home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit b7b78b566d515ac6ecc8ecbdf48bcd95177b248f
parent 6ddce14ae38898405502a1db39dd6547cb4b8d6b
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Fri,  5 Jun 2020 18:32:23 +0200

machines: remove migrate to systems

- wakasu
- kerkouane

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Dmachines/kerkouane.nix | 3---
Dmachines/kerkouane.nixos.nix | 99-------------------------------------------------------------------------------
Dmachines/wakasu.nix | 55-------------------------------------------------------
Dmachines/wakasu.nixos.nix | 97-------------------------------------------------------------------------------
4 files changed, 0 insertions(+), 254 deletions(-)

diff --git a/machines/kerkouane.nix b/machines/kerkouane.nix @@ -1,3 +0,0 @@ -{ - imports = [ ./nixos-base.nix ]; -} diff --git a/machines/kerkouane.nixos.nix b/machines/kerkouane.nixos.nix @@ -1,99 +0,0 @@ -{ config, pkgs, ... }: - -with import ../assets/machines.nix; { - imports = [ ../networking.nix ]; - time.timeZone = "Europe/Paris"; - boot = { - cleanTmpDir = true; - loader.grub.enable = true; - }; - profiles = { - git.enable = true; - nix-config.localCaches = [ ]; - nix-config.buildCores = 1; - ssh.enable = true; - syncthing.enable = true; - wireguard.server.enable = true; - }; - networking.firewall.allowPing = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security = { - acme = { - acceptTerms = true; - email = "vincent@sbr.pm"; - }; - #acme.certs = { - # "sbr.pm".email = "vincent@sbr.pm"; - #}; - }; - security.pam.enableSSHAgentAuth = true; - services = { - govanityurl = { - enable = true; - user = "nginx"; - host = "go.sbr.pm"; - config = '' - paths: - /ape: - repo: https://git.sr.ht/~vdemeester/ape - /nr: - repo: https://gitlab.com/vdemeester/nr - /ram: - repo: https://git.sr.ht/~vdemeester/ram - /sec: - repo: https://gitlab.com/vdemeester/sec - ''; - }; - nginx = { - enable = true; - virtualHosts."dl.sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/dl.sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."paste.sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/paste.sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."go.sbr.pm" = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://127.0.0.1:8080"; }; - }; - virtualHosts."sbr.pm" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/sbr.pm"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."sbr.systems" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/sbr.systems"; - locations."/" = { - index = "index.html"; - }; - }; - virtualHosts."vincent.demeester.fr" = { - enableACME = true; - forceSSL = true; - root = "/home/vincent/desktop/sites/vincent.demeester.fr"; - locations."/" = { - index = "index.html"; - }; - }; - }; - openssh.ports = [ ssh.kerkouane.port ]; - openssh.permitRootLogin = "without-password"; - syncthing.guiAddress = "127.0.0.1:8384"; - }; -} diff --git a/machines/wakasu.nix b/machines/wakasu.nix @@ -1,55 +0,0 @@ -{ pkgs, ... }: - -{ - imports = [ - ./nixos-base.nix - ]; - profiles.zsh = { - enable = true; - }; - profiles.audio = { - enable = true; - mpd = { - enable = true; - musicDir = "/net/sakhalin.home/export/gaia/music"; - }; - shairport-sync = true; - }; - profiles.cloud.google.enable = true; - profiles.dev = { - go.enable = true; - }; - profiles.emacs.withXwidgets = true; - profiles.finances.enable = true; - profiles.laptop.enable = true; - profiles.media.enable = true; - profiles.gpg.pinentry = "${pkgs.pinentry-gtk2}/bin/pinentry-gtk-2"; - profiles.mails = { - enable = true; - sync = true; - }; - profiles.containers.kubernetes = { - enable = true; - krew = true; - kind = true; - nr = false; - }; - profiles.containers.openshift = { - enable = true; - crc = true; - }; - programs = { - google-chrome.enable = true; - podman.enable = true; - }; - home.packages = with pkgs; [ - openvpn - krb5 - libosinfo - virtmanager - thunderbird - asciinema - gnome3.zenity # use rofi instead - oathToolkit - ]; -} diff --git a/machines/wakasu.nixos.nix b/machines/wakasu.nixos.nix @@ -1,97 +0,0 @@ -with import ../assets/machines.nix; { - imports = [ ../hardware/lenovo-p50.nix ./home.nixos.nix ]; - boot = { - kernelModules = [ "kvm_intel" ]; - kernelParams = [ "kvm_intel.nested=1" ]; - kernel.sysctl = { - "net.bridge.bridge-nf-call-arptables" = 0; - "net.bridge.bridge-nf-call-iptables" = 0; - "net.bridge.bridge-nf-call-ip6tables" = 0; - }; - }; - environment.etc."NetworkManager/dnsmasq.d/crc.conf".text = '' - server=/apps-crc.testing/192.168.130.11 - server=/crc.testing/192.168.130.11 - ''; - networking = { - firewall.enable = false; # we are in safe territory :D - hosts = { - "${home.ips.honshu}" = [ "honshu.home" ]; - "${wireguard.ips.honshu}" = [ "honshu.vpn" ]; - "${home.ips.shikoku}" = [ "shikoku.home" ]; - "${wireguard.ips.shikoku}" = [ "shikoku.vpn" ]; - "${home.ips.wakasu}" = [ "wakasu.home" ]; - "${wireguard.ips.wakasu}" = [ "wakasu.vpn" ]; - "${home.ips.hokkaido}" = [ "hokkaido.home" ]; - "${wireguard.ips.hokkaido}" = [ "hokkaido.vpn" ]; - "${home.ips.sakhalin}" = [ "sakhalin.home" ]; - "${wireguard.ips.sakhalin}" = [ "sakhalin.vpn" ]; - "${wireguard.ips.massimo}" = [ "massimo.vpn" ]; - "${home.ips.synodine}" = [ "synodine.home" ]; - "${home.ips.okinawa}" = [ "okinawa.home" "cache.home" "svc.home" "nix.cache.home" "go.cache.home" ]; - "${wireguard.ips.okinawa}" = [ "okinawa.vpn" ]; - "${wireguard.ips.carthage}" = [ "carthage.vpn" ]; - "${wireguard.ips.kerkouane}" = [ "kerkouane.vpn" ]; - }; - networkmanager = { - dns = "dnsmasq"; - }; - }; - profiles = { - dev.enable = true; - laptop.enable = true; - desktop.autoLogin = true; - docker.enable = true; - nix-config.buildCores = 4; - #qemu-user = { arm = true; aarch64 = true; }; - ssh = { - enable = true; - forwardX11 = true; - }; - virtualization = { - enable = true; - nested = true; - listenTCP = true; - }; - yubikey.enable = true; - }; - programs = { - podman.enable = true; - }; - security.sudo = { - extraConfig = '' - %users ALL = (root) NOPASSWD: /home/vincent/.nix-profile/bin/kubernix - ''; - }; - security.pam.u2f.enable = true; - services = { - logind.extraConfig = '' - HandleLidSwitch=ignore - HandleLidSwitchExternalPower=ignore - HandleLidSwitchDocked=ignore - ''; - #syncthing.guiAddress = "${wireguard.ips.wakasu}:8384"; - syncthing.guiAddress = "0.0.0.0:8384"; - smartd = { - enable = true; - devices = [{ device = "/dev/nvme0n1"; }]; - }; - wireguard = { - enable = true; - ips = [ "${wireguard.ips.wakasu}/24" ]; - endpoint = wg.endpointIP; - endpointPort = wg.listenPort; - endpointPublicKey = wireguard.kerkouane.publicKey; - }; - xserver = { - videoDrivers = [ "nvidia" ]; - dpi = 96; - serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; - }; - }; -}