diff --git a/flake.lock b/flake.lock index 0edc8c0..d176bfd 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "adtyaxyz": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703637505, - "narHash": "sha256-JmXTyG3RHYFUTWoFb/vXyDNPOUflo5w7ajHUwzlw6pA=", - "owner": "adtya", - "repo": "adtya.xyz", - "rev": "0f9e7f63d9e2a15cb2bcf7403933734cf8aafc08", - "type": "github" - }, - "original": { - "owner": "adtya", - "repo": "adtya.xyz", - "type": "github" - } - }, "crane": { "inputs": { "nixpkgs": [ @@ -197,29 +174,6 @@ "type": "github" } }, - "if3": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699207859, - "narHash": "sha256-7RGwx48zwI/ap3ZC70dCq/9zcWCU4yVTdI0wsInP3kk=", - "owner": "adtya", - "repo": "if3-docs", - "rev": "41750eaaaffef33b0d4ab89b1fc9d67a9903447b", - "type": "github" - }, - "original": { - "owner": "adtya", - "repo": "if3-docs", - "type": "github" - } - }, "impermanence": { "locked": { "lastModified": 1703656108, @@ -408,16 +362,13 @@ }, "root": { "inputs": { - "adtyaxyz": "adtyaxyz", "flake-utils": "flake-utils", "home-manager": "home-manager", - "if3": "if3", "impermanence": "impermanence", "lanzaboote": "lanzaboote", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "nixvim": "nixvim", - "wiki": "wiki" + "nixvim": "nixvim" } }, "rust-overlay": { @@ -474,29 +425,6 @@ "repo": "default", "type": "github" } - }, - "wiki": { - "inputs": { - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703638978, - "narHash": "sha256-/FaQY32CLkPtNoqUTKwcSkxL9xxh13QGwE5ySeVS34U=", - "owner": "adtya", - "repo": "wiki", - "rev": "f2dda6c9385168b0f992d6f05708c87bd97d552a", - "type": "github" - }, - "original": { - "owner": "adtya", - "repo": "wiki", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f59f0c5..aedb029 100644 --- a/flake.nix +++ b/flake.nix @@ -38,30 +38,6 @@ nixpkgs.follows = "nixpkgs"; }; }; - - adtyaxyz = { - url = "github:adtya/adtya.xyz"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; - }; - - wiki = { - url = "github:adtya/wiki"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; - }; - - if3 = { - url = "github:adtya/if3-docs"; - inputs = { - flake-utils.follows = "flake-utils"; - nixpkgs.follows = "nixpkgs"; - }; - }; }; outputs = @@ -73,9 +49,6 @@ , lanzaboote , nixos-hardware , nixvim - , adtyaxyz - , wiki - , if3 , } @ inputs: let @@ -140,42 +113,6 @@ ./hosts/rico0 ]; }; - Rico1 = nixpkgs.lib.nixosSystem rec { - system = "aarch64-linux"; - pkgs = import nixpkgs { - inherit system; - config = nixpkgs-config; - }; - specialArgs = inputs // { inherit secrets; }; - modules = [ - { - system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; - } - - nixos-hardware.nixosModules.raspberry-pi-4 - - ./common - ./hosts/rico1 - ]; - }; - Rico2 = nixpkgs.lib.nixosSystem rec { - system = "aarch64-linux"; - pkgs = import nixpkgs { - inherit system; - config = nixpkgs-config; - }; - specialArgs = inputs // { inherit secrets; }; - modules = [ - { - system.configurationRevision = nixpkgs.lib.mkIf (self ? rev) self.rev; - } - - nixos-hardware.nixosModules.raspberry-pi-4 - - ./common - ./hosts/rico2 - ]; - }; }; } // flake-utils.lib.eachDefaultSystem ( diff --git a/hosts/rico0/network.nix b/hosts/rico0/network.nix index 33c47a7..4df7260 100644 --- a/hosts/rico0/network.nix +++ b/hosts/rico0/network.nix @@ -1,5 +1,4 @@ { lib, ... }: { - imports = [ ./wireguard.nix ]; networking = { hostName = "Rico0"; diff --git a/hosts/rico0/wireguard.nix b/hosts/rico0/wireguard.nix deleted file mode 100644 index 2e8e973..0000000 --- a/hosts/rico0/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config -, secrets -, ... -}: -let - inherit (secrets.wireguard_config) peers; -in -{ - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { - enable = true; - interfaces = { - wg0 = { - ips = [ - "10.8.10.10/24" - "fdd9:69ae:9703::3/64" - ]; - listenPort = 51821; - privateKeyFile = "/etc/wireguard/private.key"; - generatePrivateKeyFile = true; - peers = with peers; [ - Proxy - ]; - }; - }; - }; -} diff --git a/hosts/rico1/containers/default.nix b/hosts/rico1/containers/default.nix deleted file mode 100644 index 58a943f..0000000 --- a/hosts/rico1/containers/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -_: { - imports = [ ]; - - virtualisation.oci-containers = { - backend = "podman"; - }; -} diff --git a/hosts/rico1/default.nix b/hosts/rico1/default.nix deleted file mode 100644 index 8b5fb6a..0000000 --- a/hosts/rico1/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ ... }: { - imports = [ - ./hardware - ./programs - ./services - ./containers - ./network.nix - ./security.nix - ]; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - LC_ALL = "en_US.UTF-8"; - }; - supportedLocales = [ "en_US.UTF-8/UTF-8" ]; - }; - - time.timeZone = "Asia/Kolkata"; - system.stateVersion = "23.11"; -} diff --git a/hosts/rico1/hardware/default.nix b/hosts/rico1/hardware/default.nix deleted file mode 100644 index 5b5ebe2..0000000 --- a/hosts/rico1/hardware/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -{ lib, ... }: { - imports = [ ./filesystem.nix ./kernel.nix ]; - - hardware = { - raspberry-pi."4".apply-overlays-dtmerge.enable = lib.mkDefault true; - deviceTree = { - filter = "bcm2711-rpi-4*.dtb"; - overlays = [ - # Combined equivalent to: - # * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-overlay.dts - # * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-plus-overlay.dts - { - name = "rpi-poe-plus-overlay"; - dtsText = '' - /* - * Overlay for the Raspberry Pi POE HAT. - */ - /dts-v1/; - /plugin/; - - / { - compatible = "brcm,bcm2711"; - - fragment@0 { - target-path = "/"; - __overlay__ { - fan: pwm-fan { - compatible = "pwm-fan"; - cooling-levels = <0 1 10 100 255>; - #cooling-cells = <2>; - pwms = <&fwpwm 0 80000>; - }; - }; - }; - - fragment@1 { - target = <&cpu_thermal>; - __overlay__ { - polling-delay = <2000>; /* milliseconds */ - }; - }; - - fragment@2 { - target = <&thermal_trips>; - __overlay__ { - trip0: trip0 { - temperature = <55000>; - hysteresis = <2000>; - type = "active"; - }; - trip1: trip1 { - temperature = <58000>; - hysteresis = <2000>; - type = "active"; - }; - trip2: trip2 { - temperature = <61000>; - hysteresis = <2000>; - type = "active"; - }; - trip3: trip3 { - temperature = <64000>; - hysteresis = <5000>; - type = "active"; - }; - }; - }; - - fragment@3 { - target = <&cooling_maps>; - __overlay__ { - map0 { - trip = <&trip0>; - cooling-device = <&fan 0 1>; - }; - map1 { - trip = <&trip1>; - cooling-device = <&fan 1 2>; - }; - map2 { - trip = <&trip2>; - cooling-device = <&fan 2 3>; - }; - map3 { - trip = <&trip3>; - cooling-device = <&fan 3 4>; - }; - }; - }; - - fragment@4 { - target-path = "/__overrides__"; - params: __overlay__ { - poe_fan_temp0 = <&trip0>,"temperature:0"; - poe_fan_temp0_hyst = <&trip0>,"hysteresis:0"; - poe_fan_temp1 = <&trip1>,"temperature:0"; - poe_fan_temp1_hyst = <&trip1>,"hysteresis:0"; - poe_fan_temp2 = <&trip2>,"temperature:0"; - poe_fan_temp2_hyst = <&trip2>,"hysteresis:0"; - poe_fan_temp3 = <&trip3>,"temperature:0"; - poe_fan_temp3_hyst = <&trip3>,"hysteresis:0"; - poe_fan_i2c = <&fwpwm>,"status=disabled", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - fragment@5 { - target = <&firmware>; - __overlay__ { - fwpwm: pwm { - compatible = "raspberrypi,firmware-poe-pwm"; - #pwm-cells = <2>; - }; - }; - }; - - fragment@6 { - target = <&i2c0>; - i2c_bus: __overlay__ { - #address-cells = <1>; - #size-cells = <0>; - - poe_mfd: poe@51 { - compatible = "raspberrypi,poe-core"; - reg = <0x51>; - status = "disabled"; - - poe_mfd_pwm: poe_pwm@f0 { - compatible = "raspberrypi,poe-pwm"; - reg = <0xf0>; - status = "okay"; - #pwm-cells = <2>; - }; - }; - }; - }; - - fragment@7 { - target = <&i2c0if>; - __dormant__ { - status = "okay"; - }; - }; - - fragment@8 { - target = <&i2c0mux>; - __dormant__ { - status = "okay"; - }; - }; - - __overrides__ { - poe_fan_temp0 = <&trip0>,"temperature:0"; - poe_fan_temp0_hyst = <&trip0>,"hysteresis:0"; - poe_fan_temp1 = <&trip1>,"temperature:0"; - poe_fan_temp1_hyst = <&trip1>,"hysteresis:0"; - poe_fan_temp2 = <&trip2>,"temperature:0"; - poe_fan_temp2_hyst = <&trip2>,"hysteresis:0"; - poe_fan_temp3 = <&trip3>,"temperature:0"; - poe_fan_temp3_hyst = <&trip3>,"hysteresis:0"; - i2c = <0>, "+5+6", - <&fwpwm>,"status=disabled", - <&i2c_bus>,"status=okay", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - // SPDX-License-Identifier: (GPL-2.0 OR MIT) - // Overlay for the Raspberry Pi PoE+ HAT. - - / { - compatible = "brcm,bcm2711"; - - fragment@10 { - target-path = "/"; - __overlay__ { - rpi_poe_power_supply: rpi-poe-power-supply { - compatible = "raspberrypi,rpi-poe-power-supply"; - firmware = <&firmware>; - status = "okay"; - }; - }; - }; - fragment@11 { - target = <&poe_mfd>; - __overlay__ { - rpi-poe-power-supply@f2 { - compatible = "raspberrypi,rpi-poe-power-supply"; - reg = <0xf2>; - status = "okay"; - }; - }; - }; - - __overrides__ { - i2c = <0>, "+5+6", - <&fwpwm>,"status=disabled", - <&rpi_poe_power_supply>,"status=disabled", - <&i2c_bus>,"status=okay", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - &fan { - cooling-levels = <0 32 64 128 255>; - }; - - ¶ms { - poe_fan_i2c = <&fwpwm>,"status=disabled", - <&rpi_poe_power_supply>,"status=disabled", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - ''; - } - ]; - }; - }; -} diff --git a/hosts/rico1/hardware/filesystem.nix b/hosts/rico1/hardware/filesystem.nix deleted file mode 100644 index 8cc3afb..0000000 --- a/hosts/rico1/hardware/filesystem.