alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

hosts: remove poseidon

Browse source
This commit is contained in:
Antoine Martin 2023-12-13 12:08:18 +01:00
parent 4816c69eb1
commit d5239805a0
7 changed files with 2 additions and 198 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -105,15 +105,6 @@
]
++ (nixpkgs.lib.attrValues self.nixosModules);
in {
poseidon = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./poseidon.nix
]
++ sharedModules;
};
hades = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =

84
hosts/poseidon/default.nix
View file

@ -1,84 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = ["btrfs"];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "poseidon"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.ipv4.addresses = [
{
address = "163.172.11.110";
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "163.172.11.1";
interface = "eno1";
};
networking.nameservers = [
"62.210.16.6"
"62.210.16.7"
];
my.networking.externalInterface = "eno1";
my.services = {
restic-backup = {
enable = true;
repo = "b2:poseidon-backup";
passwordFile = config.age.secrets."restic-backup/poseidon-password".path;
environmentFile = config.age.secrets."restic-backup/poseidon-credentials".path;
};
fail2ban = {
enable = true;
};
tailscale = {
enable = true;
exitNode = true;
};
};
services = {
openssh.enable = true;
vnstat.enable = true;
};
# Takes a long while to build
documentation.nixos.enable = false;
}

45
hosts/poseidon/hardware-configuration.nix
View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: let
inherit
(lib)
mkDefault
;
in {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc";}
];
powerManagement.cpuFreqGovernor = mkDefault "ondemand";
}

5
hosts/poseidon/home.nix
View file

@ -1,5 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

27
hosts/poseidon/secrets.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"gandi/api-key" = {};
"lohr/shared-secret" = {};
"restic-backup/poseidon-credentials" = {};
"restic-backup/poseidon-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

7
modules/secrets/secrets.nix
View file

@ -5,13 +5,12 @@ let
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
poseidon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKYhZYMbWQG9TSQ2qze8GgFo2XrZzgu/GuSOGwenByJo root@poseidon";
machines = [boreal hades hephaestus poseidon];
machines = [boreal hades hephaestus];
all = users ++ machines;
in {
"gandi/api-key.age".publicKeys = [alarsyo hades poseidon];
"gandi/api-key.age".publicKeys = [alarsyo hades];
"lohr/shared-secret.age".publicKeys = [alarsyo hades];
@ -34,8 +33,6 @@ in {
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
"restic-backup/poseidon-password.age".publicKeys = [alarsyo poseidon];
"restic-backup/poseidon-credentials.age".publicKeys = [alarsyo poseidon];
"users/root-hashed-password.age".publicKeys = machines;
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];

23
poseidon.nix
View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/poseidon
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "20.09"; # Did you read the comment?
}