start to refactor nixos modules

10 files changed, 0 insertions, 178 deletions

diff --git a/profiles/core/base-server.nix b/profiles/core/base-server.nix
deleted file mode 100644
index 2a13f96..0000000
--- a/profiles/core/base-server.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ ... }:
-{
-  imports = [
-    ./boot.nix
-    ./cgroups.nix
-    ./docs.nix
-    ./locale.nix
-    ./motd.nix
-    ./security.nix
-    ./ssh.nix
-    ./tools.nix
-    ./users.nix
-  ];
-}
diff --git a/profiles/core/boot.nix b/profiles/core/boot.nix
deleted file mode 100644
index 8aacfbf..0000000
--- a/profiles/core/boot.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ pkgs, ... }:
-{
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  boot.kernel.sysctl = {
-    "net.ipv4.tcp_congestion_control" = "bbr";
-    "net.ipv4.tcp_ecn" = 1;
-    "net.ipv4.tcp_fastopen" = 3;
-    "net.ipv4.tcp_tw_reuse" = 1;
-  };
-}
diff --git a/profiles/core/cgroups.nix b/profiles/core/cgroups.nix
deleted file mode 100644
index 07dc964..0000000
--- a/profiles/core/cgroups.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-# Stolen from https://git.lix.systems/the-distro/infra/src/branch/main/common/cgroups.nix
-# Relatively inspired by fbtax2:
-# https://facebookmicrosites.github.io/cgroup2/docs/fbtax-results.html
-{ ... }:
-let
-  systemCriticalSliceConfig = {
-    ManagedOOMMemoryPressure = "kill";
-
-    # guarantee availability of memory
-    MemoryMin = "192M";
-    # default 100
-    IOWeight = 1000;
-    # default 100
-    CPUWeight = 1000;
-  };
-in
-{
-  systemd.oomd = {
-    enable = true;
-    enableRootSlice = true;
-    enableSystemSlice = true;
-    enableUserSlices = true;
-  };
-
-  systemd.services.nix-daemon = {
-    serviceConfig = {
-      CPUWeight = 10;
-      IOWeight = 10;
-    };
-  };
-
-  systemd.slices.hostcritical = {
-    description = "Ensures that services to keep the system alive remain alive";
-
-    unitConfig = {
-      # required to avoid a dependency cycle on systemd-oomd. systemd will
-      # actually guess this right but we should fix it anyway.
-      DefaultDependencies = false;
-    };
-
-    sliceConfig = systemCriticalSliceConfig;
-  };
-
-  # make root logins higher priority for resources
-  systemd.slices."user-0" = {
-    sliceConfig = systemCriticalSliceConfig;
-  };
-
-  systemd.slices.system = {
-    sliceConfig = {
-      ManagedOOMMemoryPressure = "kill";
-      ManagedOOMMemoryPressureLimit = "50%";
-
-      IOWeight = 100;
-    };
-  };
-
-  systemd.services.sshd = {
-    serviceConfig = {
-      Slice = "hostcritical.slice";
-    };
-  };
-
-  systemd.services.systemd-oomd = {
-    serviceConfig = {
-      Slice = "hostcritical.slice";
-    };
-  };
-
-  systemd.services.systemd-journald = {
-    serviceConfig = {
-      Slice = "hostcritical.slice";
-    };
-  };
-}
diff --git a/profiles/core/docs.nix b/profiles/core/docs.nix
deleted file mode 100644
index dcf38e6..0000000
--- a/profiles/core/docs.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ lib, ... }:
-{
-  ## disable that slow "building man-cache" step
-  documentation.man.generateCaches = lib.mkForce false;
-}
diff --git a/profiles/core/locale.nix b/profiles/core/locale.nix
deleted file mode 100644
index 73eece0..0000000
--- a/profiles/core/locale.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ ... }:
-{
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-    supportedLocales = [
-      "en_US.UTF-8/UTF-8"
-    ];
-  };
-
-  time.timeZone = "America/Los_Angeles";
-}
diff --git a/profiles/core/motd.nix b/profiles/core/motd.nix
deleted file mode 100644
index 01575e1..0000000
--- a/profiles/core/motd.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ self, config, ... }:
-{
-  users.motdFile = "/etc/motd";
-  environment.etc.motd.text = ''
-    Machine  ${config.networking.hostName}
-     NixOS   ${config.system.nixos.release}
-       @     ${self.shortRev or self.dirtyShortRev}
-  '';
-}
diff --git a/profiles/core/security.nix b/profiles/core/security.nix
deleted file mode 100644
index 146012f..0000000
--- a/profiles/core/security.nix
+++ /dev/null
@@ -1,4 +0,0 @@
-{ ... }:
-{
-  security.sudo.wheelNeedsPassword = false;
-}
diff --git a/profiles/core/ssh.nix b/profiles/core/ssh.nix
deleted file mode 100644
index b4c8772..0000000
--- a/profiles/core/ssh.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ lib, ... }:
-{
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  services.openssh = {
-    enable = lib.mkDefault true;
-    settings = {
-      PasswordAuthentication = lib.mkForce false;
-      KbdInteractiveAuthentication = lib.mkForce false;
-
-      PermitRootLogin = lib.mkForce "prohibit-password";
-    };
-    openFirewall = lib.mkDefault true;
-    hostKeys = [
-      {
-        path = "/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-    ];
-  };
-}
diff --git a/profiles/core/tools.nix b/profiles/core/tools.nix
deleted file mode 100644
index 74f90cc..0000000
--- a/profiles/core/tools.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ pkgs, ... }:
-{
-  environment.systemPackages = with pkgs; [
-    curl
-    dysk
-    fd
-    fish
-    git
-    htop
-    jq
-    mtr
-    pciutils
-    powertop
-    ripgrep
-    tcpdump
-    traceroute
-    vim
-    wireguard-tools
-  ];
-}
diff --git a/profiles/core/users.nix b/profiles/core/users.nix
deleted file mode 100644
index da2c8ff..0000000
--- a/profiles/core/users.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }:
-{
-  users.mutableUsers = false;
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-  ];
-}