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: { - fileSystems."/" = { - device = "/dev/disk/by-partlabel/NIXOS_ROOT"; - fsType = "btrfs"; - options = [ "noatime" "compress=zstd" ]; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-partlabel/ESP"; - fsType = "vfat"; - }; -} diff --git a/hosts/rico1/hardware/kernel.nix b/hosts/rico1/hardware/kernel.nix deleted file mode 100644 index 6247463..0000000 --- a/hosts/rico1/hardware/kernel.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ lib -, ... -}: { - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; -} diff --git a/hosts/rico1/network.nix b/hosts/rico1/network.nix deleted file mode 100644 index b2c5baf..0000000 --- a/hosts/rico1/network.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, ... }: { - imports = [ ./wireguard.nix ]; - networking = { - hostName = "Rico1"; - - networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - useDHCP = lib.mkDefault false; - }; - - services.resolved = { - enable = true; - extraConfig = '' - DNS=2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net - FallbackDNS= - DNSOverTLS=opportunistic - Domains=~. - ''; - }; -} diff --git a/hosts/rico1/programs/default.nix b/hosts/rico1/programs/default.nix deleted file mode 100644 index dfffea1..0000000 --- a/hosts/rico1/programs/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: { - imports = [ - ./neovim.nix - ./starship.nix - ./zsh.nix - ]; - - programs.git.enable = true; - - environment.systemPackages = with pkgs; [ - git-crypt - ]; -} diff --git a/hosts/rico1/programs/neovim.nix b/hosts/rico1/programs/neovim.nix deleted file mode 100644 index a70af6e..0000000 --- a/hosts/rico1/programs/neovim.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - programs.neovim = { - enable = true; - defaultEditor = true; - viAlias = true; - vimAlias = true; - }; -} diff --git a/hosts/rico1/programs/starship.nix b/hosts/rico1/programs/starship.nix deleted file mode 100644 index 3de1b05..0000000 --- a/hosts/rico1/programs/starship.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - programs.starship = { - enable = true; - settings = { - add_newline = false; - }; - }; -} diff --git a/hosts/rico1/programs/zsh.nix b/hosts/rico1/programs/zsh.nix deleted file mode 100644 index 53468ac..0000000 --- a/hosts/rico1/programs/zsh.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - programs = { - zsh = { - enable = true; - autosuggestions.enable = true; - syntaxHighlighting.enable = true; - }; - }; - environment.pathsToLink = [ "/share/zsh" ]; -} diff --git a/hosts/rico1/security.nix b/hosts/rico1/security.nix deleted file mode 100644 index 9cca61a..0000000 --- a/hosts/rico1/security.nix +++ /dev/null @@ -1,15 +0,0 @@ -_: { - security = { - apparmor = { - enable = true; - enableCache = true; - }; - audit.enable = true; - auditd.enable = true; - sudo = { - wheelNeedsPassword = false; - }; - polkit.enable = true; - rtkit.enable = true; - }; -} diff --git a/hosts/rico1/services/btrfs.nix b/hosts/rico1/services/btrfs.nix deleted file mode 100644 index 63754d4..0000000 --- a/hosts/rico1/services/btrfs.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - }; -} diff --git a/hosts/rico1/services/caddy.nix b/hosts/rico1/services/caddy.nix deleted file mode 100644 index 80a7e2c..0000000 --- a/hosts/rico1/services/caddy.