diff --git a/flake.nix b/flake.nix index 5e2f4cc..55619fa 100644 --- a/flake.nix +++ b/flake.nix @@ -40,16 +40,6 @@ ]; }; - "nyx.lewd.wtf" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs self; }; - modules = [ - sops-nix.nixosModules.sops - ./default.nix - ./hosts/nyx.lewd.wtf/configuration.nix - ]; - }; - "phoenix.lewd.wtf" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs self; }; @@ -128,19 +118,6 @@ }; }; - "nyx.lewd.wtf" = { - sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ]; - hostname = "nyx.lewd.wtf"; - fastConnection = true; - - profiles.system = { - sshUser = "root"; - path = - deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."nyx.lewd.wtf"; - user = "root"; - }; - }; - "phoenix.lewd.wtf" = { sshOpts = [ "-p" "22" "-o" "StrictHostKeyChecking=no" ]; hostname = "phoenix.lewd.wtf"; diff --git a/hosts/nyx.lewd.wtf/configuration.nix b/hosts/nyx.lewd.wtf/configuration.nix deleted file mode 100644 index 61213a1..0000000 --- a/hosts/nyx.lewd.wtf/configuration.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ self, config, pkgs, lib, ... }: -let - utils = import ../../util/include.nix { lib = lib; }; - imports = - (utils.includeDir ./services) ++ - [ - ./hardware-configuration.nix - ./networking.nix - ./users.nix - ./secrets.nix - ]; -in -{ - inherit imports; - - networking.hostName = "nyx"; - networking.domain = "lewd.wtf"; - - boot.loader.grub.enable = false; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - system.stateVersion = "22.11"; -} diff --git a/hosts/nyx.lewd.wtf/hardware-configuration.nix b/hosts/nyx.lewd.wtf/hardware-configuration.nix deleted file mode 100644 index 38f7362..0000000 --- a/hosts/nyx.lewd.wtf/hardware-configuration.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/adde8f5f-358d-4ed2-835a-8fecbe4a86a4"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/8D9D-CCA2"; - fsType = "vfat"; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/6cee1359-6e2c-45fc-927d-f2a558f0ec5d"; - fsType = "ext4"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/474244b3-df18-4af7-badf-d7b2531ae17c"; } - ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} - diff --git a/hosts/nyx.lewd.wtf/networking.nix b/hosts/nyx.lewd.wtf/networking.nix deleted file mode 100644 index 1e0dfd8..0000000 --- a/hosts/nyx.lewd.wtf/networking.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - networking.defaultGateway = "192.168.0.1"; - networking.nameservers = [ "192.168.0.1" ]; - networking.interfaces.enp2s0.ipv4.addresses = [ - { - address = "192.168.0.10"; - prefixLength = 22; - } - ]; -} diff --git a/hosts/nyx.lewd.wtf/secrets.nix b/hosts/nyx.lewd.wtf/secrets.nix deleted file mode 100644 index e029b1b..0000000 --- a/hosts/nyx.lewd.wtf/secrets.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, ... }: -{ - sops.defaultSopsFile = ./secrets/services.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - - # Vaultwarden - sops.secrets."services/vaultwarden/.env" = { - mode = "0400"; - owner = config.users.users.vaultwarden.name; - group = config.users.users.vaultwarden.group; - sopsFile = ./secrets/vaultwarden.env; - format = "dotenv"; - }; -} diff --git a/hosts/nyx.lewd.wtf/secrets/services.yaml b/hosts/nyx.lewd.wtf/secrets/services.yaml deleted file mode 100644 index b76f509..0000000 --- a/hosts/nyx.lewd.wtf/secrets/services.yaml +++ /dev/null @@ -1,30 +0,0 @@ -example_key: ENC[AES256_GCM,data:MB+njL6mhVGUYKlBww==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:G9EH5DpFHMq2Qx/grNrYNQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QXk5U3JRZ1FtNzM0cEZJ - b3RXdEpra2VJSWxvT3BwOWZuc1JkWkhBQWlVCmFQUHlybEZYNXYrNVpLT2xPc2pP - UEtxdlJHdWhzK05CRzN1dFlqM01ValkKLS0tIDZVQWo0SXFyV1Nad2RGcGFtcDBt - UHQyVjkvOGZXVXJDYWhQeFN0WFJhOHcKsmRy6Sn3IHPuXdv5j8l373HLBSgBy7M/ - Z/uIth3S50OGf6okvvHJxWuZ3xVXwZqUwfYpE5WtJuSXi4rBaJHISw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxamE0eTB3TXVGNDN1azZ3 - MmRHalA4TjErZE1Db2tNM1lhd2VHK0l0YlVNClFic2t2VXhKR0pBMGFIVHRFczEy - cE9KZjlDSzZuYlJWTlVEL1ZXOUxRajAKLS0tIHhaekZvdE40YlVlS3A2Y0kxWHVR - SkMwdFUrcmN4aUJ0cms5WlhBWnZKTncKt0JurciGm7hQI8VSalQaHvGzh9xF2Xrl - afe94Ma/mmojj8cEqJQlarMMDtAAGsWjz7zwwam629uE9Yjsr/YRbw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-04-15T08:13:59Z" - mac: ENC[AES256_GCM,data:ockH8FVoLTeGuCOKknJ3aSQIQEIFFtmJQ+RwmDgorWSYHCUDsriSGy8fVEoAE/6pzGMahjdC1rK2YtaeAFljsNTh1Ct5CpVBmwKZVOCZSM9eWz4d7JFjJolIc+kNSj/9k+NUZBZafUMa1ckIK/8CMM0AysZ/mBeYTsaP8WOfB5g=,iv:aFICxoznCi5Tg+YZrsBAiEWPw7Hw+Abv1wJpdB50PQY=,tag:2sWz7OvFI7pIRsoeHJKpxQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/hosts/nyx.lewd.wtf/secrets/vaultwarden.env b/hosts/nyx.lewd.wtf/secrets/vaultwarden.env deleted file mode 100644 index 6d76e98..0000000 --- a/hosts/nyx.lewd.wtf/secrets/vaultwarden.env +++ /dev/null @@ -1,11 +0,0 @@ -ADMIN_TOKEN=ENC[AES256_GCM,data:R1mhyfHnTvnWaeKL7UFUuaA8bmpoQciLXRgLZKTDH0Zvo/M76s/NSenBEtpfpUJMbHGp1hmXqkK6jR5WVemYhg==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:yPXiqasJbj2NCc5vIc2zVw==,type:str] -SMTP_PASSWORD=ENC[AES256_GCM,data:dhTGLgXtdn6olKATr/qTRA==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:cmcSLz0/YS1/45ZrLSp08Q==,type:str] -YUBICO_SECRET_KEY=ENC[AES256_GCM,data:mIfNhnuU3+KaOJ/MXSabOus5nAGdNmoHimWhba8s,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:zIUbM5mBqJeQJ2npKPJ+fw==,type:str] -sops_unencrypted_suffix=_unencrypted -sops_mac=ENC[AES256_GCM,data:3EjD4AKgXCOTIwCZrRkq+NYDrRSH7+8LsC4Eop6SNVyXUCP5zyhJwInFpSnrSeYPp81HSxZz0LZEotJH0P6e1/JVfxKz9bOuoGr2856fEh3qmzQW2Mu6UJSFa2rGjtqTuWC+fMvIUpNX5dF2d3nxEGkRbylQedQLWACKgYVmfEo=,iv:EBBRSR84VLpezX7WdFwHyvqu5fZn7bZ/t/2H37Mx44Q=,tag:Rbkcq2V8G0rDwQYiwm0JtQ==,type:str] -sops_age__list_1__map_recipient=age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdTRPUGxqcGowU0FjRE84\nNjhKdEJabFZEVXo3aTArQnNNRjhaMFZiKzNrCmpLbFoxTVlTUkYxOHVJdlFqa0JF\nQStIT29uSlY3SWtzZHFqbjZwTHZ1aEUKLS0tIHJlLzlCV0RJekVvOWRLV3JmZ2pv\nZ0VrUVg5NXVTWU5LRDk2M3dYWXM3bkEKA4KusPniM0pO6oJhHq1khrfcwdSvG+/A\n7rn6Ib23WSHUAquxCxOz9IXL2GDrajEFnv82lyYUgijgb7PEWC2pPQ==\n-----END AGE ENCRYPTED FILE-----\n -sops_version=3.7.3 -sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UXYrVkxHSmx1V1E1aVlW\nTVMwamo2ZnJrbERDTkJoSS8yanVXZ2pEbEJnCjExM2U5T1U3SkVrNFhIaXg5VE9K\ncnNyUDdQM2IyQ2FpenV0VEhIR1NBaTQKLS0tIEsvOTNDa1BvUlk3UE01VGZydmVG\nZDZOelphR0Nsa3c4aXZ5NDJVWlVvQmsKPxUi8Vgxe+EsHSF/33OfoEdFIUscDTzR\nzjf8rkG5BU616tudvXUGLfdncCiG+hfz7ZvmEYlTEAdGzSYSW8tuhg==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv -sops_lastmodified=2023-04-21T17:46:25Z diff --git a/hosts/nyx.lewd.wtf/services/nginx.nix b/hosts/nyx.lewd.wtf/services/nginx.nix deleted file mode 100644 index 6449182..0000000 --- a/hosts/nyx.lewd.wtf/services/nginx.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - services.nginx = { - enable = true; - }; -} diff --git a/hosts/nyx.lewd.wtf/services/uptimekuma.nix b/hosts/nyx.lewd.wtf/services/uptimekuma.nix deleted file mode 100644 index 9c4efec..0000000 --- a/hosts/nyx.lewd.wtf/services/uptimekuma.