Decommission nyx
This commit is contained in:
parent
e7838b8992
commit
6215a962e4
23
flake.nix
23
flake.nix
|
@ -40,16 +40,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
"nyx.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs self; };
|
||||
modules = [
|
||||
sops-nix.nixosModules.sops
|
||||
./default.nix
|
||||
./hosts/nyx.lewd.wtf/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
"phoenix.lewd.wtf" = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = { inherit inputs self; };
|
||||
|
@ -128,19 +118,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
"nyx.lewd.wtf" = {
|
||||
sshOpts = [ "-p" "222" "-o" "StrictHostKeyChecking=no" ];
|
||||
hostname = "nyx.lewd.wtf";
|
||||
fastConnection = true;
|
||||
|
||||
profiles.system = {
|
||||
sshUser = "root";
|
||||
path =
|
||||
deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations."nyx.lewd.wtf";
|
||||
user = "root";
|
||||
};
|
||||
};
|
||||
|
||||
"phoenix.lewd.wtf" = {
|
||||
sshOpts = [ "-p" "22" "-o" "StrictHostKeyChecking=no" ];
|
||||
hostname = "phoenix.lewd.wtf";
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
{ self, config, pkgs, lib, ... }:
|
||||
let
|
||||
utils = import ../../util/include.nix { lib = lib; };
|
||||
imports =
|
||||
(utils.includeDir ./services) ++
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./networking.nix
|
||||
./users.nix
|
||||
./secrets.nix
|
||||
];
|
||||
in
|
||||
{
|
||||
inherit imports;
|
||||
|
||||
networking.hostName = "nyx";
|
||||
networking.domain = "lewd.wtf";
|
||||
|
||||
boot.loader.grub.enable = false;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/adde8f5f-358d-4ed2-835a-8fecbe4a86a4";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/8D9D-CCA2";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home" =
|
||||
{ device = "/dev/disk/by-uuid/6cee1359-6e2c-45fc-927d-f2a558f0ec5d";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/474244b3-df18-4af7-badf-d7b2531ae17c"; }
|
||||
];
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
networking.defaultGateway = "192.168.0.1";
|
||||
networking.nameservers = [ "192.168.0.1" ];
|
||||
networking.interfaces.enp2s0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.0.10";
|
||||
prefixLength = 22;
|
||||
}
|
||||
];
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
sops.defaultSopsFile = ./secrets/services.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
# Vaultwarden
|
||||
sops.secrets."services/vaultwarden/.env" = {
|
||||
mode = "0400";
|
||||
owner = config.users.users.vaultwarden.name;
|
||||
group = config.users.users.vaultwarden.group;
|
||||
sopsFile = ./secrets/vaultwarden.env;
|
||||
format = "dotenv";
|
||||
};
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
example_key: ENC[AES256_GCM,data:MB+njL6mhVGUYKlBww==,iv:wXY3sv0gW37H/Mv5s4caJIZe0NPzrSOu5+/zZV21OsU=,tag:G9EH5DpFHMq2Qx/grNrYNQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5QXk5U3JRZ1FtNzM0cEZJ
|
||||
b3RXdEpra2VJSWxvT3BwOWZuc1JkWkhBQWlVCmFQUHlybEZYNXYrNVpLT2xPc2pP
|
||||
UEtxdlJHdWhzK05CRzN1dFlqM01ValkKLS0tIDZVQWo0SXFyV1Nad2RGcGFtcDBt
|
||||
UHQyVjkvOGZXVXJDYWhQeFN0WFJhOHcKsmRy6Sn3IHPuXdv5j8l373HLBSgBy7M/
|
||||
Z/uIth3S50OGf6okvvHJxWuZ3xVXwZqUwfYpE5WtJuSXi4rBaJHISw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxamE0eTB3TXVGNDN1azZ3
|
||||
MmRHalA4TjErZE1Db2tNM1lhd2VHK0l0YlVNClFic2t2VXhKR0pBMGFIVHRFczEy
|
||||
cE9KZjlDSzZuYlJWTlVEL1ZXOUxRajAKLS0tIHhaekZvdE40YlVlS3A2Y0kxWHVR
|
||||
SkMwdFUrcmN4aUJ0cms5WlhBWnZKTncKt0JurciGm7hQI8VSalQaHvGzh9xF2Xrl
|
||||
afe94Ma/mmojj8cEqJQlarMMDtAAGsWjz7zwwam629uE9Yjsr/YRbw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-04-15T08:13:59Z"
|
||||
mac: ENC[AES256_GCM,data:ockH8FVoLTeGuCOKknJ3aSQIQEIFFtmJQ+RwmDgorWSYHCUDsriSGy8fVEoAE/6pzGMahjdC1rK2YtaeAFljsNTh1Ct5CpVBmwKZVOCZSM9eWz4d7JFjJolIc+kNSj/9k+NUZBZafUMa1ckIK/8CMM0AysZ/mBeYTsaP8WOfB5g=,iv:aFICxoznCi5Tg+YZrsBAiEWPw7Hw+Abv1wJpdB50PQY=,tag:2sWz7OvFI7pIRsoeHJKpxQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -1,11 +0,0 @@
|
|||
ADMIN_TOKEN=ENC[AES256_GCM,data:R1mhyfHnTvnWaeKL7UFUuaA8bmpoQciLXRgLZKTDH0Zvo/M76s/NSenBEtpfpUJMbHGp1hmXqkK6jR5WVemYhg==,iv:yCdNQbQx86CZU7GvShcL9YxOlzGr/bTfTp5DDMudTDs=,tag:yPXiqasJbj2NCc5vIc2zVw==,type:str]
|
||||
SMTP_PASSWORD=ENC[AES256_GCM,data:dhTGLgXtdn6olKATr/qTRA==,iv:uA3WytiA9o/3qohl/eaMD7gVbORo4YZg2gzT/qZZHbA=,tag:cmcSLz0/YS1/45ZrLSp08Q==,type:str]