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ secrets, ... }: { - services.caddy = { - enable = true; - inherit (secrets.caddy_config) email; - }; -} diff --git a/hosts/rico1/services/default.nix b/hosts/rico1/services/default.nix deleted file mode 100644 index 760daf6..0000000 --- a/hosts/rico1/services/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: { - imports = [ - ./btrfs.nix - ./caddy.nix - ./dendrite - ./frpc.nix - ./nats.nix - ./postgresql.nix - ./ssh.nix - ]; -} diff --git a/hosts/rico1/services/dendrite/config.yaml b/hosts/rico1/services/dendrite/config.yaml deleted file mode 100644 index ead6cb8..0000000 --- a/hosts/rico1/services/dendrite/config.yaml +++ /dev/null @@ -1,118 +0,0 @@ -version: 2 - -global: - server_name: adtya.xyz - - private_key: /etc/dendrite/matrix_key.pem - key_validity_period: 168h0m0s - database: - connection_string: postgresql://dendrite@localhost/dendrite?sslmode=disable - max_open_conns: 90 - max_idle_conns: 5 - conn_max_lifetime: -1 - - cache: - max_size_estimated: 1gb - max_age: 1h - - well_known_server_name: "matrix.adtya.xyz:443" - well_known_client_name: "https://matrix.adtya.xyz:443" - - trusted_third_party_id_servers: - - matrix.org - - vector.im - - disable_federation: false - - presence: - enable_inbound: false - enable_outbound: false - - jetstream: - addresses: - - localhost:4222 - disable_tls_validation: false - storage_path: /var/lib/dendrite/nats - topic_prefix: Dendrite - - dns_cache: - enabled: true - cache_size: 256 - cache_lifetime: "5m" - -client_api: - registration_disabled: true - guests_disabled: true - registration_shared_secret: "" - enable_registration_captcha: false - recaptcha_public_key: "" - recaptcha_private_key: "" - recaptcha_bypass_secret: "" - - # TURN server information that this homeserver should send to clients. -federation_api: - send_max_retries: 16 - disable_tls_validation: false - disable_http_keepalives: false - - key_perspectives: - - server_name: matrix.org - keys: - - key_id: ed25519:auto - public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw - - key_id: ed25519:a_RXGa - public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ - - prefer_direct_fetch: false - -media_api: - base_path: /var/lib/dendrite/media - max_file_size_bytes: 10485760 - dynamic_thumbnails: false - max_thumbnail_generators: 10 - thumbnail_sizes: - - width: 32 - height: 32 - method: crop - - width: 96 - height: 96 - method: crop - - width: 640 - height: 480 - method: scale - -sync_api: - real_ip_header: X-Real-IP - - search: - enabled: false - index_path: "/var/lib/dendrite/searchindex" - language: "en" - -# Configuration for the User API. -user_api: - bcrypt_cost: 10 - auto_join_rooms: - # - "#main:matrix.org" - -tracing: - enabled: false - jaeger: - serviceName: "" - disabled: false - rpc_metrics: false - tags: [] - sampler: null - reporter: null - headers: null - baggage_restrictions: null - throttler: null - -logging: - - type: std - level: info - - type: file - level: info - params: - path: ./logs - diff --git a/hosts/rico1/services/dendrite/default.nix b/hosts/rico1/services/dendrite/default.nix deleted file mode 100644 index 5dbea57..0000000 --- a/hosts/rico1/services/dendrite/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ pkgs, ... }: { - services = { - caddy.virtualHosts."matrix.adtya.xyz" = { - extraConfig = '' - reverse_proxy /_matrix/* 127.0.0.1:8008 - reverse_proxy /_synapse/* 127.0.0.1:8008 - reverse_proxy 127.0.0.1:8008 - ''; - }; - frp.settings = { - "http.matrix.adtya.xyz" = { - type = "http"; - custom_domains = "matrix.adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.matrix.adtya.xyz" = { - type = "https"; - custom_domains = "matrix.adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - }; - }; - systemd.services.dendrite = { - description = "Dendrite Matrix homeserver"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - DynamicUser = true; - StateDirectory = "dendrite"; - WorkingDirectory = "/var/lib/dendrite"; - RuntimeDirectory = "dendrite"; - RuntimeDirectoryMode = "0700"; - LimitNOFILE = 65535; - ExecStart = '' - ${pkgs.dendrite}/bin/dendrite -http-bind-address 127.0.0.1:8008 -https-bind-address 127.0.0.1:8448 -config ${./config.yaml} - ''; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - Restart = "on-failure"; - }; - }; -} diff --git a/hosts/rico1/services/frpc.nix b/hosts/rico1/services/frpc.nix deleted file mode 100644 index 7887271..0000000 --- a/hosts/rico1/services/frpc.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ secrets, ... }: { - services.frp = { - enable = true; - role = "client"; - settings = { - common = { - inherit (secrets.frp_config) server_addr token; - server_port = 7000; - authentication_method = "token"; - }; - - "ssh.rico1" = { - type = "tcp"; - local_port = 22; - remote_port = 6001; - }; - }; - }; -} diff --git a/hosts/rico1/services/nats.nix b/hosts/rico1/services/nats.nix deleted file mode 100644 index 1e58308..0000000 --- a/hosts/rico1/services/nats.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - services.nats = { - enable = true; - jetstream = true; - }; -} diff --git a/hosts/rico1/services/postgresql.nix b/hosts/rico1/services/postgresql.nix deleted file mode 100644 index 5783ae6..0000000 --- a/hosts/rico1/services/postgresql.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: { - services.postgresql = { - enable = true; - authentication = pkgs.lib.mkOverride 10 '' - local all all trust - host all all 127.0.0.1/32 trust - host all all ::1/128 trust - ''; - ensureDatabases = [ "dendrite" ]; - ensureUsers = [ - { - name = "dendrite"; - ensureDBOwnership = true; - } - ]; - }; -} diff --git a/hosts/rico1/services/ssh.nix b/hosts/rico1/services/ssh.nix deleted file mode 100644 index dc87d2f..0000000 --- a/hosts/rico1/services/ssh.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; -} diff --git a/hosts/rico1/wireguard.nix b/hosts/rico1/wireguard.nix deleted file mode 100644 index 033c1ca..0000000 --- a/hosts/rico1/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config -, secrets -, ... -}: -let - inherit (secrets.wireguard_config) peers; -in -{ - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { - enable = true; - interfaces = { - wg0 = { - ips = [ - "10.8.10.11/24" - "fdd9:69ae:9703::4/64" - ]; - listenPort = 51821; - privateKeyFile = "/etc/wireguard/private.key"; - generatePrivateKeyFile = true; - peers = with peers; [ - Proxy - ]; - }; - }; - }; -} diff --git a/hosts/rico2/containers/default.nix b/hosts/rico2/containers/default.nix deleted file mode 100644 index 797cc9d..0000000 --- a/hosts/rico2/containers/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: { - imports = [ ]; - - virtualisation.oci-containers = { - backend = "podman"; - }; -} diff --git a/hosts/rico2/default.nix b/hosts/rico2/default.nix deleted file mode 100644 index 8b5fb6a..0000000 --- a/hosts/rico2/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ ... }: { - imports = [ - ./hardware - ./programs - ./services - ./containers - ./network.nix - ./security.nix - ]; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "en_US.UTF-8"; - LC_IDENTIFICATION = "en_US.UTF-8"; - LC_MEASUREMENT = "en_US.UTF-8"; - LC_MONETARY = "en_US.UTF-8"; - LC_NAME = "en_US.UTF-8"; - LC_NUMERIC = "en_US.UTF-8"; - LC_PAPER = "en_US.UTF-8"; - LC_TELEPHONE = "en_US.UTF-8"; - LC_TIME = "en_US.UTF-8"; - LC_ALL = "en_US.UTF-8"; - }; - supportedLocales = [ "en_US.UTF-8/UTF-8" ]; - }; - - time.timeZone = "Asia/Kolkata"; - system.stateVersion = "23.11"; -} diff --git a/hosts/rico2/hardware/default.nix b/hosts/rico2/hardware/default.nix deleted file mode 100644 index 5b5ebe2..0000000 --- a/hosts/rico2/hardware/default.nix +++ /dev/null @@ -1,222 +0,0 @@ -{ lib, ... }: { - imports = [ ./filesystem.nix ./kernel.nix ]; - - hardware = { - raspberry-pi."4".apply-overlays-dtmerge.enable = lib.mkDefault true; - deviceTree = { - filter = "bcm2711-rpi-4*.dtb"; - overlays = [ - # Combined equivalent to: - # * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-overlay.dts - # * https://github.com/raspberrypi/linux/blob/rpi-6.1.y/arch/arm/boot/dts/overlays/rpi-poe-plus-overlay.dts - { - name = "rpi-poe-plus-overlay"; - dtsText = '' - /* - * Overlay for the Raspberry Pi POE HAT. - */ - /dts-v1/; - /plugin/; - - / { - compatible = "brcm,bcm2711"; - - fragment@0 { - target-path = "/"; - __overlay__ { - fan: pwm-fan { - compatible = "pwm-fan"; - cooling-levels = <0 1 10 100 255>; - #cooling-cells = <2>; - pwms = <&fwpwm 0 80000>; - }; - }; - }; - - fragment@1 { - target = <&cpu_thermal>; - __overlay__ { - polling-delay = <2000>; /* milliseconds */ - }; - }; - - fragment@2 { - target = <&thermal_trips>; - __overlay__ { - trip0: trip0 { - temperature = <55000>; - hysteresis = <2000>; - type = "active"; - }; - trip1: trip1 { - temperature = <58000>; - hysteresis = <2000>; - type = "active"; - }; - trip2: trip2 { - temperature = <61000>; - hysteresis = <2000>; - type = "active"; - }; - trip3: trip3 { - temperature = <64000>; - hysteresis = <5000>; - type = "active"; - }; - }; - }; - - fragment@3 { - target = <&cooling_maps>; - __overlay__ { - map0 { - trip = <&trip0>; - cooling-device = <&fan 0 1>; - }; - map1 { - trip = <&trip1>; - cooling-device = <&fan 1 2>; - }; - map2 { - trip = <&trip2>; - cooling-device = <&fan 2 3>; - }; - map3 { - trip = <&trip3>; - cooling-device = <&fan 3 4>; - }; - }; - }; - - fragment@4 { - target-path = "/__overrides__"; - params: __overlay__ { - poe_fan_temp0 = <&trip0>,"temperature:0"; - poe_fan_temp0_hyst = <&trip0>,"hysteresis:0"; - poe_fan_temp1 = <&trip1>,"temperature:0"; - poe_fan_temp1_hyst = <&trip1>,"hysteresis:0"; - poe_fan_temp2 = <&trip2>,"temperature:0"; - poe_fan_temp2_hyst = <&trip2>,"hysteresis:0"; - poe_fan_temp3 = <&trip3>,"temperature:0"; - poe_fan_temp3_hyst = <&trip3>,"hysteresis:0"; - poe_fan_i2c = <&fwpwm>,"status=disabled", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - fragment@5 { - target = <&firmware>; - __overlay__ { - fwpwm: pwm { - compatible = "raspberrypi,firmware-poe-pwm"; - #pwm-cells = <2>; - }; - }; - }; - - fragment@6 { - target = <&i2c0>; - i2c_bus: __overlay__ { - #address-cells = <1>; - #size-cells = <0>; - - poe_mfd: poe@51 { - compatible = "raspberrypi,poe-core"; - reg = <0x51>; - status = "disabled"; - - poe_mfd_pwm: poe_pwm@f0 { - compatible = "raspberrypi,poe-pwm"; - reg = <0xf0>; - status = "okay"; - #pwm-cells = <2>; - }; - }; - }; - }; - - fragment@7 { - target = <&i2c0if>; - __dormant__ { - status = "okay"; - }; - }; - - fragment@8 { - target = <&i2c0mux>; - __dormant__ { - status = "okay"; - }; - }; - - __overrides__ { - poe_fan_temp0 = <&trip0>,"temperature:0"; - poe_fan_temp0_hyst = <&trip0>,"hysteresis:0"; - poe_fan_temp1 = <&trip1>,"temperature:0"; - poe_fan_temp1_hyst = <&trip1>,"hysteresis:0"; - poe_fan_temp2 = <&trip2>,"temperature:0"; - poe_fan_temp2_hyst = <&trip2>,"hysteresis:0"; - poe_fan_temp3 = <&trip3>,"temperature:0"; - poe_fan_temp3_hyst = <&trip3>,"hysteresis:0"; - i2c = <0>, "+5+6", - <&fwpwm>,"status=disabled", - <&i2c_bus>,"status=okay", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - // SPDX-License-Identifier: (GPL-2.0 OR MIT) - // Overlay for the Raspberry Pi PoE+ HAT. - - / { - compatible = "brcm,bcm2711"; - - fragment@10 { - target-path = "/"; - __overlay__ { - rpi_poe_power_supply: rpi-poe-power-supply { - compatible = "raspberrypi,rpi-poe-power-supply"; - firmware = <&firmware>; - status = "okay"; - }; - }; - }; - fragment@11 { - target = <&poe_mfd>; - __overlay__ { - rpi-poe-power-supply@f2 { - compatible = "raspberrypi,rpi-poe-power-supply"; - reg = <0xf2>; - status = "okay"; - }; - }; - }; - - __overrides__ { - i2c = <0>, "+5+6", - <&fwpwm>,"status=disabled", - <&rpi_poe_power_supply>,"status=disabled", - <&i2c_bus>,"status=okay", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - }; - - &fan { - cooling-levels = <0 32 64 128 255>; - }; - - ¶ms { - poe_fan_i2c = <&fwpwm>,"status=disabled", - <&rpi_poe_power_supply>,"status=disabled", - <&poe_mfd>,"status=okay", - <&fan>,"pwms:0=",<&poe_mfd_pwm>; - }; - ''; - } - ]; - }; - }; -} diff --git a/hosts/rico2/hardware/filesystem.nix b/hosts/rico2/hardware/filesystem.nix deleted file mode 100644 index 8cc3afb..0000000 --- a/hosts/rico2/hardware/filesystem.nix +++ /dev/null @@ -1,11 +0,0 @@ -_: { - fileSystems."/" = { - device = "/dev/disk/by-partlabel/NIXOS_ROOT"; - fsType = "btrfs"; - options = [ "noatime" "compress=zstd" ]; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-partlabel/ESP"; - fsType = "vfat"; - }; -} diff --git a/hosts/rico2/hardware/kernel.nix b/hosts/rico2/hardware/kernel.nix deleted file mode 100644 index 6247463..0000000 --- a/hosts/rico2/hardware/kernel.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ lib -, ... -}: { - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; -} diff --git a/hosts/rico2/network.nix b/hosts/rico2/network.nix deleted file mode 100644 index 87e2dc5..0000000 --- a/hosts/rico2/network.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, ... }: { - imports = [ ./wireguard.nix ]; - networking = { - hostName = "Rico2"; - - networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - - useDHCP = lib.mkDefault false; - }; - - services.resolved = { - enable = true; - extraConfig = '' - DNS=2620:fe::fe#dns.quad9.net 9.9.9.9#dns.quad9.net 2620:fe::9#dns.quad9.net 149.112.112.112#dns.quad9.net - FallbackDNS= - DNSOverTLS=opportunistic - Domains=~. - ''; - }; -} diff --git a/hosts/rico2/programs/default.nix b/hosts/rico2/programs/default.nix deleted file mode 100644 index dfffea1..0000000 --- a/hosts/rico2/programs/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ... }: { - imports = [ - ./neovim.nix - ./starship.nix - ./zsh.nix - ]; - - programs.git.enable = true; - - environment.systemPackages = with pkgs; [ - git-crypt - ]; -} diff --git a/hosts/rico2/programs/neovim.nix b/hosts/rico2/programs/neovim.nix deleted file mode 100644 index a70af6e..0000000 --- a/hosts/rico2/programs/neovim.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - programs.neovim = { - enable = true; - defaultEditor = true; - viAlias = true; - vimAlias = true; - }; -} diff --git a/hosts/rico2/programs/starship.nix b/hosts/rico2/programs/starship.nix deleted file mode 100644 index 3de1b05..0000000 --- a/hosts/rico2/programs/starship.nix +++ /dev/null @@ -1,8 +0,0 @@ -_: { - programs.starship = { - enable = true; - settings = { - add_newline = false; - }; - }; -} diff --git a/hosts/rico2/programs/zsh.nix b/hosts/rico2/programs/zsh.nix deleted file mode 100644 index 53468ac..0000000 --- a/hosts/rico2/programs/zsh.nix +++ /dev/null @@ -1,10 +0,0 @@ -_: { - programs = { - zsh = { - enable = true; - autosuggestions.enable = true; - syntaxHighlighting.enable = true; - }; - }; - environment.pathsToLink = [ "/share/zsh" ]; -} diff --git a/hosts/rico2/security.nix b/hosts/rico2/security.nix deleted file mode 100644 index 9cca61a..0000000 --- a/hosts/rico2/security.nix +++ /dev/null @@ -1,15 +0,0 @@ -_: { - security = { - apparmor = { - enable = true; - enableCache = true; - }; - audit.enable = true; - auditd.enable = true; - sudo = { - wheelNeedsPassword = false; - }; - polkit.enable = true; - rtkit.enable = true; - }; -} diff --git a/hosts/rico2/services/adtya.xyz.nix b/hosts/rico2/services/adtya.xyz.nix deleted file mode 100644 index b0e4e8c..0000000 --- a/hosts/rico2/services/adtya.xyz.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ pkgs -, adtyaxyz -, ... -}: -let - inherit (pkgs) system; -in -{ - services = { - caddy.virtualHosts."adtya.xyz" = { - serverAliases = [ "www.adtya.xyz" ]; - extraConfig = '' - handle /.well-known/matrix/server { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.server": "matrix.adtya.xyz:443"}` - } - - handle /.well-known/matrix/client { - header Content-Type application/json - header Access-Control-Allow-Origin * - respond `{"m.homeserver": {"base_url": "https://matrix.adtya.xyz:443"}}` - } - - handle /.well-known/discord { - header Access-Control-Allow-Origin * - respond `dh=bd67bb4659b662a5ee2b1b043e7b3171b2cb44bd` - } - - handle { - root * ${adtyaxyz.packages.${system}.default}/share/web - encode gzip - try_files {path} /index.html - file_server - } - ''; - }; - frp.settings = { - "http.adtya.xyz" = { - type = "http"; - custom_domains = "adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.adtya.xyz" = { - type = "https"; - custom_domains = "adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - - "http.www.adtya.xyz" = { - type = "http"; - custom_domains = "www.adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.www.adtya.xyz" = { - type = "https"; - custom_domains = "www.adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - }; - }; -} diff --git a/hosts/rico2/services/btrfs.nix b/hosts/rico2/services/btrfs.nix deleted file mode 100644 index 63754d4..0000000 --- a/hosts/rico2/services/btrfs.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - services.btrfs.autoScrub = { - enable = true; - interval = "weekly"; - }; -} diff --git a/hosts/rico2/services/caddy.nix b/hosts/rico2/services/caddy.nix deleted file mode 100644 index d6a01d3..0000000 --- a/hosts/rico2/services/caddy.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config -, secrets -, ... -}: { - services.caddy = { - enable = true; - inherit (secrets.caddy_config) email; - }; -} diff --git a/hosts/rico2/services/default.nix b/hosts/rico2/services/default.nix deleted file mode 100644 index 9dfcd31..0000000 --- a/hosts/rico2/services/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -_: { - imports = [ - ./adtya.xyz.nix - ./btrfs.nix - ./caddy.nix - ./frpc.nix - ./if3.nix - ./proofs.nix - ./ssh.nix - ./wiki.nix - ]; - -} diff --git a/hosts/rico2/services/frpc.nix b/hosts/rico2/services/frpc.nix deleted file mode 100644 index e88d07f..0000000 --- a/hosts/rico2/services/frpc.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ secrets, ... }: { - services.frp = { - enable = true; - role = "client"; - settings = { - "common" = { - inherit (secrets.frp_config) server_addr token; - server_port = 7000; - authentication_method = "token"; - }; - - "ssh.rico2" = { - type = "tcp"; - local_port = 22; - remote_port = 6002; - }; - }; - }; -} diff --git a/hosts/rico2/services/if3.nix b/hosts/rico2/services/if3.nix deleted file mode 100644 index ff12e17..0000000 --- a/hosts/rico2/services/if3.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs -, if3 -, ... -}: -let - inherit (pkgs) system; -in -{ - services = { - caddy.virtualHosts = { - "if3.adtya.xyz" = { - extraConfig = '' - root * ${if3.packages.${system}.default}/share/web - encode gzip - try_files {path} /index.html - file_server - ''; - }; - }; - - frp.settings = { - "http.if3.adtya.xyz" = { - type = "http"; - custom_domains = "if3.adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.if3.adtya.xyz" = { - type = "https"; - custom_domains = "if3.adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - }; - }; -} diff --git a/hosts/rico2/services/proofs.nix b/hosts/rico2/services/proofs.nix deleted file mode 100644 index 4fb9b9f..0000000 --- a/hosts/rico2/services/proofs.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ config -, secrets -, ... -}: { - services = { - caddy.virtualHosts = { - "proofs.adtya.xyz" = { - extraConfig = '' - redir https://keyoxide.org/hkp/${secrets.users.primary.pgpFingerprint} - ''; - }; - }; - - frp.settings = { - "http.proofs.adtya.xyz" = { - type = "http"; - custom_domains = "proofs.adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.proofs.adtya.xyz" = { - type = "https"; - custom_domains = "proofs.adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - }; - }; -} diff --git a/hosts/rico2/services/ssh.nix b/hosts/rico2/services/ssh.nix deleted file mode 100644 index dc87d2f..0000000 --- a/hosts/rico2/services/ssh.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "no"; - PasswordAuthentication = false; - }; - }; -} diff --git a/hosts/rico2/services/wiki.nix b/hosts/rico2/services/wiki.nix deleted file mode 100644 index 618a056..0000000 --- a/hosts/rico2/services/wiki.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ pkgs -, wiki -, ... -}: -let - inherit (pkgs) system; -in -{ - services = { - caddy.virtualHosts = { - "wiki.adtya.xyz" = { - extraConfig = '' - root * ${wiki.packages.${system}.default}/share/web - encode gzip - try_files {path} /index.html - file_server - ''; - }; - }; - - frp.settings = { - "http.wiki.adtya.xyz" = { - type = "http"; - custom_domains = "wiki.adtya.xyz"; - local_port = 80; - proxy_protocol_version = "v2"; - }; - - "https.wiki.adtya.xyz" = { - type = "https"; - custom_domains = "wiki.adtya.xyz"; - local_port = 443; - proxy_protocol_version = "v2"; - }; - }; - }; -} diff --git a/hosts/rico2/wireguard.nix b/hosts/rico2/wireguard.nix deleted file mode 100644 index feffbbb..0000000 --- a/hosts/rico2/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config -, secrets -, ... -}: -let - inherit (secrets.wireguard_config) peers; -in -{ - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { - enable = true; - interfaces = { - wg0 = { - ips = [ - "10.8.10.12/24" - "fdd9:69ae:9703::5/64" - ]; - listenPort = 51821; - privateKeyFile = "/etc/wireguard/private.key"; - generatePrivateKeyFile = true; - peers = with peers; [ - Proxy - ]; - }; - }; - }; -} diff --git a/hosts/skipper/network.nix b/hosts/skipper/network.nix index 80f3d1f..7987c46 100644 --- a/hosts/skipper/network.nix +++ b/hosts/skipper/network.nix @@ -1,16 +1,7 @@ { lib, ... }: { - imports = [ ./wireguard.nix ]; networking = { hostName = "Skipper"; - extraHosts = '' - 10.8.10.1 proxy - 10.8.10.2 skipper - 10.8.10.10 rico0 - 10.8.10.11 rico1 - 10.8.10.12 rico2 - ''; - networkmanager = { enable = true; dns = "systemd-resolved"; diff --git a/hosts/skipper/wireguard.nix b/hosts/skipper/wireguard.nix deleted file mode 100644 index 89586f8..0000000 --- a/hosts/skipper/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config -, secrets -, ... -}: -let - inherit (secrets.wireguard_config) peers; -in -{ - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { - enable = true; - interfaces = { - wg0 = { - ips = [ - "10.8.10.2/24" - "fdd9:69ae:9703::2/64" - ]; - listenPort = 51821; - privateKeyFile = "/etc/wireguard/private.key"; - generatePrivateKeyFile = true; - peers = with peers; [ - Proxy - ]; - }; - }; - }; -} diff --git a/secrets.nix b/secrets.nix index 6a5f6e5..47e1ad0 100644 Binary files a/secrets.nix and b/secrets.nix differ diff --git a/secrets.nix.example b/secrets.nix.example index 8cf2e56..45b85df 100644 --- a/secrets.nix.example +++ b/secrets.nix.example @@ -1,28 +1,7 @@ { - wireguard_config = { - peers = { - Proxy = { - name = "Proxy"; - endpoint = ""; - publicKey = ""; - persistentKeepalive = 20; - allowedIPs = [ - "x.x.x.x/xx" - "xxxx::/xx" - ]; - }; - }; - }; aria2_config = { rpc_secret = ""; }; - frp_config = { - server_addr = ""; - token = " frpc connection>"; - }; - caddy_config = { - email = ""; - }; users = { root.hashedPassword = ""; primary = {