11 files changed, 109 insertions, 235 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
index 5c30175..c444fef 100644
--- a/machines/nixos/x86_64-linux/do-rproxy/profiles/nginx.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy.nix
@@ -1,11 +1,65 @@
 {
   inputs,
-  config,
-  pkgs,
   lib,
+  pkgs,
+  config,
+  modulesPath,
   ...
 }:
 {
+  age = {
+    secrets = {
+      cloudflare-nginx = {
+        file = ../../../secrets/cloudflare-nginx.age;
+      };
+      wireguard = {
+        file = ../../../secrets/do/wireguard.age;
+      };
+    };
+  };
+
+  imports = [
+    (modulesPath + "/virtualisation/digital-ocean-config.nix")
+    ../../../profiles/disk/basic-vm.nix
+    ../../../profiles/defaults.nix
+    ../../../profiles/server.nix
+    ../../../profiles/cgroups.nix
+  ];
+
+  disko.devices.disk.disk1.device = "/dev/vda";
+
+  networking.hostName = "do-rproxy";
+
+  networking.wireguard = {
+    enable = true;
+    interfaces.wg0 = {
+      ips = [ "10.100.0.50/32" ];
+      listenPort = 51871;
+      privateKeyFile = config.age.secrets.wireguard.path;
+      peers = [
+        {
+          # vm-synology
+          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
+          allowedIPs = [ "10.100.0.40/32" ];
+          persistentKeepalive = 25;
+        }
+        {
+          # rivendell
+          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+          allowedIPs = [ "10.100.0.60/32" ];
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+
+  networking.firewall.trustedInterfaces = [ "wg0" ];
+  networking.firewall.allowedUDPPorts = [ 51871 ];
+
+  my.modules.hardware.do-droplet.enable = true;
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+
   networking.firewall.allowedTCPPorts = [
     80
     443
diff --git a/machines/nixos/x86_64-linux/do-rproxy/default.nix b/machines/nixos/x86_64-linux/do-rproxy/default.nix
deleted file mode 100644
index fd21220..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, modulesPath, ... }:
-{
-
-  imports = [
-    (modulesPath + "/virtualisation/digital-ocean-config.nix")
-    ./disks.nix
-    ./secrets.nix
-    ./profiles/nginx.nix
-    ../../../../profiles/defaults.nix
-    ../../../../profiles/server.nix
-    ../../../../profiles/cgroups.nix
-  ];
-
-  networking.hostName = "do-rproxy";
-
-  networking.wireguard = {
-    enable = true;
-    interfaces.wg0 = {
-      ips = [ "10.100.0.50/32" ];
-      listenPort = 51871;
-      privateKeyFile = config.age.secrets.wireguard.path;
-      peers = [
-        {
-          # vm-synology
-          publicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904=";
-          allowedIPs = [ "10.100.0.40/32" ];
-          persistentKeepalive = 25;
-        }
-        {
-          # rivendell
-          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.60/32" ];
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51871 ];
-
-  my.modules.hardware.do-droplet.enable = true;
-
-  system.stateVersion = "25.05"; # Did you read the comment?
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/disks.nix b/machines/nixos/x86_64-linux/do-rproxy/disks.nix
deleted file mode 100644
index a51111a..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/disks.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }:
-{
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/vda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [
-                "defaults"
-              ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix b/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
deleted file mode 100644
index 8711666..0000000
--- a/machines/nixos/x86_64-linux/do-rproxy/secrets.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ self, ... }:
-{
-  age = {
-    secrets = {
-      cloudflare-nginx = {
-        file = "${self}/secrets/cloudflare-nginx.age";
-      };
-      wireguard = {
-        file = "${self}/secrets/do/wireguard.age";
-      };
-    };
-  };
-}
diff --git a/machines/nixos/x86_64-linux/installer/default.nix b/machines/nixos/x86_64-linux/iso.nix
index e914571..e914571 100644
--- a/machines/nixos/x86_64-linux/installer/default.nix
+++ b/machines/nixos/x86_64-linux/iso.nix
diff --git a/machines/nixos/x86_64-linux/rivendell/default.nix b/machines/nixos/x86_64-linux/rivendell.nix
index abbc78f..dc0205d 100644
--- a/machines/nixos/x86_64-linux/rivendell/default.nix
+++ b/machines/nixos/x86_64-linux/rivendell.nix
@@ -9,19 +9,19 @@
   imports = [
     (modulesPath + "/installer/scan/not-detected.nix")
     inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series
-    ../../../../profiles/disk/btrfs-on-luks.nix
-    ../../../../profiles/defaults.nix
-    ../../../../profiles/server.nix
-    ../../../../profiles/cgroups.nix
-    ../../../../profiles/forgejo.nix
-    ../../../../profiles/keycloak.nix
-    ../../../../profiles/tailscale.nix
+    ../../../profiles/disk/btrfs-on-luks.nix
+    ../../../profiles/defaults.nix
+    ../../../profiles/server.nix
+    ../../../profiles/cgroups.nix
+    ../../../profiles/forgejo.nix
+    ../../../profiles/keycloak.nix
+    ../../../profiles/tailscale.nix
   ];
 
   age = {
     secrets = {
       wireguard = {
-        file = ../../../../secrets/rivendell/wireguard.age;
+        file = ../../../secrets/rivendell/wireguard.age;
       };
     };
   };
diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm.nix
index c1b2270..702f8b4 100644
--- a/machines/nixos/x86_64-linux/synology-vm/default.nix
+++ b/machines/nixos/x86_64-linux/synology-vm.nix
@@ -1,20 +1,53 @@
 {
+  modulesPath,
   lib,
   adminUser,
   config,
   ...
 }:
 {
+  age = {
+    secrets = {
+      restic_gcs_credentials = {
+        file = ../../../secrets/restic_gcs_credentials.age;
+      };
+      restic_password = {
+        file = ../../../secrets/restic_password.age;
+      };
+      nas_client_credentials = {
+        file = ../../../secrets/nas_client.age;
+      };
+      wireguard = {
+        file = ../../../secrets/vm-synology/wireguard.age;
+      };
+    };
+  };
+
   imports = [
-    ./disks.nix
-    ./hardware.nix
-    ./secrets.nix
-    ./profiles/goget.nix
-    ../../../../profiles/defaults.nix
-    ../../../../profiles/server.nix
-    ../../../../profiles/cgroups.nix
+    (modulesPath + "/profiles/qemu-guest.nix")
+    (modulesPath + "/installer/scan/not-detected.nix")
+    ../../../profiles/defaults.nix
+    ../../../profiles/server.nix
+    ../../../profiles/cgroups.nix
+    ../../../profiles/disk/basic-vm.nix
   ];
 
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "virtio_scsi"
+    "sd_mod"
+    "sr_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.systemd-boot.enable = true;
 
@@ -79,6 +112,11 @@
     };
   };
 
+  services.goget = {
+    enable = true;
+    openFirewall = true;
+  };
+
   networking.firewall.allowedUDPPorts = [ 51871 ];
 
   system.stateVersion = "23.11"; # Did you read the comment?
diff --git a/machines/nixos/x86_64-linux/synology-vm/disks.nix b/machines/nixos/x86_64-linux/synology-vm/disks.nix
deleted file mode 100644
index 1641339..0000000
--- a/machines/nixos/x86_64-linux/synology-vm/disks.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }:
-{
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/sda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [
-                "defaults"
-              ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/machines/nixos/x86_64-linux/synology-vm/hardware.nix b/machines/nixos/x86_64-linux/synology-vm/hardware.nix
deleted file mode 100644
index ad1fd3f..0000000
--- a/machines/nixos/x86_64-linux/synology-vm/hardware.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{ lib, modulesPath, ... }:
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "ata_piix"
-    "uhci_hcd"
-    "virtio_pci"
-    "virtio_scsi"
-    "sd_mod"
-    "sr_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix
deleted file mode 100644
index ac32e62..0000000
--- a/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ ... }:
-{
-  services.goget = {
-    enable = true;
-    openFirewall = true;
-  };
-}
diff --git a/machines/nixos/x86_64-linux/synology-vm/secrets.nix b/machines/nixos/x86_64-linux/synology-vm/secrets.nix
deleted file mode 100644
index e323097..0000000
--- a/machines/nixos/x86_64-linux/synology-vm/secrets.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ self, ... }:
-{
-  age = {
-    secrets = {
-      restic_gcs_credentials = {
-        file = "${self}/secrets/restic_gcs_credentials.age";
-      };
-      restic_password = {
-        file = "${self}/secrets/restic_password.age";
-      };
-      nas_client_credentials = {
-        file = "${self}/secrets/nas_client.age";
-      };
-      wireguard = {
-        file = "${self}/secrets/vm-synology/wireguard.age";
-      };
-    };
-  };
-
-}