7 files changed, 0 insertions, 303 deletions

diff --git a/nix/machines/vm-synology/backups.nix b/nix/machines/vm-synology/backups.nix
deleted file mode 100644
index cf3c65b..0000000
--- a/nix/machines/vm-synology/backups.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-let
-  environmentFile = toString (
-    pkgs.writeText "restic-gcs-env" ''
-      GOOGLE_PROJECT_ID=fcuny-infra
-      GOOGLE_APPLICATION_CREDENTIALS=${config.age.secrets.restic_gcs_credentials.path}
-    ''
-  );
-in
-{
-  services.restic.backups.local = {
-    passwordFile = config.age.secrets.restic_password.path;
-    repository = "/srv/data/backups/";
-    initialize = true;
-    paths = [ "/var/lib/gitolite" ];
-    exclude = [
-      "/var/lib/gitolite/.bash_history"
-      "/var/lib/gitolite/.ssh"
-      "/var/lib/gitolite/.viminfo"
-    ];
-    extraBackupArgs = [
-      "--exclude-caches"
-      "--compression=max"
-    ];
-    timerConfig = {
-      OnCalendar = "daily";
-    };
-    pruneOpts = [
-      "--keep-daily 7"
-      "--keep-weekly 4"
-      "--keep-monthly 3"
-    ];
-  };
-
-  services.restic.backups.gcs = {
-    passwordFile = config.age.secrets.restic_password.path;
-    environmentFile = environmentFile;
-    repository = "gs:fcuny-infra-backups:/vm-synology/";
-    initialize = true;
-    paths = [ "/var/lib/gitolite" ];
-    exclude = [
-      "/var/lib/gitolite/.bash_history"
-      "/var/lib/gitolite/.ssh"
-      "/var/lib/gitolite/.viminfo"
-    ];
-    extraBackupArgs = [
-      "--exclude-caches"
-      "--compression=max"
-    ];
-    timerConfig = {
-      OnCalendar = "daily";
-    };
-    pruneOpts = [
-      "--keep-daily 7"
-      "--keep-weekly 4"
-      "--keep-monthly 3"
-    ];
-  };
-
-  environment = {
-    sessionVariables = {
-      RESTIC_REPOSITORY = "/srv/data/backups";
-      RESTIC_PASSWORD_FILE = config.age.secrets.restic_password.path;
-    };
-    systemPackages = with pkgs; [
-      restic
-    ];
-  };
-}
diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix
deleted file mode 100644
index ec508d8..0000000
--- a/nix/machines/vm-synology/default.nix
+++ /dev/null
@@ -1,92 +0,0 @@
-{ pkgs, ... }:
-{
-  age = {
-    secrets = {
-      restic_gcs_credentials = {
-        file = ../../../secrets/restic_gcs_credentials.age;
-      };
-      restic_password = {
-        file = ../../../secrets/restic_password.age;
-      };
-      cloudflared-tunnel = {
-        file = ../../../secrets/cloudflared_cragmont.age;
-      };
-      cloudflared-cert = {
-        file = ../../../secrets/cloudflared_cert.age;
-      };
-    };
-  };
-
-  imports = [
-    ./backups.nix
-    ./git.nix
-    ./hardware.nix
-    ./ingress.nix
-    ./nginx.nix
-    ../common/network.nix
-  ];
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  networking.hostName = "vm-synology";
-  boot.kernelPackages = pkgs.linuxPackages_latest;
-
-  nix = {
-    package = pkgs.nixVersions.latest;
-    settings = {
-      trusted-users = [
-        "@admin"
-        "fcuny"
-      ];
-      experimental-features = [
-        "nix-command"
-        "flakes"
-      ];
-    };
-  };
-
-  time.timeZone = "America/Los_Angeles";
-
-  # Don't require password for sudo
-  security.sudo.wheelNeedsPassword = false;
-
-  # Virtualization settings
-  virtualisation.docker.enable = true;
-
-  # Select internationalisation properties.
