diff --git a/flake.nix b/flake.nix index a60ffaf..6d18835 100644 --- a/flake.nix +++ b/flake.nix @@ -56,22 +56,6 @@ flake = { # Configurations for Linux (NixOS) systems nixosConfigurations = { - # My Linux development computer (on Hetzner) - pinch = self.lib.mkLinuxSystem { - imports = [ - self.nixosModules.default # Defined in nixos/default.nix - ./systems/hetzner/ax41.nix - ./nixos/server/harden.nix - ./nixos/hercules.nix - # I share my Hetzner server with other people who need it. - self.nixosModules.guests - # I host a Nix cache - # (import ./nixos/cache-server.nix { - # keyName = "cache-priv-key"; - # domain = "cache.srid.ca"; - # }) - ]; - }; pce = self.lib.mkLinuxSystem { imports = [ self.nixosModules.default # Defined in nixos/default.nix diff --git a/systems/hetzner/ax41.info.nix b/systems/hetzner/ax41.info.nix deleted file mode 100644 index c2b81ea..0000000 --- a/systems/hetzner/ax41.info.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - hostKeyPub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMI2BuoFaJD7dfOuJUP0yGWsQ4+tnKojUZiAQgIb44uj root@pinch"; - publicIP = "88.198.33.237"; -} diff --git a/systems/hetzner/ax41.nix b/systems/hetzner/ax41.nix deleted file mode 100644 index 864e9a1..0000000 --- a/systems/hetzner/ax41.nix +++ /dev/null @@ -1,126 +0,0 @@ -{ config, pkgs, lib, inputs, modulesPath, flake, ... }: - -{ - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "ahci" "usbhid" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/bede3321-d976-475a-ace3-33c8977a590a"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.settings.max-jobs = lib.mkDefault 12; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; - - # Use GRUB2 as the boot loader. - # We don't use systemd-boot because Hetzner uses BIOS legacy boot. - boot.loader.systemd-boot.enable = false; - boot.loader.grub = { - enable = true; - efiSupport = false; - devices = [ "/dev/nvme0n1" "/dev/nvme1n1" ]; - }; - - # The madm RAID was created with a certain hostname, which madm will consider - # the "home hostname". Changing the system hostname will result in the array - # being considered "foregin" as opposed to "local", and showing it as - # '/dev/md/:root0' instead of '/dev/md/root0'. - - # This is mdadm's protection against accidentally putting a RAID disk - # into the wrong machine and corrupting data by accidental sync, see - # https://bugzilla.redhat.com/show_bug.cgi?id=606481#c14 and onward. - # We set the HOMEHOST manually go get the short '/dev/md' names, - # and so that things look and are configured the same on all such - # machines irrespective of host names. - # We do not worry about plugging disks into the wrong machine because - # we will never exchange disks between machines. - environment.etc."mdadm.conf".text = '' - HOMEHOST pinch - ''; - - # The RAIDs are assembled in stage1, so we need to make the config - # available there. - boot.initrd.services.swraid.mdadmConf = config.environment.etc."mdadm.conf".text; - - # Network (Hetzner uses static IP assignments, and we don't use DHCP here) - networking.useDHCP = false; - networking.firewall.checkReversePath = "loose"; # Tailscale recommends this - networking.interfaces."enp41s0" = { - ipv4 = { - addresses = [{ - # Server main IPv4 address - address = (import ./ax41.info.nix).publicIP; - prefixLength = 24; - }]; - - routes = [ - # Default IPv4 gateway route - { - address = "0.0.0.0"; - prefixLength = 0; - via = "88.198.33.225"; - } - ]; - }; - - ipv6 = { - addresses = [{ - address = "2a01:4f8:a0:305f::1"; - prefixLength = 64; - }]; - - # Default IPv6 route - routes = [{ - address = "::"; - prefixLength = 0; - via = "fe80::1"; - }]; - }; - }; - - - networking = { - nameservers = [ "8.8.8.8" "8.8.4.4" ]; - hostName = "pinch"; - }; - - nix = { - extraOptions = '' - experimental-features = nix-command flakes repl-flake - ''; - }; - - services.netdata.enable = true; - - environment.systemPackages = with pkgs; [ - lsof - nil - ]; - - services.openssh.permitRootLogin = "prohibit-password"; - services.openssh.enable = true; - services.tailscale.enable = true; - - services.nginx.enable = true; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - security.acme.acceptTerms = true; - security.acme.defaults.email = "srid@srid.ca"; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.${flake.config.people.myself} = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; - }; - security.sudo.wheelNeedsPassword = false; - - system.stateVersion = "20.03"; -} diff --git a/users/config.nix b/users/config.nix index 80170b7..01aa730 100644 --- a/users/config.nix +++ b/users/config.nix @@ -9,8 +9,6 @@ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos" # New "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQRxPoqlThDrkR58pKnJgmeWPY9/wleReRbZ2MOZRyd" - # pinch - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcp8sjrazhs+o0Ps/g36CUxIKk3DvMXRP9upHN6IxBq" ]; }; uday = {