From 36ff0da78910700abfe41dfb0ea32143d667877d Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Fri, 7 Jun 2024 15:51:01 +0200 Subject: [PATCH] hephaestus: phase out host --- .github/workflows/cachix.yaml | 1 - flake.nix | 14 - hephaestus.nix | 23 -- hosts/hephaestus/default.nix | 246 ------------------ hosts/hephaestus/hardware-configuration.nix | 45 ---- hosts/hephaestus/home.nix | 47 ---- hosts/hephaestus/secrets.nix | 23 -- .../restic-backup/hephaestus-credentials.age | 9 - .../restic-backup/hephaestus-password.age | 9 - modules/secrets/secrets.nix | 5 +- 10 files changed, 1 insertion(+), 421 deletions(-) delete mode 100644 hephaestus.nix delete mode 100644 hosts/hephaestus/default.nix delete mode 100644 hosts/hephaestus/hardware-configuration.nix delete mode 100644 hosts/hephaestus/home.nix delete mode 100644 hosts/hephaestus/secrets.nix delete mode 100644 modules/secrets/restic-backup/hephaestus-credentials.age delete mode 100644 modules/secrets/restic-backup/hephaestus-password.age diff --git a/.github/workflows/cachix.yaml b/.github/workflows/cachix.yaml index c3ebe42..ee0f60a 100644 --- a/.github/workflows/cachix.yaml +++ b/.github/workflows/cachix.yaml @@ -78,7 +78,6 @@ jobs: name: - boreal - hades - - hephaestus - talos - thanatos diff --git a/flake.nix b/flake.nix index c14627c..4493122 100644 --- a/flake.nix +++ b/flake.nix @@ -133,20 +133,6 @@ ++ sharedModules; }; - hephaestus = nixpkgs.lib.nixosSystem rec { - inherit system; - modules = - [ - ./hephaestus.nix - - inputs.nixos-hardware.nixosModules.common-cpu-amd - inputs.nixos-hardware.nixosModules.common-gpu-amd - inputs.nixos-hardware.nixosModules.common-pc-laptop - inputs.nixos-hardware.nixosModules.common-pc-ssd - ] - ++ sharedModules; - }; - talos = nixpkgs.lib.nixosSystem { inherit system; modules = diff --git a/hephaestus.nix b/hephaestus.nix deleted file mode 100644 index 1bb452a..0000000 --- a/hephaestus.nix +++ /dev/null @@ -1,23 +0,0 @@ -{...}: { - imports = [ - # Default configuration - ./base - - # Module definitions - ./modules - - # Service definitions - ./services - - # Host-specific config - ./hosts/hephaestus - ]; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "23.05"; # Did you read the comment? -} diff --git a/hosts/hephaestus/default.nix b/hosts/hephaestus/default.nix deleted file mode 100644 index 4efc538..0000000 --- a/hosts/hephaestus/default.nix +++ /dev/null @@ -1,246 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ - config, - lib, - pkgs, - ... -}: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./home.nix - ./secrets.nix - ]; - - hardware.amdgpu.opencl = false; - - boot.kernelPackages = pkgs.linuxPackages_6_6; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # boot.initrd.systemd.enable = true; - # boot.plymouth.enable = true; - # boot.kernelParams = ["quiet"]; - - boot.initrd.secrets = { - "/crypto_keyfile.bin" = null; - }; - - boot.tmp.useTmpfs = true; - - services.btrfs = { - autoScrub = { - enable = true; - fileSystems = ["/"]; - }; - }; - - networking.hostName = "hephaestus"; # Define your hostname. - networking.domain = "alarsyo.net"; - - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # List services that you want to enable: - my.services = { - tailscale = { - enable = true; - useRoutingFeatures = "client"; - }; - - pipewire.enable = true; - - restic-backup = { - enable = true; - repo = "b2:hephaestus-backup"; - passwordFile = config.age.secrets."restic-backup/hephaestus-password".path; - environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path; - - timerConfig = { - OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day - }; - - paths = [ - "/home/alarsyo" - ]; - exclude = [ - "/home/alarsyo/Downloads" - - # Rust builds using half my storage capacity - "/home/alarsyo/**/target" - "/home/alarsyo/work/rust/build" - - # don't backup nixpkgs - "/home/alarsyo/work/nixpkgs" - - "/home/alarsyo/go" - - # C build crap - "*.a" - "*.o" - "*.so" - - ".direnv" - - # test vms - "*.qcow2" - - # secrets stay offline - "/home/alarsyo/**/secrets" - - # ignore all dotfiles as .config and .cache can become quite big - "/home/alarsyo/.*" - ]; - }; - }; - - virtualisation.docker.enable = true; - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - - services = { - tlp = { - enable = true; - settings = { - START_CHARGE_THRESH_BAT0 = 70; - STOP_CHARGE_THRESH_BAT0 = 80; - }; - }; - fwupd.enable = true; - openssh.enable = true; - }; - - my.gui.enable = true; - my.displayManager.sddm.enable = lib.mkForce false; - - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - settings.General.Experimental = true; - }; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "fr_FR.UTF-8"; - LC_IDENTIFICATION = "fr_FR.UTF-8"; - LC_MEASUREMENT = "fr_FR.UTF-8"; - LC_MONETARY = "fr_FR.UTF-8"; - LC_NAME = "fr_FR.UTF-8"; - LC_PAPER = "fr_FR.UTF-8"; - LC_TELEPHONE = "fr_FR.UTF-8"; - }; - - # Enable the X11 windowing system. - services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; - services.power-profiles-daemon.enable = false; - - services.autorandr = { - enable = true; - profiles = { - default = { - fingerprint = { - "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; - }; - config = { - "eDP-1" = { - enable = true; - crtc = 0; - primary = true; - position = "0x0"; - mode = "1920x1080"; - }; - }; - }; - dock = { - fingerprint = { - "eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018"; - "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; - "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; - }; - config = { - "eDP-1" = { - enable = true; - primary = false; - position = "3000x840"; - mode = "1920x1080"; - }; - "DP-4" = { - enable = true; - primary = true; - position = "0x420"; - mode = "1920x1080"; - }; - "DP-5" = { - enable = true; - primary = false; - position = "1920x0"; - mode = "1920x1080"; - rotate = "left"; - }; - }; - }; - dock-lid-closed = { - fingerprint = { - "DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1"; - "DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035"; - }; - config = { - "DP-4" = { - enable = true; - primary = true; - position = "0x420"; - mode = "1920x1080"; - }; - "DP-5" = { - enable = true; - primary = false; - position = "1920x0"; - mode = "1920x1080"; - rotate = "left"; - }; - }; - }; - }; - }; - - systemd.services.autorandr-lid-listener = { - wantedBy = ["multi-user.target"]; - description = "Listening for lid events to invoke autorandr"; - - serviceConfig = { - Type = "simple"; - ExecStart = let - stdbufExe = lib.getExe' pkgs.coreutils "stdbuf"; - libinputExe = lib.getExe' pkgs.libinput "libinput"; - grepExe = lib.getExe pkgs.gnugrep; - autorandrExe = lib.getExe pkgs.autorandr; - in - pkgs.writeShellScript "lid-listener.sh" '' - ${stdbufExe} -oL ${libinputExe} debug-events | - ${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' | - while read line; do - ${pkgs.systemd}/bin/systemctl start --no-block autorandr.service - done - ''; - Restart = "always"; - RestartSec = "30"; - }; - }; - - # Configure console keymap - console.keyMap = "us"; - - programs.light.enable = true; -} diff --git a/hosts/hephaestus/hardware-configuration.nix b/hosts/hephaestus/hardware-configuration.nix deleted file mode 100644 index 7a033a7..0000000 --- a/hosts/hephaestus/hardware-configuration.nix +++ /dev/null @@ -1,45 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b"; - fsType = "btrfs"; - options = ["subvol=@"]; - }; - - boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/826A-23F7"; - fsType = "vfat"; - }; - - swapDevices = []; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/hephaestus/home.nix b/hosts/hephaestus/home.nix deleted file mode 100644 index 2c9bd36..0000000 --- a/hosts/hephaestus/home.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - pkgs, - ... -}: { - home-manager.users.alarsyo = { - home.stateVersion = "23.05"; - my.home.laptop.enable = true; - - # Keyboard settings & i3 settings - my.home.x.enable = true; - my.home.x.i3.enable = true; - my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; - my.home.x.i3bar.temperature.inputs = ["Tctl"]; - my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"]; - my.home.emacs.enable = true; - - my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; - - # TODO: place in global home conf - services.dunst.enable = true; - - home.packages = builtins.attrValues { - inherit - (pkgs) - # some websites only work there :( - - chromium - darktable - # dev - - rustup - gdb - valgrind - zotero - ; - - inherit - (pkgs.packages) - ansel - spot - ; - - inherit (pkgs.wineWowPackages) stable; - }; - }; -} diff --git a/hosts/hephaestus/secrets.nix b/hosts/hephaestus/secrets.nix deleted file mode 100644 index dc35e6d..0000000 --- a/hosts/hephaestus/secrets.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - options, - ... -}: { - config.age = { - secrets = let - toSecret = name: {...} @ attrs: - { - file = ./../../modules/secrets + "/${name}.age"; - } - // attrs; - in - lib.mapAttrs toSecret { - "restic-backup/hephaestus-credentials" = {}; - "restic-backup/hephaestus-password" = {}; - - "users/alarsyo-hashed-password" = {}; - "users/root-hashed-password" = {}; - }; - }; -} diff --git a/modules/secrets/restic-backup/hephaestus-credentials.age b/modules/secrets/restic-backup/hephaestus-credentials.age deleted file mode 100644 index 77a80ed..0000000 --- a/modules/secrets/restic-backup/hephaestus-credentials.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk -xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E --> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels -Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw --> j-c8-grease -WeQ ---- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs -85|Qx_5': A?ڡ ؊oAx)rd!(Ѩ5~\Ld"^ZZ^V/5˕ݦa诲ḷo]O/Eue \ No newline at end of file diff --git a/modules/secrets/restic-backup/hephaestus-password.age b/modules/secrets/restic-backup/hephaestus-password.age deleted file mode 100644 index 3ed4290..0000000 --- a/modules/secrets/restic-backup/hephaestus-password.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c -Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro --> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M -SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs --> !!6BS-grease GsH7hĩے2cH^X_zv'!Zkš_0}Yoje<.^[q4pP \ No newline at end of file diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index f9c389c..34dc294 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -4,11 +4,10 @@ let boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; - hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus"; talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; - machines = [boreal hades hephaestus talos thanatos]; + machines = [boreal hades talos thanatos]; all = users ++ machines; in { @@ -33,8 +32,6 @@ in { "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; - "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; - "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/talos-password.age".publicKeys = [alarsyo talos]; "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos];