tristan/nix
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

refactor: Remove unused NixOS systems

Browse source 
- deleted systems/nixos-he4/default.nix
- deleted systems/nixos-he4/disko.nix
- deleted systems/nixos-karl-kvm-guest/default.nix
This commit is contained in:
Tristan D. 2024-11-17 21:39:20 +01:00
parent 10686cb243
commit 73310e1017
Signed by: tristan
SSH key fingerprint: SHA256:9oFM1J63hYWJjCnLG6C0fxBS15rwNcWwdQNMOHYKJ/4
4 changed files with 0 additions and 680 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -238,8 +238,6 @@
nixosConfigurations = nixpkgs.lib.attrsets.mergeAttrsList (
nixpkgs.lib.lists.forEach [
"nixos-desk"
"nixos-he4"
"nixos-karl-kvm-guest"
"nixos-pulse"
"nixos-fw16"
"rescue-iso"

176
systems/nixos-he4/default.nix
View file

@ -1,176 +0,0 @@
{ config
, lib
, pkgs
, modulesPath
, system
, inputs
, ...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-cpu-amd-pstate
../../os-mods/cachix
../../os-mods/common
../../os-mods/netdata
../../os-mods/network
../../os-mods/virt
./disko.nix
];
config = {
system.stateVersion = "23.11";
environment.systemPackages = with pkgs; [
cryptsetup
];
users.groups.git = {
gid = 974;
};
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
];
git = {
uid = 974;
group = "git";
isSystemUser = true;
homeMode = "700";
createHome = true;
home = "/home/git";
shell = "/home/git/ssh-shell";
};
tristand = {
isNormalUser = true;
description = "tristand";
extraGroups = [ "docker" "networkmanager" "wheel" ];
hashedPassword = "$6$Wj.XY8JgH5EWuog4$HnbtPJXDEqKXFrzkPVEjih3PytcpBCrkfL7TAwkXd0IFced7kGMlZNliNsAqQ3XqfyUzAYiiKTIqoPVJEk.s..";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
];
};
taq = {
isNormalUser = true;
description = "taq";
extraGroups = [ "docker" "networkmanager" "wheel" ];
hashedPassword = "$6$rkCVbHd2sV36Y38p$e5WTTK58ha7RDDYnfjxAdbzYyNJ2miMD2tkE9.8BHCGyb5vjPNYslClrzYIhxOmujEOllmREXcIgGiUpiMv8Y.";
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
];
};
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.tristand = import ../../users/admin-shell.nix {
username = "tristand";
inherit pkgs config inputs system lib;
};
users.git = {
home = {
stateVersion = "23.11";
username = "git";
homeDirectory = "/home/git";
file."ssh-shell" = {
enable = true;
executable = true;
text = ''
#!/bin/sh
shift
ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
'';
};
};
};
};
nix.settings.system-features = [
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
# "gccarch-x86-64-v3"
# "gccarch-znver3"
];
boot = {
kernelPackages = pkgs.linuxPackages_latest;
extraModulePackages = [ ];
kernelParams = [
# "ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none"
"ip=dhcp"
];
supportedFilesystems = [ "bcachefs" ];
loader = {
systemd-boot = {
enable = true;
configurationLimit = 16;
};
efi.canTouchEfiVariables = true;
};
initrd = {
availableKernelModules = [ "ahci" "nvme" "xhci_pci" "sd_mod" ];
kernelModules = [ "igb" ];
systemd.enable = true;
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [
/etc/nixos/ext/ssh/ssh_host_ed25519_key
/etc/nixos/ext/ssh/ssh_host_rsa_key
];
authorizedKeys = with lib;
concatLists (mapAttrsToList
(name: user:
if elem "wheel" user.extraGroups
then user.openssh.authorizedKeys.keys
else [ ])
config.users.users);
};
# postCommands = ''
# echo 'cryptsetup-askpass' >> /root/.profile
# '';
};
};
};
networking = {
hostName = "nixos-he4";
useDHCP = lib.mkDefault true;
};
hardware = {
enableRedistributableFirmware = true;
};
services.netdata.config = {
web = {
"bind to" = "0.0.0.0";
"allow connections from" = "172.*";
};
};
zramSwap.enable = true;
};
}

