alex"; - - passwordFile = "/home/alex/backup/restic/password.file"; - environmentFile = "/home/alex/backup/restic/aws.env"; - repository = "s3:https://s3.eu-north-1.amazonaws.com/restic-sync-backup"; - - paths = ["/home/alex/backup/sync"]; - - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - - pruneOpts = [ - "--keep-daily 2" - "--keep-weekly 7" - "--keep-yearly 12" - ]; - }; - }; - }; - - environment.systemPackages = [ pkgs.restic ]; - }; -} - diff --git a/hosts/sombrero/modules/ssh/default.nix b/hosts/sombrero/modules/ssh/default.nix deleted file mode 100644 index 5e348e2..0000000 --- a/hosts/sombrero/modules/ssh/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.ssh.enable; - - authorizedKeysPath = "/home/alex/.ssh/authorized-keys"; -in -{ - options = { - mod.ssh = { - enable = lib.mkEnableOption "enable ssh module"; - }; - }; - - config = lib.mkIf enabled { - home-manager.users.alex = { - programs.ssh = { - enable = true; - - matchBlocks = { - "codeberg.org" = { - hostname = "codeberg.org"; - identityFile = "/home/alex/.ssh/alex.sombrero-codeberg.org"; - }; - - "github.com" = { - hostname = "github.com"; - identityFile = "/home/alex/.ssh/alex.sombrero-github.com"; - }; - }; - }; - }; - - environment.etc."ssh/authorized_keys_command" = { - mode = "0755"; - text = '' - #!${pkgs.bash}/bin/bash - for file in ${authorizedKeysPath}/*; do - ${pkgs.coreutils}/bin/cat "$file" - done - ''; - }; - - services = { - openssh = { - enable = true; - ports = [ 1122 ]; - - hostKeys = [{ - path = "/etc/ssh/sombrero"; - type = "ed25519"; - }]; - - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - - authorizedKeysCommand = "/etc/ssh/authorized_keys_command"; - authorizedKeysCommandUser = "root"; - }; - }; - - networking = { - firewall = { - allowedTCPPorts = [ 1122 ]; - }; - }; - - age.secrets = { - "alex.pinwheel-sombrero.pub" = { - file = ../../../../secrets/pinwheel/alex.pinwheel-sombrero.pub.age; - path = "${authorizedKeysPath}/alex.pinwheel-sombrero.pub"; - }; - - "alex.sombrero-codeberg.org" = { - file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.age; - path = "/home/alex/.ssh/alex.sombrero-codeberg.org"; - owner = "alex"; - group = "users"; - }; - "alex.sombrero-codeberg.org.pub" = { - file = ../../../../secrets/sombrero/alex.sombrero-codeberg.org.pub.age; - path = "/home/alex/.ssh/alex.sombrero-codeberg.org.pub"; - owner = "alex"; - group = "users"; - }; - - "alex.sombrero-github.com" = { - file = ../../../../secrets/sombrero/alex.sombrero-github.com.age; - path = "/home/alex/.ssh/alex.sombrero-github.com"; - owner = "alex"; - group = "users"; - }; - "alex.sombrero-github.com.pub" = { - file = ../../../../secrets/sombrero/alex.sombrero-github.com.pub.age; - path = "/home/alex/.ssh/alex.sombrero-github.com.pub"; - owner = "alex"; - group = "users"; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/syncthing/default.nix b/hosts/sombrero/modules/syncthing/default.nix deleted file mode 100644 index c095864..0000000 --- a/hosts/sombrero/modules/syncthing/default.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.syncthing.enable; - nginxEnabled = config.mod.nginx.enable; -in -{ - options = { - mod.syncthing = { - enable = lib.mkEnableOption "add syncthing module"; - }; - }; - - config = lib.mkIf (enabled && nginxEnabled) { - networking = { - firewall = { - allowedTCPPorts = [ 8384 ]; - }; - }; - - services = { - syncthing = { - enable = true; - openDefaultPorts = true; - - user = "alex"; - group = "users"; - - dataDir = "/home/alex/backup/sync"; - - cert = config.age.secrets.syncthing-cert.path; - key = config.age.secrets.syncthing-key.path; - - guiAddress = "0.0.0.0:8384"; - - settings = { - gui = { - user = "syncthing"; - password = "$2a$12$J/h/JOUiW24ZXsLYLEl2kOZUS1LftxANi0OlZxLy8Dst3/jpBd0v2"; - insecureSkipHostcheck = false; - }; - - devices = { - phone.id = config.lib.syncthing.phone; - pinwheel.id = config.lib.syncthing.pinwheel; - }; - - folders = { - "org" = { - path = "/home/alex/backup/sync/org"; - devices = [ "phone" "pinwheel" ]; - versioning = { - type = "staggered"; - params = { - maxAge = "2592000"; # 30 days - }; - }; - }; - - "phone-gps" = { - path = "/home/alex/backup/sync/gps"; - devices = [ "phone" ]; - versioning = { - type = "staggered"; - params = { - maxAge = "2592000"; # 30 days - }; - }; - }; - - "personal" = { - path = "/home/alex/backup/sync/personal"; - devices = [ "pinwheel" ]; - versioning = { - type = "staggered"; - params = { - maxAge = "2592000"; # 30 days - }; - }; - }; - - "work" = { - path = "/home/alex/backup/sync/work"; - devices = [ "pinwheel" ]; - versioning = { - type = "staggered"; - params = { - maxAge = "2592000"; # 30 days - }; - }; - }; - - "books" = { - path = "/home/alex/backup/books"; - devices = [ "pinwheel" ]; - versioning = { - type = "staggered"; - params = { - maxAge = "2592000"; # 30 days - }; - }; - }; - - "audiobooks" = { - path = "/home/alex/media/sync/audiobooks"; - devices = [ "phone" ]; - }; - }; - }; - }; - - nginx = { - virtualHosts."syncthing.sombrero.a2x.se" = { - forceSSL = true; - enableACME = true; - - locations."/" = { - proxyPass = "http://0.0.0.0:8384"; - }; - }; - }; - }; - - age = { - secrets = { - "syncthing-cert".file = ../../../../secrets/sombrero/syncthing-cert.age; - "syncthing-key".file = ../../../../secrets/sombrero/syncthing-key.age; - }; - }; - }; -} diff --git a/hosts/sombrero/modules/tailscale/default.nix b/hosts/sombrero/modules/tailscale/default.nix deleted file mode 100644 index cc37916..0000000 --- a/hosts/sombrero/modules/tailscale/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - services.tailscale.enable = true; - - networking.firewall = { - checkReversePath = "loose"; - allowedUDPPorts = [ 41641 ]; - }; -} diff --git a/hosts/sombrero/modules/transmission/default.nix b/hosts/sombrero/modules/transmission/default.nix deleted file mode 100644 index 40990b6..0000000 --- a/hosts/sombrero/modules/transmission/default.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ pkgs, lib, config, ... }: -let - enabled = config.mod.transmission.enable; -in -{ - options = { - mod.transmission = { - enable = lib.mkEnableOption "enable transmission module"; - }; - }; - - config = lib.mkIf enabled { - services = { - transmission = { - enable = true; - package = pkgs.transmission_4; - openFirewall = true; - openRPCPort = true; - settings.rpc-port = 9191; - settings.rpc-bind-address = "0.0.0.0"; - - user = "alex"; - group = "users"; - - home = "/home/alex/media/ts-home"; - downloadDirPermissions = "775"; - - settings = { - incomplete-dir-enabled = false; - download-dir = "/home/alex/media"; - - rpc-authentication-required = true; - rpc-whitelist-enabled = false; - rpc-username = "transmission"; - rpc-password = "{55d884e4042db67313da49e05d7089a368eb64b3Br.3X.Xi"; - }; - }; - }; - }; -} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 036658c..443d17d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -2,7 +2,6 @@ let # see `modules/age/default.nix` where these are defined pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel"; backwards = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBcTK3CUtTsgavuLlbfOqCbHYLtUrIKqnSqYmtzGCZnv root.backwards"; - sombrero = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO/NltCo1L+X1OIBfIKzfrbxLpCOerQ4vTIs+QPTXkf/ root@sombrero"; tadpole = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDbyj/vYafqpJH33jFz5HV+gwCiEIJTpxKrEFrBWx73A root@tadpole"; alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTgiHYcdhS87pPnduLunZVEgLVj4EtbG9XVSZP1l5s5 alex"; in { @@ -12,8 +11,6 @@ in { "pinwheel/mullvad-account-history.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-backwards.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-backwards.pub.age".publicKeys = [ pinwheel backwards alex ]; - "pinwheel/alex.pinwheel-sombrero.age".publicKeys = [ pinwheel alex ]; - "pinwheel/alex.pinwheel-sombrero.pub.age".publicKeys = [ pinwheel sombrero alex ]; "pinwheel/alex.pinwheel-tadpole.age".publicKeys = [ pinwheel alex ]; "pinwheel/alex.pinwheel-tadpole.pub.age".publicKeys = [ pinwheel tadpole alex ]; "pinwheel/alex.pinwheel-github.com.age".publicKeys = [ pinwheel alex ]; @@ -42,13 +39,6 @@ in { "backwards/alex.backwards-codeberg.org.pub.age".publicKeys = [ backwards alex ]; "backwards/wpa_supplicant.conf.age".publicKeys = [ backwards alex ]; - "sombrero/syncthing-cert.age".publicKeys = [ sombrero alex ]; - "sombrero/syncthing-key.age".publicKeys = [ sombrero alex ]; - "sombrero/alex.sombrero-github.com.age".publicKeys = [ sombrero alex ]; - "sombrero/alex.sombrero-github.com.pub.age".publicKeys = [ sombrero alex ]; - "sombrero/alex.sombrero-codeberg.org.age".publicKeys = [ sombrero alex ]; - "sombrero/alex.sombrero-codeberg.org.pub.age".publicKeys = [ sombrero alex ]; - "tadpole/root.tadpole.age".publicKeys = [ tadpole alex ]; "tadpole/root.tadpole.pub.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-codeberg.org.age".publicKeys = [ tadpole alex ]; diff --git a/secrets/sombrero/alex.sombrero-codeberg.org.age b/secrets/sombrero/alex.sombrero-codeberg.org.age deleted file mode 100644 index c48a4e9..0000000 Binary files a/secrets/sombrero/alex.sombrero-codeberg.org.age and /dev/null differ diff --git a/secrets/sombrero/alex.sombrero-codeberg.org.pub.age b/secrets/sombrero/alex.sombrero-codeberg.org.pub.age deleted file mode 100644 index ef4d102..0000000 --- a/secrets/sombrero/alex.sombrero-codeberg.org.pub.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 MxZlmA NNDIdpcC5ad2zy6SNwiLbowPBahLGKnv/W6LI4rp0Bk -78Alin5dlkRgliZkL7iLSY6MRtdZPjgtz+Z70CA+aQ8 --> ssh-ed25519 +oNaHQ i5i36kNiCMMsePFyaLHOvzMPee5RuE+yHtlh7bHq0no -B4fpYax3fzgOUGYwL4E0V9cqyvDbF5iYo/haUyR34gw ---- jBxmbEHiLGLglJDbeYDbfDrgc2DPsVIoISNj7stw8pc -MJ|.Tj w9vkuY0B櫼D-O-]Dy]aj((Gy Š W8-i/=i}D=ȟ,Uzݲ'PYo7se i; \ No newline at end of file diff --git a/secrets/sombrero/alex.sombrero-github.com.age b/secrets/sombrero/alex.sombrero-github.com.age deleted file mode 100644 index 011dd74..0000000 Binary files a/secrets/sombrero/alex.sombrero-github.com.age and /dev/null differ diff --git a/secrets/sombrero/alex.sombrero-github.com.pub.age b/secrets/sombrero/alex.sombrero-github.com.pub.age deleted file mode 100644 index 77b967c..0000000 Binary files a/secrets/sombrero/alex.sombrero-github.com.pub.age and /dev/null differ diff --git a/secrets/sombrero/syncthing-cert.age b/secrets/sombrero/syncthing-cert.age deleted file mode 100644 index 3b7ec64..0000000 Binary files a/secrets/sombrero/syncthing-cert.age and /dev/null differ diff --git a/secrets/sombrero/syncthing-key.age b/secrets/sombrero/syncthing-key.age deleted file mode 100644 index 879ae40..0000000 Binary files a/secrets/sombrero/syncthing-key.age and /dev/null differ diff --git a/shared-modules/syncthing.nix b/shared-modules/syncthing.nix index d3ca1b7..ecfe21b 100644 --- a/shared-modules/syncthing.nix +++ b/shared-modules/syncthing.nix @@ -2,7 +2,6 @@ lib = { syncthing = { phone = "HCL2CKI-SA3NWOT-PMJZNFP-I7QETYE-JOKZHXN-TSI74FV-ZA6RDO2-QQMXPAP"; - sombrero = "DIKHOMV-QGZV3DR-FXQZH45-I5J5R4R-JJZS5BA-XNNW5C7-QSSU3XV-KVC4MAQ"; pinwheel = "AKS5L2A-NFCG5GV-3U5SSSZ-PLOX6BQ-ZL5ALXI-D7OK4KE-R2JPWRJ-B6AQJQ7"; backwards = "XRSQ4NZ-LHCZS6H-R3A75S5-W4FH7F4-3DGA5X2-SOPYWOP-A2WRKGC-IPXH4AM"; };