darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge pull request #317 from DarkKirb/remove-nutty-noon

Browse source 
remove nutty-noon
This commit is contained in:
Charlotte 🦝 Delenk 2023-12-13 20:10:06 +01:00 committed by GitHub
commit b771fcd55e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 1 additions and 291 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -1,7 +1,6 @@
keys: keys:
- &lotte 46C6A7E14BC7812E86C2700737FE303AAC2D06CD - &lotte 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
- &nixos-8gb-fsn1-1 age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl - &nixos-8gb-fsn1-1 age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
- &nutty-noon age1c96dd2hj7qg7sl8wq277q7a4na36krd4dmu50jz5mvw4ls9grcps28zhdl
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr - &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
- &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc - &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
- &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc - &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc
@ -12,7 +11,6 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *nixos-8gb-fsn1-1 - *nixos-8gb-fsn1-1
- *nutty-noon
- *thinkrac - *thinkrac
- *nas - *nas
- *instance-20221213-1915 - *instance-20221213-1915
@ -26,12 +24,6 @@ creation_rules:
- *nixos-8gb-fsn1-1 - *nixos-8gb-fsn1-1
pgp: pgp:
- *lotte - *lotte
- path_regex: secrets/nutty-noon\.yaml$
key_groups:
- age:
- *nutty-noon
pgp:
- *lotte
- path_regex: secrets/thinkrac\.yaml$ - path_regex: secrets/thinkrac\.yaml$
key_groups: key_groups:
- age: - age:
@ -51,7 +43,6 @@ creation_rules:
- path_regex: secrets/desktop\.yaml$ - path_regex: secrets/desktop\.yaml$
key_groups: key_groups:
- age: - age:
- *nutty-noon
- *thinkrac - *thinkrac
- *rainbow-resort - *rainbow-resort
pgp: pgp:

147
config/nutty-noon.nix
View file

@ -1,147 +0,0 @@
{
config,
pkgs,
modulesPath,
lib,
nixos-hardware,
...
}: {
networking.hostName = "nutty-noon";
networking.hostId = "e77e1829";
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./systemd-boot.nix
./desktop.nix
./services/tpm2.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./services/postgres.nix
./users/remote-build.nix
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [
config.boot.kernelPackages.zenpower
];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux_xanmod_latest);
fileSystems."/" = {
device = "/dev/disk/by-partuuid/53773b73-fb8a-4de8-ac58-d9d8ff1be430";
fsType = "btrfs";
options = ["compress=zstd"];
};
fileSystems."/home/darkkirb/hdd" = {
device = "/dev/disk/by-partuuid/d4c6a94f-2ae9-e446-9613-2596c564078c";
fsType = "btrfs";
options = ["compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CA0B-E049";
fsType = "vfat";
};
services.btrfs.autoScrub = {
enable = true;
fileSystems = ["/" "/home/darkkirb/hdd"];
};
services.snapper.configs.main = {
SUBVOLUME = "/";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
services.snapper.configs.hdd = {
SUBVOLUME = "/home/darkkirb/hdd";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = "0";
};
services.beesd.filesystems.root = {
spec = "/";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
services.beesd.filesystems.hdd = {
spec = "/home/darkkirb/hdd";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
networking.interfaces.enp34s0.useDHCP = true;
system.stateVersion = "21.11";
services.xserver.videoDrivers = ["amdgpu"];
environment.etc."sysconfig/lm_sensors".text = ''
# Generated by sensors-detect on Tue Aug 7 10:54:09 2018
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
#
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
HWMON_MODULES="nct6775"
'';
nix.settings.cores = 16;
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
hardware.enableRedistributableFirmware = true;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
nix.settings.system-features = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
networking.firewall.allowedTCPPorts = [58913];
environment.etc."pipewire/pipewire.conf.d/hi-res.conf".text = ''
context.properties = {
default.clock.rate = 384000
default.clock.allowedRates = [
44100
48000
88200
96000
176400
192000
352800
384000
]
default.clock.quantum = 8192
}
'';
services.tailscale.useRoutingFeatures = "client";
home-manager.users.darkkirb._module.args.withNSFW = lib.mkForce true;
system.autoUpgrade.allowReboot = true;
networking.extraHosts = "192.168.2.1 speedport.ip";
}

7
config/programs/builders.nix
View file

@ -9,13 +9,6 @@
port = 22; port = 22;
user = "remote-build"; user = "remote-build";
}; };
"build-pc" = {
hostname = "nutty-noon.int.chir.rs";
identitiesOnly = true;
identityFile = "${config.home.homeDirectory}/.ssh/builder_id_ed25519";
port = 22;
user = "remote-build";
};
"build-rainbow-resort" = { "build-rainbow-resort" = {
hostname = "rainbow-resort.int.chir.rs"; hostname = "rainbow-resort.int.chir.rs";
identitiesOnly = true; identitiesOnly = true;

6
config/services/hydra.nix
View file

@ -23,12 +23,6 @@
User remote-build User remote-build
HostName nas.int.chir.rs HostName nas.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519 IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
Host build-pc
Port 22
IdentitiesOnly yes
User remote-build
HostName nutty-noon.int.chir.rs
IdentityFile /var/lib/hydra/queue-runner/.ssh/builder_id_ed25519
Host build-rainbow-resort Host build-rainbow-resort
Port 22 Port 22
IdentitiesOnly yes IdentitiesOnly yes

7
config/wireguard/public-server.nix
View file

@ -36,13 +36,6 @@
"fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128" "fd0d:a262:1fa6:e621:66b6:3f04:5583:db63/128"
]; ];
} }
# nutty-noon
{
publicKey = "YYQmSJwipRkZJUsPV5DxhfyRBMdj/O1XzN+cGYtUi1s=";
allowedIPs = [
"fd0d:a262:1fa6:e621:47e6:24d4:2acb:9437/128"
];
}
# thinkrac # thinkrac
{ {
publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY="; publicKey = "iKW9nomLyLY2f90UY66POzY8CfDhQrqOLqchERlR3TY=";

4
flake.nix
View file

@ -117,10 +117,6 @@ rec {
name = "nixos-8gb-fsn1-1"; # Hetzner Server name = "nixos-8gb-fsn1-1"; # Hetzner Server
system = "x86_64-linux"; system = "x86_64-linux";
} }
{
name = "nutty-noon"; # PC
system = "x86_64-linux";
}
{ {
name = "thinkrac"; # Thinkpad T470 name = "thinkrac"; # Thinkpad T470
system = "x86_64-linux"; system = "x86_64-linux";

45
secrets/nutty-noon.yaml
View file

@ -1,45 +0,0 @@
network:
wireguard:
privkey: ENC[AES256_GCM,data:pDv2BO558YMMkcsGKAvkOWlGOl86f/6ycSlq9p+qZFF/GKk//DpKwYmhxw4=,iv:1M2DUKdFijF/O5JdpZ1U4NGtcDwoRtCrHJO+Q4ZKI9I=,tag:e6bJKwLHLOIV/h/joibykw==,type:str]
security:
restic:
password: ENC[AES256_GCM,data:CMCcMqHumG0aXUOIJBQ1FLfacQ4=,iv:80GkHDErHTqlxX7Vlf5pXMFFyypJ3zUxSS9jOeBeVIQ=,tag:iNL1e4R4qYHtjg0Q4msTdQ==,type:str]
email:
lotte@chir.rs: ENC[AES256_GCM,data:c0RpF1VJtrCuryPtknymbD2+Cg==,iv:PIQvTCs+Zj81pNSilbQ0r2V26swdQLRngjj1i1Tpf54=,tag:mWuLCjE33tkkjkqELrdkPA==,type:str]
mdelenk@hs-mittweida.de: ENC[AES256_GCM,data:t6Vm1oLw7xWrK1SpSRIvY5X9LIjgcfMyeaplpMfl5Kn/pmOy6CMBCNeLL54PwDpfgiBEs298rom/FzPUk+ovLw==,iv:7Vgu3PrjVICKikXolokRj0Hxf/R4TtaGI17yjgFx8O0=,tag:FBGYedGRj8aJ/dISFufYLQ==,type:str]
password:
root: ENC[AES256_GCM,data:rRfnsxW5JggchwuoCJolDBL8TpgjpEhHTVg4BD8stajxVA6WjxSWTWPWZdxTqcLtoeRUsckJNCinUAyeX+CgcygRyj5TYi1ASlNp8qsNndgPNc0cJMnyyn5JxW5pV4njOPDjBwaXGWbNJQ==,iv:HueqX6JKq7HzaE7il6NCeEMWupuZrtBAP7qJBRn9xhU=,tag:W2vhru4i1xYNzSO/+wSrlQ==,type:str]
darkkirb: ENC[AES256_GCM,data:9hJ2WkSXJpbv6vqV31KIwc+2ADjAgT6ILhKOI/kLLMF9yJWJWlplqsd5jpmBtbrq63sJc2UZTcAg8I+GYY/DaV4BZFqbROxdpM+YuUsguz0JOZoBnL1XmOGWknmJpTUM7OoiNun2YaFBjw==,iv:fgOXGZlwDI/Im2NOXbYp37kbNxVqdXLS5PcwMQsKFVg=,tag:GzU5407Xy68RNUli5U7WTw==,type:str]
services:
woodpecker-runner: ENC[AES256_GCM,data:dTz5elQy8ZWbYU2NKX9R8bg0zKOv6ur+oj5tbyQ+vKN7xetxh8jc497LV17e9fr1BF93VAJJ5U/0ltoI0JSyI2WeJmSQBIMfre8kHbw70uOE5JpQ56Z1X1c=,iv:aU8WX+9/OAPQkDOnk5OUE/Xnjs6S3nUv/Dp0mTxq/8Q=,tag:6L0TohqOcBnayt5nh38oBA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1c96dd2hj7qg7sl8wq277q7a4na36krd4dmu50jz5mvw4ls9grcps28zhdl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVTIzRUdsZW5KeFJvT0M2
TWVVWXh6eHJkZWY1UkorVlhJN0pGdk5kbDI0Ck5aaCtFajJvRVJ5aXh0YXJaNnI2
NzBJUlZDMkJsenBYcldZMzhCQ015SW8KLS0tIDVqWktnUUx3NGhiWEo2dm5GUDA2
MkRDTWNjeGZzVU1iUVJUMEpScEpmeW8Ktodl2nvEm38jzkPAXs1QNMR0waPrRu8H
3hK0uVIRH3b73VlWEc0tdb/yjZFRjQm88jj/i40bV1zhRnvzx0aIfg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-01T11:21:23Z"
mac: ENC[AES256_GCM,data:7xYPjpNYF77axCmkotAFWBpHeQx3Bdj540ceox5C6BJ7wace/AdWph+hdv16iytzxMSOqhOcxrCs5syB0sCIMTJ2D9eYnXnCbMTC+XD7TzazuYzZIJ+ctrwwr2wTMnPlKyHXaaO+dhleGbBAJ8AqwdIjV/lno5d4IwDUrHDoygQ=,iv:ccdy1deZ5UQfqIclEzESaJQy+kGUGmsUbbye10SYh8k=,tag:xVCnKWIAeZHaYevV+No7uw==,type:str]
pgp:
- created_at: "2023-11-04T17:30:14Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4DAAAAAAAAAAASAQdAnHtQVBnUl7vKZgNKmSbRuHYVCSfZuNWgqbFLFgiapkMw
EA43ZrqRC4btiZjg6VlfnT9ynmiLqWzxOZ72jw/hHL02ZyvVAlKQpcRxbrcr3EH3
0l4BzWpZY7v4LqIFrjaF+VOymVVx/7OQ1aLrFGYItQkKahJoFczM7WDQzr8WZkPj
n7mFarWXh7ZeczP7bWPBJvUDIpKjIPqBTT/GqLxfb+ePb3YNIo44KlPbrfyN6GD9
=71D4
-----END PGP MESSAGE-----
fp: 46C6A7E14BC7812E86C2700737FE303AAC2D06CD
unencrypted_suffix: _unencrypted
version: 3.7.3

67
zones/int.chir.rs.nix
View file

@ -15,7 +15,7 @@ in {
SOA = { SOA = {
nameServer = "ns1.chir.rs."; nameServer = "ns1.chir.rs.";
adminEmail = "lotte@chir.rs"; adminEmail = "lotte@chir.rs";
serial = 28; serial = 29;
}; };
NS = [ NS = [
"ns1.chir.rs." "ns1.chir.rs."
@ -137,71 +137,6 @@ in {
} }
]; ];
}; };
nutty-noon = {
A = [
(ttl zoneTTL (a "100.105.131.79"))
];
AAAA = [
(ttl zoneTTL (aaaa "fd7a:115c:a1e0:ab12:4843:cd96:6269:834f"))
];
SSHFP = [
{
algorithm = "rsa";
mode = "sha1";
fingerprint = "02e148adb73781d6c60202de7f17a164d3a8e1a4";
ttl = zoneTTL;
}
{
algorithm = "rsa";
mode = "sha256";
fingerprint = "9d7f38a6c8bed75a9bacb253aa172dd4b4a1291ba77c1f07e5b9a0c38a353040";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha1";
fingerprint = "932070039e800bf2ae259b8dbf253342e7ee0da6";
ttl = zoneTTL;
}
{
algorithm = "ed25519";
mode = "sha256";
fingerprint = "78c585ece995f82bd0c23890c7fd59e0fa7d2c1741f303dc9e301b0161e9e2c3";
ttl = zoneTTL;
}
];
# TODO: add TLSA
HTTPS = [
{
svcPriority = 1;
targetName = ".";
alpn = ["http/1.1" "h2" "h3"];
ipv4hint = ["100.105.131.79"];
ipv6hint = ["fd7a:115c:a1e0:ab12:4843:cd96:6269:834f"];
ttl = zoneTTL;
}
];
CAA = [
{
issuerCritical = false;
tag = "issue";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "issuewild";
value = "letsencrypt.org";
ttl = zoneTTL;
}
{
issuerCritical = false;
tag = "iodef";
value = "mailto:lotte@chir.rs";
ttl = zoneTTL;
}
];
};
thinkrac = { thinkrac = {
A = [(ttl zoneTTL (a "100.95.136.81"))]; A = [(ttl zoneTTL (a "100.95.136.81"))];
AAAA = [ AAAA = [