|
||||
YUBICO_SECRET_KEY=ENC[AES256_GCM,data:mIfNhnuU3+KaOJ/MXSabOus5nAGdNmoHimWhba8s,iv:XDmIl7dqV8R7bykwtQz3EQIf1qJHh3wPbL9RAu6ZWEk=,tag:zIUbM5mBqJeQJ2npKPJ+fw==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_mac=ENC[AES256_GCM,data:3EjD4AKgXCOTIwCZrRkq+NYDrRSH7+8LsC4Eop6SNVyXUCP5zyhJwInFpSnrSeYPp81HSxZz0LZEotJH0P6e1/JVfxKz9bOuoGr2856fEh3qmzQW2Mu6UJSFa2rGjtqTuWC+fMvIUpNX5dF2d3nxEGkRbylQedQLWACKgYVmfEo=,iv:EBBRSR84VLpezX7WdFwHyvqu5fZn7bZ/t/2H37Mx44Q=,tag:Rbkcq2V8G0rDwQYiwm0JtQ==,type:str]
|
||||
sops_age__list_1__map_recipient=age1vnyex6qqzwl5laxgww9xzcqy9ht85s0etgq0esry8gk7ad0eaq8qz9p5ya
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdTRPUGxqcGowU0FjRE84\nNjhKdEJabFZEVXo3aTArQnNNRjhaMFZiKzNrCmpLbFoxTVlTUkYxOHVJdlFqa0JF\nQStIT29uSlY3SWtzZHFqbjZwTHZ1aEUKLS0tIHJlLzlCV0RJekVvOWRLV3JmZ2pv\nZ0VrUVg5NXVTWU5LRDk2M3dYWXM3bkEKA4KusPniM0pO6oJhHq1khrfcwdSvG+/A\n7rn6Ib23WSHUAquxCxOz9IXL2GDrajEFnv82lyYUgijgb7PEWC2pPQ==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_version=3.7.3
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UXYrVkxHSmx1V1E1aVlW\nTVMwamo2ZnJrbERDTkJoSS8yanVXZ2pEbEJnCjExM2U5T1U3SkVrNFhIaXg5VE9K\ncnNyUDdQM2IyQ2FpenV0VEhIR1NBaTQKLS0tIEsvOTNDa1BvUlk3UE01VGZydmVG\nZDZOelphR0Nsa3c4aXZ5NDJVWlVvQmsKPxUi8Vgxe+EsHSF/33OfoEdFIUscDTzR\nzjf8rkG5BU616tudvXUGLfdncCiG+hfz7ZvmEYlTEAdGzSYSW8tuhg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||
sops_lastmodified=2023-04-21T17:46:25Z
|
|
@ -1,7 +0,0 @@
|
|||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,23 +0,0 @@
|
|||
{
|
||||
services.uptime-kuma = {
|
||||
enable = true;
|
||||
settings = {
|
||||
UPTIME_KUMA_PORT = "8099";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."status.lewd.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8099";
|
||||
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;" +
|
||||
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
users.users.vaultwarden.extraGroups = [ config.users.groups.keys.name ];
|
||||
|
||||
services.vaultwarden = {
|
||||
enable = true;
|
||||
environmentFile = "/run/secrets/services/vaultwarden/.env";
|
||||
config = {
|
||||
DOMAIN = "https://vault.lewd.wtf";
|
||||
SIGNUPS_ALLOWED = false;
|
||||
SIGNUPS_VERIFY = true;
|
||||
INVITATIONS_ALLOWED = false;
|
||||
WEBSOCKET_ENABLED = true;
|
||||
WEBSOCKET_PORT = 3012;
|
||||
ROCKET_PORT = 8222;
|
||||
SMTP_HOST = "mail.your-server.de";
|
||||
SMTP_FROM = "vaultwarden@lewd.wtf";
|
||||
SMTP_FROM_NAME = "Vaultwarden";
|
||||
SMTP_USERNAME = "vaultwarden@lewd.wtf";
|
||||
YUBICO_CLIENT_ID = 88022;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.clientMaxBodySize = "128M";
|
||||
|
||||
services.nginx.virtualHosts."vault.lewd.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8222";
|
||||
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;" +
|
||||
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
;
|
||||
};
|
||||
locations."/notifications/hub/negotiate" = {
|
||||
proxyPass = "http://127.0.0.1:8222";
|
||||
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;" +
|
||||
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
;
|
||||
};
|
||||
locations."/notifications/hub" = {
|
||||
proxyPass = "http://127.0.0.1:3012";
|
||||
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;" +
|
||||
"proxy_set_header X-Real-IP $remote_addr;" +
|
||||
"proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" +
|
||||
"proxy_set_header X-Forwarded-Proto $scheme;"
|
||||
;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{ pkgs, ...}:
|
||||
{
|
||||
services.vikunja = {
|
||||
enable = true;
|
||||
setupNginx = true;
|
||||
frontendScheme = "https";
|
||||
frontendHostname = "todo.lewd.wtf";
|
||||
};
|
||||
services.nginx.virtualHosts."todo.lewd.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
{
|
||||
users.groups.markus = {};
|
||||
users.users.markus = {
|
||||
group = "markus";
|
||||
isNormalUser = true;
|
||||
home = "/home/markus";
|
||||
homeMode = "755";
|
||||
createHome = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERtfY26/h5xl+bzZm2htR4+Wd879DvZRPHsosFaEqIW gaming@DESKTOP-4ACM3JU"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2eur+tK9VTYqXTgYlJY1/oV1EzUhm4QZGEl4e3/kWr deck@steamdeck"
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue