From 2ef56f1479e8b64fc656b29e89fbdec3969c8078 Mon Sep 17 00:00:00 2001 From: andromeda Date: Fri, 3 Apr 2026 21:26:04 +0200 Subject: [PATCH] tidy a bit --- deploy.sh | 9 -- flake.lock | 106 +++++++----------- flake.nix | 6 - machines.nix | 18 +-- modules/nixos/boot/109-199-104-83.nix | 9 -- modules/nixos/disko/remote.nix | 64 ----------- modules/nixos/machines/109-199-104-83.nix | 56 +++++---- modules/nixos/mailserver.nix | 11 -- modules/nixos/matrix-continuwuity.nix | 26 ----- modules/nixos/networking/hard-ssh.nix | 1 - .../networking/networks/109-199-104-83.nix | 45 -------- modules/nixos/openvpn-client.nix | 11 -- modules/nixos/roundcube.nix | 4 - users/andromeda/home.nix | 6 + 14 files changed, 84 insertions(+), 288 deletions(-) delete mode 100755 deploy.sh delete mode 100644 modules/nixos/boot/109-199-104-83.nix delete mode 100644 modules/nixos/disko/remote.nix delete mode 100644 modules/nixos/matrix-continuwuity.nix delete mode 100644 modules/nixos/networking/networks/109-199-104-83.nix delete mode 100644 modules/nixos/openvpn-client.nix diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 387c3ee..0000000 --- a/deploy.sh +++ /dev/null @@ -1,9 +0,0 @@ -# usage: -# $ ./deploy.sh -# example usage: -# $ ./deply.sh 109-199-104-83 109.199.104.83 -nix run github:nix-community/nixos-anywhere -- \ - --extra-files ~/.ssh/remote_secrets/$2 \ - --generate-hardware-config nixos-generate-config ./hardware-configuration.nix \ - --flake .#$1 \ - --target-host root@$2 diff --git a/flake.lock b/flake.lock index e6b8f99..c8431e8 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1762618334, - "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", "owner": "ryantm", "repo": "agenix", - "rev": "fcdea223397448d35d9b31f798479227e80183f6", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", "type": "github" }, "original": { @@ -129,27 +129,6 @@ "type": "github" } }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1768920986, - "narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=", - "owner": "nix-community", - "repo": "disko", - "rev": "de5708739256238fb912c62f03988815db89ec9a", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "latest", - "repo": "disko", - "type": "github" - } - }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -169,15 +148,15 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -227,11 +206,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -290,11 +269,11 @@ ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -372,11 +351,11 @@ ] }, "locked": { - "lastModified": 1769872935, - "narHash": "sha256-07HMIGQ/WJeAQJooA7Kkg1SDKxhAiV6eodvOwTX6WKI=", + "lastModified": 1774007980, + "narHash": "sha256-FOnZjElEI8pqqCvB6K/1JRHTE8o4rer8driivTpq2uo=", "owner": "nix-community", "repo": "home-manager", - "rev": "f4ad5068ee8e89e4a7c2e963e10dd35cd77b37b7", + "rev": "9670de2921812bc4e0452f6e3efd8c859696c183", "type": "github" }, "original": { @@ -427,11 +406,11 @@ }, "mnw": { "locked": { - "lastModified": 1768701608, - "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", + "lastModified": 1770419553, + "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", "owner": "Gerg-L", "repo": "mnw", - "rev": "20d63a8a1ae400557c770052a46a9840e768926b", + "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", "type": "github" }, "original": { @@ -465,11 +444,11 @@ "nix-zulip": { "flake": false, "locked": { - "lastModified": 1767099571, - "narHash": "sha256-NmwGCghLjFlJp7Hoi2fxlRPz3GaTxJVr8o2uBDQlr3Y=", + "lastModified": 1772926346, + "narHash": "sha256-fk8lfYmpXtBLzpJb9f97fYzKXcNflA5CYdYEJD1SDoY=", "ref": "refs/heads/main", - "rev": "1625c0ae0ef9db45c2817d60c0af7f06c74bc4eb", - "revCount": 74, + "rev": "995e67ff510f413bd0d21af2137159c283223985", + "revCount": 80, "type": "git", "url": "https://git.afnix.fr/nix-zulip/nix-zulip" }, @@ -488,11 +467,11 @@ ] }, "locked": { - "lastModified": 1766321686, - "narHash": "sha256-icOWbnD977HXhveirqA10zoqvErczVs3NKx8Bj+ikHY=", + "lastModified": 1774001769, + "narHash": "sha256-6y8yLrMecnFq21wFlUSxHF7OsabVCCj2p104HEUosvI=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "7d433bf89882f61621f95082e90a4ab91eb0bdd3", + "rev": "05968d7978faaa501836d6d2eb7f6cffb4140829", "type": "gitlab" }, "original": { @@ -519,11 +498,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -561,11 +540,11 @@ ] }, "locked": { - "lastModified": 1769892826, - "narHash": "sha256-mTC9+cA3wqe0dDqMR5ptRgZyjMeS2810acbceGgWTWA=", + "lastModified": 1774121134, + "narHash": "sha256-2rY/WUuZEtQ7St3AcFw6dri4oYyBJvr/dnZdpOPe1oM=", "owner": "nix-community", "repo": "NUR", - "rev": "66daaa88dd2252ed0f2b6786413a301b8419f89b", + "rev": "4fe0420f495cdcd730969de67f75f44d2a5bb71f", "type": "github" }, "original": { @@ -611,11 +590,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1769786801, - "narHash": "sha256-i5130O0JEAgZZ/d3mksGbXriNPZiXrvDOh9JWMQZh3w=", + "lastModified": 1774109759, + "narHash": "sha256-Ksvw+R+kwCr+liA4h+TtQaYSW/0Jl+NDMThU5TBsJIY=", "owner": "notashelf", "repo": "nvf", - "rev": "fde1338793aeb88810122030cf0badd3297936b0", + "rev": "4f1074084eb86e8d8a32e19e78f3cf2adba0213e", "type": "github" }, "original": { @@ -631,11 +610,11 @@ ] }, "locked": { - "lastModified": 1769718478, - "narHash": "sha256-4DAylwVllb0c/HPj6T9Y3qel8b77yhVL5LMo+vlstKo=", + "lastModified": 1774120611, + "narHash": "sha256-QZ09cfZnPiF62BgNqVTxEbFtnBjYaBVuhZNdos9ggnE=", "owner": "celenityy", "repo": "Phoenix", - "rev": "13ba31e67cb0589eb3f70a135a19bdb99d77862f", + "rev": "df5a6d30c792c0b17017510b35db93e94fb9e6a1", "type": "github" }, "original": { @@ -647,7 +626,6 @@ "root": { "inputs": { "agenix": "agenix", - "disko": "disko", "home-manager": "home-manager_2", "impermanence": "impermanence", "nix-zulip": "nix-zulip", @@ -681,11 +659,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769888473, - "narHash": "sha256-4KWbaJwaYnZ60bFyTudZYAKskjr7Sa17R3/yh+oXS7w=", + "lastModified": 1773792048, + "narHash": "sha256-Oy9PCLG3vtflFBWcJd8c/EB3h5RU7ABAIDWn6JrGf6o=", "owner": "nix-community", "repo": "stylix", - "rev": "ae5c0239ae4f82a8c7e33ad8a456535d5a9ba813", + "rev": "3f2f9d307fe58c6abe2a16eb9b62c42d53ef5ee1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ac3c041..dcf6c0a 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,6 @@ url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { - url = "github:nix-community/disko/latest"; - inputs.nixpkgs.follows = "nixpkgs"; - }; home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -45,7 +41,6 @@ }; outputs = { agenix, - disko, home-manager, impermanence, nixos-mailserver, @@ -71,7 +66,6 @@ ./secrets.nix ./modules/nixos/common.nix agenix.nixosModules.default - disko.nixosModules.disko impermanence.nixosModules.impermanence nixos-mailserver.nixosModule noshell.nixosModules.default diff --git a/machines.nix b/machines.nix index ca73b07..b9bf1b6 100644 --- a/machines.nix +++ b/machines.nix @@ -42,28 +42,16 @@ system = "x86_64-linux"; users = []; modules = [ - # impermanence - ./modules/nixos/impermanence.nix - ./modules/nixos/impermanence-ssh.nix - # hardware configuration - # verbatim as `nixos-generate-config` AND `system.stateVersion` + # from gitlab:whitequark/nixos-bite ./modules/nixos/machines/109-199-104-83.nix - ./modules/nixos/disko/remote.nix - - # boot process - # grub boot on /dev/sda - ./modules/nixos/boot/109-199-104-83.nix # networking ./modules/nixos/networking/domains/galaxious.de.nix - # uses cloud-init to network - ./modules/nixos/networking/networks/109-199-104-83.nix # ssh through port 5522 among other things # andromeda@lenovo is the only user allowed access ./modules/nixos/networking/hard-ssh.nix - ./modules/nixos/networking/ssh-as-root.nix ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];}) # simple-nixos-mailserver email server @@ -74,10 +62,6 @@ # webmail.domain ./modules/nixos/roundcube.nix - # matrix homeserver - # matrix.domain - ./modules/nixos/matrix-continuwuity.nix - # BROKEN # forgejo # git.domain diff --git a/modules/nixos/boot/109-199-104-83.nix b/modules/nixos/boot/109-199-104-83.nix deleted file mode 100644 index 4854826..0000000 --- a/modules/nixos/boot/109-199-104-83.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - boot.loader.grub = { - efiSupport = true; - efiInstallAsRemovable = true; - }; - age.identityPaths = [ - "/persist/etc/ssh/ssh_host_ed25519_key" - ]; -} diff --git a/modules/nixos/disko/remote.nix b/modules/nixos/disko/remote.nix deleted file mode 100644 index 0b2e726..0000000 --- a/modules/nixos/disko/remote.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ - disko.devices = { - disk = { - disk1 = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - # legacy boot - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - - # efi boot - esp = { - name = "ESP"; - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - - # btrfs - # root is on nodev - root = { - size = "100%"; - content = { - extraArgs = ["-f"]; # internet told me to, works - type = "btrfs"; - subvolumes = { - # nix store - "/nix" = { - mountpoint = "/nix"; - }; - - # persistant directory - "/persist" = { - mountpoint = "/persist"; - }; - }; - }; - }; - }; - }; - }; - }; - nodev = { - # root - "/" = { - fsType = "tmpfs"; - mountOptions = [ - "defaults" - "mode=755" # stops security complaints - ]; - }; - }; - }; -} diff --git a/modules/nixos/machines/109-199-104-83.nix b/modules/nixos/machines/109-199-104-83.nix index 998001c..e870690 100644 --- a/modules/nixos/machines/109-199-104-83.nix +++ b/modules/nixos/machines/109-199-104-83.nix @@ -1,25 +1,39 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; +{modulesPath, ...}: { + system.stateVersion = "25.11"; + nix.settings.experimental-features = "flakes nix-command"; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; + # Hardware + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; + boot.loader.grub.device = "/dev/sda"; + boot.loader.timeout = 30; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; + boot.initrd.kernelModules = ["nvme"]; + boot.tmp.cleanOnBoot = true; - swapDevices = []; + zramSwap.enable = true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - - system.stateVersion = "26.05"; + # Networking + networking = { + useNetworkd = true; + usePredictableInterfaceNames = true; + }; + systemd.network = { + enable = true; + networks."40-wan" = { + matchConfig.Name = "enx0050565f4fff"; + address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"]; + routes = [ + { + Gateway = "109.199.96.1"; + GatewayOnLink = true; + } + {Gateway = "fe80::1";} + ]; + dns = ["2020:fe::10" "9.9.9.10"]; + }; + }; } diff --git a/modules/nixos/mailserver.nix b/modules/nixos/mailserver.nix index 500fea3..eb4d45d 100644 --- a/modules/nixos/mailserver.nix +++ b/modules/nixos/mailserver.nix @@ -51,15 +51,4 @@ acceptTerms = true; defaults.email = "mtgmonket@gmail.com"; }; - - # persist directories per the backup guidelines - environment.persistence."/persist" = { - directories = [ - # not needed bc the dkim dir is declared - # "/var/dkim" - "/var/vmail" - "/var/lib/redis-rspamd" - "/var/lib/acme" - ]; - }; } diff --git a/modules/nixos/matrix-continuwuity.nix b/modules/nixos/matrix-continuwuity.nix deleted file mode 100644 index 2b9a785..0000000 --- a/modules/nixos/matrix-continuwuity.nix +++ /dev/null @@ -1,26 +0,0 @@ -{config, ...}: { - services = { - matrix-continuwuity = { - enable = true; - settings = { - global = { - server_name = "${config.networking.domain}"; - address = ["127.0.0.1"]; - port = [6167]; - well_known = { - server = "matrix.${config.networking.domain}"; - client = "https://matrix.${config.networking.domain}"; - }; - }; - }; - }; - - nginx = { - upstreams.matrix.servers."127.0.0.1:6167" = {}; - virtualHosts = { - "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix"; - "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix"; - }; - }; - }; -} diff --git a/modules/nixos/networking/hard-ssh.nix b/modules/nixos/networking/hard-ssh.nix index 849af9b..11a9ea0 100644 --- a/modules/nixos/networking/hard-ssh.nix +++ b/modules/nixos/networking/hard-ssh.nix @@ -4,7 +4,6 @@ allowSFTP = false; ports = [5522]; settings = { - PermitRootLogin = "no"; PasswordAuthentication = false; KbdInteractiveAuthentication = true; }; diff --git a/modules/nixos/networking/networks/109-199-104-83.nix b/modules/nixos/networking/networks/109-199-104-83.nix deleted file mode 100644 index 9064e2f..0000000 --- a/modules/nixos/networking/networks/109-199-104-83.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - networking = { - useNetworkd = true; - hostName = "109-199-104-83"; - firewall = { - enable = true; - allowedTCPPorts = [80 443]; - allowedUDPPorts = [80 443]; - }; - }; - - # the following is from nixos-bite - - # netif=$(ip -6 route show default | sed -r 's|.*default.+?dev ([a-z0-9]+).*|\1|' | head -n1) - # netifx=enx$(ip link show dev "$netif" | grep link/ether | sed -r 's|.*link/ether ([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}).*|\1\2\3\4\5\6|') - # netip6=$(ip -6 address show dev "$netif" scope global | sed -z -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|"\1/\2"|') - # netgw6=$(ip -6 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9a-f:]+).*|"\1"|' | head -n1) - # netip4=$(ip -4 address show dev "$netif" scope global | sed -z -r 's|.*inet ([0-9.]+)/([0-9]+).*|"\1/\2"|') - # netgw4=$(ip -4 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9.]+).*|"\1"|' | head -n1) - - # route="" - # [[ -n "${netgw4}" ]] && route="$route { Gateway = $netgw4; GatewayOnLink = true; }" - # [[ -n "${netgw6}" ]] && route="$route { Gateway = $netgw6; }" - - # dns='"2620:fe::fe" "9.9.9.9"' - - # systemd.network = { - # enable = true; - # networks."40-wan" = { - # matchConfig.name = "enx0050565f4fff"; - # address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"]; - # routes = [ - # { - # Gateway = ["109.199.96.1" "fe80::1"]; - # GatewayOnLink = true; - # } - # ]; - # dns = ["9.9.9.9" "2620:fe::fe"]; - # }; - # }; - services.cloud-init = { - enable = true; - network.enable = true; - }; -} diff --git a/modules/nixos/openvpn-client.nix b/modules/nixos/openvpn-client.nix deleted file mode 100644 index c68130f..0000000 --- a/modules/nixos/openvpn-client.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - services.openvpn.servers = { - "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';}; - }; - environment.persistence."/persist".directories = ["/etc/openvpn-confs"]; - - # turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD - # networking.enableIPv6 = lib.mkForce false; - # workaround; NetworkManager reenables ipv6 without the following - # boot.kernelParams = ["ipv6.disable=1"]; -} diff --git a/modules/nixos/roundcube.nix b/modules/nixos/roundcube.nix index f076ece..0749af5 100644 --- a/modules/nixos/roundcube.nix +++ b/modules/nixos/roundcube.nix @@ -9,8 +9,4 @@ $config['smtp_pass'] = "%p"; ''; }; - environment.persistence."/persist".directories = [ - "/var/lib/roundcube" - "/var/lib/postgresql" - ]; } diff --git a/users/andromeda/home.nix b/users/andromeda/home.nix index 0a8fe8f..c568659 100644 --- a/users/andromeda/home.nix +++ b/users/andromeda/home.nix @@ -205,6 +205,12 @@ in { enable = true; lsp.enable = true; }; + rust = { + enable = true; + format.enable = true; + lsp.enable = true; + treesitter.enable = true; + }; }; lineNumberMode = "relative"; options = {