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - services.uptime-kuma = { - enable = true; - settings = { - UPTIME_KUMA_PORT = "8099"; - }; - }; - - services.nginx.virtualHosts."status.lewd.wtf" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8099"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = - "proxy_set_header Host $host;" + - "proxy_set_header X-Real-IP $remote_addr;" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + - "proxy_set_header X-Forwarded-Proto $scheme;" - ; - }; - }; -} diff --git a/hosts/nyx.lewd.wtf/services/vaultwarden.nix b/hosts/nyx.lewd.wtf/services/vaultwarden.nix deleted file mode 100644 index 4a7d94a..0000000 --- a/hosts/nyx.lewd.wtf/services/vaultwarden.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, ... }: -{ - users.users.vaultwarden.extraGroups = [ config.users.groups.keys.name ]; - - services.vaultwarden = { - enable = true; - environmentFile = "/run/secrets/services/vaultwarden/.env"; - config = { - DOMAIN = "https://vault.lewd.wtf"; - SIGNUPS_ALLOWED = false; - SIGNUPS_VERIFY = true; - INVITATIONS_ALLOWED = false; - WEBSOCKET_ENABLED = true; - WEBSOCKET_PORT = 3012; - ROCKET_PORT = 8222; - SMTP_HOST = "mail.your-server.de"; - SMTP_FROM = "vaultwarden@lewd.wtf"; - SMTP_FROM_NAME = "Vaultwarden"; - SMTP_USERNAME = "vaultwarden@lewd.wtf"; - YUBICO_CLIENT_ID = 88022; - }; - }; - - services.nginx.clientMaxBodySize = "128M"; - - services.nginx.virtualHosts."vault.lewd.wtf" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8222"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = - "proxy_set_header Host $host;" + - "proxy_set_header X-Real-IP $remote_addr;" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + - "proxy_set_header X-Forwarded-Proto $scheme;" - ; - }; - locations."/notifications/hub/negotiate" = { - proxyPass = "http://127.0.0.1:8222"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = - "proxy_set_header Host $host;" + - "proxy_set_header X-Real-IP $remote_addr;" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + - "proxy_set_header X-Forwarded-Proto $scheme;" - ; - }; - locations."/notifications/hub" = { - proxyPass = "http://127.0.0.1:3012"; - proxyWebsockets = true; # needed if you need to use WebSocket - extraConfig = - "proxy_set_header Host $host;" + - "proxy_set_header X-Real-IP $remote_addr;" + - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" + - "proxy_set_header X-Forwarded-Proto $scheme;" - ; - }; - }; -} diff --git a/hosts/nyx.lewd.wtf/services/vikunja.nix b/hosts/nyx.lewd.wtf/services/vikunja.nix deleted file mode 100644 index 1f4e6d6..0000000 --- a/hosts/nyx.lewd.wtf/services/vikunja.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ pkgs, ...}: -{ - services.vikunja = { - enable = true; - setupNginx = true; - frontendScheme = "https"; - frontendHostname = "todo.lewd.wtf"; - }; - services.nginx.virtualHosts."todo.lewd.wtf" = { - enableACME = true; - forceSSL = true; - }; -} diff --git a/hosts/nyx.lewd.wtf/users.nix b/hosts/nyx.lewd.wtf/users.nix deleted file mode 100644 index 8588732..0000000 --- a/hosts/nyx.lewd.wtf/users.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - users.groups.markus = {}; - users.users.markus = { - group = "markus"; - isNormalUser = true; - home = "/home/markus"; - homeMode = "755"; - createHome = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2eur+tK9VTYqXTgYlJY1/oV1EzUhm4QZGEl4e3/kWr deck@steamdeck" - ]; - }; -}