home

My NixOS systems configurations.
Log | Files | Refs | LICENSE
commit 22c91ef6af8faca668d8d4f34f83ef9406ee03b6
parent 2769f2611be0364a1bcfe4e0abd19275bff24067
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Thu, 28 Jul 2022 17:12:56 +0200

flake.nix: remove wakasu host

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:

Mflake.nix | 8--------


Dsystems/hosts/wakasu.nix | 132-------------------------------------------------------------------------------


2 files changed, 0 insertions(+), 140 deletions(-)

diff --git a/flake.nix b/flake.nix
@@ -186,14 +186,6 @@
             ./systems/hosts/shikoku.nix
           ];
         };
-        wakasu = {
-          channelName = "nixos-22_05";
-          modules = stableModules_22_05 ++ [
-            nixos-hardware.nixosModules.lenovo-thinkpad
-            nixos-hardware.nixosModules.common-pc-laptop-ssd
-            ./systems/hosts/wakasu.nix
-          ];
-        };
         sakhalin = {
           channelName = "nixos-22_05";
           modules = stableModules_22_05 ++ [
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -1,132 +0,0 @@
-{ lib, pkgs, ... }:
-
-with lib;
-let
-  hostname = "wakasu";
-  secretPath = ../../secrets/machines.nix;
-  secretCondition = (builtins.pathExists secretPath);
-
-  ip = strings.optionalString secretCondition (import secretPath).wireguard.ips."${hostname}";
-  ips = lists.optionals secretCondition ([ "${ip}/24" ]);
-  endpointIP = strings.optionalString secretCondition (import secretPath).wg.endpointIP;
-  endpointPort = if secretCondition then (import secretPath).wg.listenPort else 0;
-  endpointPublicKey = strings.optionalString secretCondition (import secretPath).wireguard.kerkouane.publicKey;
-in
-{
-  imports = [
-    ../hardware/lenovo-p50.nix
-    #(import ../../nix).home-manager-stable
-    #../modules/default.stable.nix
-    (import ../../users).vincent
-    (import ../../users).root
-  ];
-
-  networking = {
-    hostName = hostname;
-    bridges.br1.interfaces = [ "enp0s31f6" ];
-    firewall.enable = false; # we are in safe territory :D
-    useDHCP = false;
-    interfaces.br1 = {
-      useDHCP = true;
-    };
-  };
-
-  boot.binfmt.registrations = {
-    s390x-linux = {
-      # interpreter = getEmulator "s390x-linux";
-      interpreter = "${pkgs.qemu}/bin/qemu-s390x";
-      magicOrExtension = ''\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16'';
-      mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff'';
-    };
-  };
-  boot.binfmt.emulatedSystems = [
-    "armv6l-linux"
-    "armv7l-linux"
-    "aarch64-linux"
-    # "s390x-linux"
-    "powerpc64le-linux"
-  ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/6590b73d-72a4-4356-94b1-f56ac45c976d";
-    fsType = "ext4";
-    options = [ "noatime" "discard" ];
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/7FA5-145B";
-    fsType = "vfat";
-  };
-
-  swapDevices = [{ device = "/dev/disk/by-uuid/720200fc-8f27-49a7-85bb-a406b6119d31"; }];
-
-  profiles = {
-    bind.enable = true;
-    home = true;
-    dev.enable = false;
-    desktop.enable = lib.mkForce false;
-    laptop.enable = true;
-    docker.enable = true;
-    avahi.enable = true;
-    syncthing.enable = true;
-    ssh = { enable = true; };
-    virtualization = { enable = true; nested = true; listenTCP = true; };
-  };
-  security = {
-    pam.u2f.enable = true;
-  };
-  services = {
-    netdata.enable = true;
-    logind.extraConfig = ''
-      HandleLidSwitch=ignore
-      HandleLidSwitchExternalPower=ignore
-      HandleLidSwitchDocked=ignore
-    '';
-    syncthing.guiAddress = "${ip}:8384";
-    smartd = {
-      enable = true;
-      devices = [{ device = "/dev/nvme0n1"; }];
-    };
-    wireguard = {
-      enable = true;
-      ips = ips;
-      endpoint = endpointIP;
-      endpointPort = endpointPort;
-      endpointPublicKey = endpointPublicKey;
-    };
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedTlsSettings = true;
-      recommendedOptimisation = true;
-      virtualHosts."whoami.sbr.pm" = {
-        locations."/" = {
-          proxyPass = "http://192.168.1.187:80";
-          extraConfig = ''
-            proxy_set_header Host            $host;
-            proxy_set_header X-Forwarded-For $remote_addr;
-          '';
-        };
-      };
-      virtualHosts."webhook.sbr.pm" = {
-        # listen = [{ port = 8080; }];
-        locations."/" = {
-          proxyPass = "http://192.168.1.188:8080";
-          extraConfig = ''
-            proxy_set_header Host            $host;
-            proxy_set_header X-Forwarded-For $remote_addr;
-          '';
-        };
-      };
-    };
-  };
-
-  # Move this to a "builder" role
-  users.extraUsers.builder = {
-    isNormalUser = true;
-    uid = 1018;
-    extraGroups = [ ];
-    openssh.authorizedKeys.keys = [ (builtins.readFile ../../secrets/builder.pub) ];
-  };
-  nix.trustedUsers = [ "root" "vincent" "builder" ];
-}