375
systems/nixos-he4/disko.nix
View file

@ -1,375 +0,0 @@
###############################################################################
# WARNING
#
# This is only a tempalte used on system setup
# due to relatively early bachefs support in disko.nix
# everything was partitioned manually, this conf is here for reference
# but not used in the live system
#
###############################################################################
###############################################################################
# sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko systems/nixos-he4/disko.nix
#
# pci-0000:2c:00.0-nvme-1 -> ../../nmve1n1 -> crypted_ssd0
# pci-0000:2d:00.0-nvme-1 -> ../../nvme0n1 -> crypted_ssd1
# pci-0000:01:00.0-ata-1 -> ../../sda -> crypted_hdd_0
# pci-0000:01:00.0-ata-2 -> ../../sdb -> crypted_hdd_1
# pci-0000:01:00.0-ata-3 -> ../../sdc -> crypted_hdd_2
# pci-0000:01:00.0-ata-4 -> ../../sdd -> crypted_hdd_3
# pci-0000:02:00.1-ata-3 -> ../../sde -> crypted_hdd_4
# pci-0000:02:00.1-ata-4 -> ../../sdf -> crypted_hdd_5
# pci-0000:25:00.0-ata-1 -> ../../sdg -> crypted_hdd_6
# pci-0000:25:00.0-ata-2 -> ../../sdh -> crypted_hdd_7
# pci-0000:25:00.0-ata-3 -> ../../sdi -> crypted_hdd_8
# pci-0000:25:00.0-ata-4 -> ../../sdj -> crypted_hdd_9
#
# FORMAT:
# bcachefs format \
# --label=hdd.hdd0 /dev/mapper/crypted_hdd0 \
# --label=hdd.hdd1 /dev/mapper/crypted_hdd1 \
# --label=hdd.hdd2 /dev/mapper/crypted_hdd2 \
# --label=hdd.hdd3 /dev/mapper/crypted_hdd3 \
# --label=hdd.hdd4 /dev/mapper/crypted_hdd4 \
# --label=hdd.hdd5 /dev/mapper/crypted_hdd5 \
# --label=hdd.hdd6 /dev/mapper/crypted_hdd6 \
# --label=hdd.hdd7 /dev/mapper/crypted_hdd7 \
# --label=hdd.hdd8 /dev/mapper/crypted_hdd8 \
# --label=hdd.hdd9 /dev/mapper/crypted_hdd9 \
# --label=ssd.ssd0 /dev/mapper/crypted_ssd0 \
# --label=ssd.ssd1 /dev/mapper/crypted_ssd1 \
# --replicas=2 \
# --erasure_code \
# --background_compression=zstd \
# --foreground_target=ssd \
# --promote_target=ssd \
# --background_target=hdd
#
##############################
##############################
# MOUNT
#
# mount -t bcachefs \
# /dev/mapper/crypted_ssd0:\
# /dev/mapper/crypted_ssd1:\
# /dev/mapper/crypted_hdd0:\
# /dev/mapper/crypted_hdd1:\
# /dev/mapper/crypted_hdd2:\
# /dev/mapper/crypted_hdd3:\
# /dev/mapper/crypted_hdd4:\
# /dev/mapper/crypted_hdd5:\
# /dev/mapper/crypted_hdd6:\
# /dev/mapper/crypted_hdd7:\
# /dev/mapper/crypted_hdd8:\
# /dev/mapper/crypted_hdd9\
# /mnt
#
##############################
let
cryptOpenArgs = [
"--allow-discards"
"--perf-same_cpu_crypt"
"--perf-submit_from_crypt_cpus"
"--perf-no_read_workqueue"
"--perf-no_write_workqueue"
];
in
{
# The manual definitions are generated by nixos-generate-config
# the commented out stuff are partitions created by disko
# bcachefs is not handled well by disko so it is handled seperately
fileSystems."/" = {
device = "UUID=22d3e827-0ac1-4c66-ab88-bcd8b1cfd788";
fsType = "bcachefs";
};
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/2877-9E1D";
# fsType = "vfat";
# };
#swapDevices = [
# { device = "/dev/disk/by-uuid/82221e84-072a-4f68-a78b-59eb368f684f"; }
# { device = "/dev/disk/by-uuid/cc0792e2-c67c-44af-af28-6645f6e5dda2"; }
# ];
disko.devices = {
disk = {
crypt_ssd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2c:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "fake_EFI";
name = "fake_ESP";
size = "1024M";
type = "8300";
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
content = {
type = "swap";
};
};
};
};
};
};
crypt_ssd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:2d:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
label = "real_EFI";
name = "ESP";
size = "1024M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
end = "-96G";
content = {
type = "luks";
name = "crypted_ssd1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
luksSwap = {
end = "-32G";
content = {
type = "luks";
name = "crypted_swap1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key ";
additionalKeyFiles = [ ];
content = {
type = "swap";
resumeDevice = true;
};
};
};
};
};
};
crypt_hdd0 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd0";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd1";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd2 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd2";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd3 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd3";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd4 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd4";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd5 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:02:00.1-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd5";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd6 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-1";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd6";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd7 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-2";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd7";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd8 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-3";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd8";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
crypt_hdd9 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:25:00.0-ata-4";
content = {
type = "gpt";
partitions = {
luks = {
end = "-64G";
content = {
type = "luks";
name = "crypted_hdd9";
extraOpenArgs = cryptOpenArgs;
passwordFile = "/tmp/secret.key";
additionalKeyFiles = [ ];
};
};
};
};
};
};
};
}

