From e55b8ee0f7073b46fb343a97ee744a95ec40d2ed Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Fri, 24 Oct 2025 09:02:29 -0700 Subject: simplify hosts management --- .../nixos/x86_64-linux/synology-vm/default.nix | 85 ---------------------- machines/nixos/x86_64-linux/synology-vm/disks.nix | 55 -------------- .../nixos/x86_64-linux/synology-vm/hardware.nix | 23 ------ .../x86_64-linux/synology-vm/profiles/goget.nix | 7 -- .../nixos/x86_64-linux/synology-vm/secrets.nix | 20 ----- 5 files changed, 190 deletions(-) delete mode 100644 machines/nixos/x86_64-linux/synology-vm/default.nix delete mode 100644 machines/nixos/x86_64-linux/synology-vm/disks.nix delete mode 100644 machines/nixos/x86_64-linux/synology-vm/hardware.nix delete mode 100644 machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix delete mode 100644 machines/nixos/x86_64-linux/synology-vm/secrets.nix (limited to 'machines/nixos/x86_64-linux/synology-vm') diff --git a/machines/nixos/x86_64-linux/synology-vm/default.nix b/machines/nixos/x86_64-linux/synology-vm/default.nix deleted file mode 100644 index c1b2270..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/default.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ - lib, - adminUser, - config, - ... -}: -{ - imports = [ - ./disks.nix - ./hardware.nix - ./secrets.nix - ./profiles/goget.nix - ../../../../profiles/defaults.nix - ../../../../profiles/server.nix - ../../../../profiles/cgroups.nix - ]; - - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.enable = true; - - networking.hostName = "synology-vm"; - networking.useDHCP = lib.mkDefault true; - systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - - my.modules.nas-client = { - enable = true; - volumes = { - data = { - server = "192.168.1.68"; - remotePath = "backups"; - mountPoint = "/data/backups"; - uid = adminUser.uid; - }; - }; - }; - - my.modules.backups = { - enable = true; - passwordFile = config.age.secrets.restic_password.path; - remote = { - googleProjectId = "fcuny-infra"; - googleCredentialsFile = config.age.secrets.restic_gcs_credentials.path; - }; - }; - - users.users.builder = { - openssh.authorizedKeys.keys = [ - # my personal key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - # remote builder ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw" - ]; - isNormalUser = true; - group = "nogroup"; - }; - - nix.settings.trusted-users = [ "builder" ]; - - networking.wireguard = { - enable = true; - interfaces.wg0 = { - ips = [ "10.100.0.40/32" ]; - listenPort = 51871; - privateKeyFile = config.age.secrets.wireguard.path; - peers = [ - { - publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "165.232.158.110:51871"; - persistentKeepalive = 25; - } - { - # rivendell - publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; - allowedIPs = [ "10.100.0.0/24" ]; - persistentKeepalive = 25; - } - ]; - }; - }; - - networking.firewall.allowedUDPPorts = [ 51871 ]; - - system.stateVersion = "23.11"; # Did you read the comment? -} diff --git a/machines/nixos/x86_64-linux/synology-vm/disks.nix b/machines/nixos/x86_64-linux/synology-vm/disks.nix deleted file mode 100644 index 1641339..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/disks.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ lib, ... }: -{ - disko.devices = { - disk.disk1 = { - device = lib.mkDefault "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - name = "boot"; - size = "1M"; - type = "EF02"; - }; - esp = { - name = "ESP"; - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; - root = { - name = "root"; - size = "100%"; - content = { - type = "lvm_pv"; - vg = "pool"; - }; - }; - }; - }; - }; - lvm_vg = { - pool = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%FREE"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - mountOptions = [ - "defaults" - ]; - }; - }; - }; - }; - }; - }; -} diff --git a/machines/nixos/x86_64-linux/synology-vm/hardware.nix b/machines/nixos/x86_64-linux/synology-vm/hardware.nix deleted file mode 100644 index ad1fd3f..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/hardware.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - swapDevices = [ ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} diff --git a/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix b/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix deleted file mode 100644 index ac32e62..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/profiles/goget.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - services.goget = { - enable = true; - openFirewall = true; - }; -} diff --git a/machines/nixos/x86_64-linux/synology-vm/secrets.nix b/machines/nixos/x86_64-linux/synology-vm/secrets.nix deleted file mode 100644 index e323097..0000000 --- a/machines/nixos/x86_64-linux/synology-vm/secrets.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ self, ... }: -{ - age = { - secrets = { - restic_gcs_credentials = { - file = "${self}/secrets/restic_gcs_credentials.age"; - }; - restic_password = { - file = "${self}/secrets/restic_password.age"; - }; - nas_client_credentials = { - file = "${self}/secrets/nas_client.age"; - }; - wireguard = { - file = "${self}/secrets/vm-synology/wireguard.age"; - }; - }; - }; - -} -- cgit v1.2.3