-  i18n = {
-    defaultLocale = "en_US.UTF-8";
-  };
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.mutableUsers = false;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    curl
-    git
-    vim
-    jq
-  ];
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-  services.openssh.settings.PasswordAuthentication = true;
-  services.openssh.settings.PermitRootLogin = "no";
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-  ];
-
-  networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
-}
diff --git a/nix/machines/vm-synology/disk.nix b/nix/machines/vm-synology/disk.nix
deleted file mode 100644
index 1641339..0000000
--- a/nix/machines/vm-synology/disk.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib, ... }:
-{
-  disko.devices = {
-    disk.disk1 = {
-      device = lib.mkDefault "/dev/sda";
-      type = "disk";
-      content = {
-        type = "gpt";
-        partitions = {
-          boot = {
-            name = "boot";
-            size = "1M";
-            type = "EF02";
-          };
-          esp = {
-            name = "ESP";
-            size = "500M";
-            type = "EF00";
-            content = {
-              type = "filesystem";
-              format = "vfat";
-              mountpoint = "/boot";
-            };
-          };
-          root = {
-            name = "root";
-            size = "100%";
-            content = {
-              type = "lvm_pv";
-              vg = "pool";
-            };
-          };
-        };
-      };
-    };
-    lvm_vg = {
-      pool = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%FREE";
-            content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
-              mountOptions = [
-                "defaults"
-              ];
-            };
-          };
-        };
-      };
-    };
-  };
-}
diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix
deleted file mode 100644
index 27eebc7..0000000
--- a/nix/machines/vm-synology/git.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ pkgs, ... }:
-{
-  services.gitolite = {
-    enable = true;
-    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
-    user = "git";
-    group = "git";
-    extraGitoliteRc = ''
-      # Make dirs/files group readable, needed for webserver/cgit. (Default
-      # setting is 0077.)
-      $RC{UMASK} = 0027;
-      $RC{GIT_CONFIG_KEYS} = 'cgit.desc cgit.hide cgit.ignore cgit.owner';
-      $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local";
-      push( @{$RC{ENABLE}}, 'symbolic-ref' );
-    '';
-  };
-
-  # let's make sure the default branch is `main'.
-  systemd.tmpfiles.rules = [
-    "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" ''
-      [init]
-      	defaultBranch = main
-    ''}"
-  ];
-}
diff --git a/nix/machines/vm-synology/hardware.nix b/nix/machines/vm-synology/hardware.nix
deleted file mode 100644
index c894a80..0000000
--- a/nix/machines/vm-synology/hardware.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{ lib, modulesPath, ... }:
-
-{
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-    (modulesPath + "/installer/scan/not-detected.nix")
-    ./disk.nix
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "ata_piix"
-    "uhci_hcd"
-    "virtio_pci"
-    "virtio_scsi"
-    "sd_mod"
-    "sr_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
diff --git a/nix/machines/vm-synology/ingress.nix b/nix/machines/vm-synology/ingress.nix
deleted file mode 100644
index b6ae596..0000000
--- a/nix/machines/vm-synology/ingress.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ config, ... }:
-{
-  services.cloudflared = {
-    enable = true;
-    certificateFile = config.age.secrets.cloudflared-cert.path;
-    tunnels = {
-      "cragmont" = {
-        credentialsFile = config.age.secrets.cloudflared-tunnel.path;
-        default = "http_status:404";
-        ingress = {
-          "git.fcuny.net".service = "ssh://127.0.0.1:22";
-        };
-      };
-    };
-  };
-}
diff --git a/nix/machines/vm-synology/nginx.nix b/nix/machines/vm-synology/nginx.nix
deleted file mode 100644
index 2c3b7fb..0000000
--- a/nix/machines/vm-synology/nginx.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{
-  ...
-}:
-{
-  services.fcuny-net = {
-    enable = true;
-    domain = "fcuny.net";
-    enableSSL = false; # Enable if you want HTTPS
-  };
-}