127
systems/nixos-karl-kvm-guest/default.nix
View file

@ -1,127 +0,0 @@
{ config
, pkgs
, modulesPath
, lib
, inputs
, system
, ...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
../../os-mods/common
../../os-mods/cachix
../../os-mods/desktop
../../os-mods/desktop/audio.nix
../../os-mods/desktop/printing.nix
../../os-mods/netdata
../../os-mods/network
];
# Bootloader.
boot = {
loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
environment.systemPackages = with pkgs; [
netmaker
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c";
fsType = "ext4";
};
swapDevices = [ ];
zramSwap.enable = true;
networking.hostName = "nixos-karl-kvm-guest";
fileSystems."/etc/nixos" = {
device = lib.mkForce "/home/reopen5194/nix";
fsType = "none";
options = [ "bind" ];
};
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.login1.suspend" ||
action.id == "org.freedesktop.login1.suspend-multiple-sessions" ||
action.id == "org.freedesktop.login1.hibernate" ||
action.id == "org.freedesktop.login1.hibernate-multiple-sessions")
{
return polkit.Result.NO;
}
});
'';
services.qemuGuest.enable = true;
services.netdata.configDir = {
"stream.conf" = pkgs.writeText "stream.conf" ''
[8fcb63b3-8361-4339-a010-fc459c2132b0]
enabled = yes
default history = 36000
default memory mode = dbengine
health enabled by default = auto
allow from = 192.*
'';
};
# Define a user account. Don't forget to set a password with passwd.
users.users.reopen5194 = {
isNormalUser = true;
description = "reopen5194";
extraGroups = [ "docker" "networkmanager" "wheel" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4fBDj1/He/uimO97RgjGWZLAimTrLmIlYS2ekD73GC tristan@arch-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
];
};
home-manager = {
useUserPackages = true;
useGlobalPkgs = true;
users.reopen5194 = import ../../users/admin-thin.nix {
username = "reopen5194";
inherit pkgs config inputs system lib;
};
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# Virtualization
virtualisation.docker = {
enable = true;
package = pkgs.docker;
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
daemon.settings = {
# fixed-cidr-v6 = "fd00::/80";
# ipv6 = true;
dns = [ "9.9.9.9" "149.112.112.112" ];
};
};
# allow to bind to priv ports
# boot.kernel.sysctl = {
# "net.ipv4.ip_unprivileged_port_start" = 79;
# };
system.stateVersion = "23.05"; # Did you read the comment?
}