diff --git a/flake.lock b/flake.lock index de11337a..aa6191d4 100644 --- a/flake.lock +++ b/flake.lock @@ -1,28 +1,5 @@ { "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", - "owner": "ryantm", - "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, "base16-schemes": { "flake": false, "locked": { @@ -39,102 +16,6 @@ "type": "github" } }, - "bitcoinstatus": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": [ - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1717001496, - "narHash": "sha256-NdrcUSLrwes57BpAT/KJxym7/YjbsQIA1a9dckCo9+Q=", - "owner": "sioodmy", - "repo": "bitcoinstatus", - "rev": "739fb8cf416e4d3dff37af44874131125c2217f7", - "type": "github" - }, - "original": { - "owner": "sioodmy", - "repo": "bitcoinstatus", - "type": "github" - } - }, - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1700795494, - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -155,63 +36,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1715865404, - "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, "homix": { "inputs": { "nixpkgs": [ @@ -247,32 +71,10 @@ "type": "github" } }, - "lyricsapi": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1716900363, - "narHash": "sha256-tTZBFKVsFVzJY7VjsXnjjpocSERgoOP6EZNY4EgLyWs=", - "owner": "sioodmy", - "repo": "lyricsapi", - "rev": "badd0a83afa9c1eb2a0440103d8ff1e1719faf7d", - "type": "github" - }, - "original": { - "owner": "sioodmy", - "repo": "lyricsapi", - "type": "github" - } - }, "nix-colors": { "inputs": { "base16-schemes": "base16-schemes", - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { "lastModified": 1707825078, @@ -290,11 +92,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1724575805, - "narHash": "sha256-OB/kEL3GAhUZmUfkbPfsPhKs0pRqJKs0EEBiLfyKZw8=", + "lastModified": 1724878143, + "narHash": "sha256-UjpKo92iZ25M05kgSOw/Ti6VZwpgdlOa73zHj8OcaDk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "9fc19be21f0807d6be092d70bf0b1de0c00ac895", + "rev": "95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef", "type": "github" }, "original": { @@ -305,11 +107,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708475490, - "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0e74ca98a74bc7270d28838369593635a5db3260", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { @@ -319,34 +121,7 @@ "type": "github" } }, - "nixpkgs-24_05": { - "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-24.05", - "type": "indirect" - } - }, "nixpkgs-lib": { - "locked": { - "lastModified": 1714640452, - "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz" - } - }, - "nixpkgs-lib_2": { "locked": { "lastModified": 1697935651, "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", @@ -361,140 +136,30 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1724479785, - "narHash": "sha256-pP3Azj5d6M5nmG68Fu4JqZmdGt4S4vqI5f8te+E/FTw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "d0e1602ddde669d5beb01aec49d71a51937ed7be", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1708475490, - "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0e74ca98a74bc7270d28838369593635a5db3260", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { - "agenix": "agenix", - "bitcoinstatus": "bitcoinstatus", "flake-parts": "flake-parts", "homix": "homix", "impermanence": "impermanence", - "lyricsapi": "lyricsapi", "nix-colors": "nix-colors", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", - "simple-nixos-mailserver": "simple-nixos-mailserver", - "treefmt-nix": "treefmt-nix_2", - "website": "website", - "wrapper-manager": "wrapper-manager", - "zig-overlay": "zig-overlay" - } - }, - "simple-nixos-mailserver": { - "inputs": { - "blobs": "blobs", - "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-24_05": "nixpkgs-24_05" - }, - "locked": { - "lastModified": 1722877200, - "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", - "owner": "simple-nixos-mailserver", - "repo": "nixos-mailserver", - "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "ref": "master", - "repo": "nixos-mailserver", - "type": "gitlab" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "nixpkgs": "nixpkgs", + "treefmt-nix": "treefmt-nix", + "wrapper-manager": "wrapper-manager" } }, "treefmt-nix": { - "inputs": { - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1715940852, - "narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "2fba33a182602b9d49f0b2440513e5ee091d838b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1724338379, - "narHash": "sha256-kKJtaiU5Ou+e/0Qs7SICXF22DLx4V/WhG1P6+k4yeOE=", + "lastModified": 1724833132, + "narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "070f834771efa715f3e74cd8ab93ecc96fabc951", + "rev": "3ffd842a5f50f435d3e603312eefa4790db46af5", "type": "github" }, "original": { @@ -503,48 +168,6 @@ "type": "github" } }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1714058656, - "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "website": { - "inputs": { - "flake-parts": [ - "flake-parts" - ], - "nixpkgs": [ - "nixpkgs" - ], - "treefmt-nix": "treefmt-nix_3" - }, - "locked": { - "lastModified": 1714757023, - "narHash": "sha256-rG0+wqiVo9qyfoT4IFOLVqfLF/EYQ8Hh5cLwZg849Uo=", - "owner": "sioodmy", - "repo": "website", - "rev": "9198d68dd67ac6f392f9b99665be4abb23008321", - "type": "github" - }, - "original": { - "owner": "sioodmy", - "repo": "website", - "type": "github" - } - }, "wrapper-manager": { "inputs": { "nixpkgs": [ @@ -564,28 +187,6 @@ "repo": "wrapper-manager", "type": "github" } - }, - "zig-overlay": { - "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1724718400, - "narHash": "sha256-i83icUP6218jkNLBiHj2JyhKrVbgkU2mOGFvpFjw0WM=", - "owner": "mitchellh", - "repo": "zig-overlay", - "rev": "20a8e0316531f825284ef15fe20b4f9848fbb4e4", - "type": "github" - }, - "original": { - "owner": "mitchellh", - "repo": "zig-overlay", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index d0e7e7ee..a3ecc940 100644 --- a/flake.nix +++ b/flake.nix @@ -25,7 +25,6 @@ colors = inputs.nix-colors.colorSchemes.catppuccin-frappe.palette; in [ - inputs'.agenix.packages.default config.treefmt.build.wrapper (pkgs.callPackage ./shell {inherit pkgs inputs colors;}) ] @@ -75,18 +74,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - - zig-overlay = { - url = "github:mitchellh/zig-overlay"; - inputs = { - nixpkgs.follows = "nixpkgs"; - }; - }; - homix = { url = "github:sioodmy/homix"; inputs = { @@ -98,29 +85,6 @@ url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; }; - lyricsapi = { - url = "github:sioodmy/lyricsapi"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - simple-nixos-mailserver = { - url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - website = { - url = "github:sioodmy/website"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - }; - }; - bitcoinstatus = { - url = "github:sioodmy/bitcoinstatus"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-parts.follows = "flake-parts"; - treefmt-nix.follows = "treefmt-nix"; - }; - }; }; } # see also: diff --git a/hosts/default.nix b/hosts/default.nix index 8dc3230b..5912dd8c 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -7,12 +7,10 @@ core = ../system/core; bootloader = ../system/core/bootloader.nix; impermanence = ../system/core/impermanence.nix; - server = ../system/server; wayland = ../system/wayland; hw = inputs.nixos-hardware.nixosModules; - agenix = inputs.agenix.nixosModules.age; - shared = [core agenix]; + shared = [core]; in { # all my hosts are named after saturn moons btw @@ -31,20 +29,4 @@ in { ++ shared; specialArgs = {inherit inputs;}; }; - - # x86 home server - prometheus = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = - [ - { - networking.hostName = "prometheus"; - boot.loader.grub.devices = ["/dev/sda"]; - } - server - ./prometheus - ] - ++ shared; - specialArgs = {inherit inputs;}; - }; } diff --git a/secrets/caldav.age b/secrets/caldav.age deleted file mode 100644 index 033c25cf..00000000 --- a/secrets/caldav.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 naeoPA iijr0z7RzYCywpS8Jp4zhpVAZ0g+mMQ4Ny5ZUPkliA0 -fXHBuOh3UXelnmFYuaLl+08UrTDBzCaBD67YxsG998A --> ssh-ed25519 NIj+5g UE3evqvmZYzhya//QaWBG613efeqstoEK3yC/SCRkFk -Nm7dKVTQdGo4S/PnTmgO8QyLDiLCLTq4DLLhaDpZF24 ---- 5yUy8yQhMebFdUHZOMg4i04Ol/t8xrhANEKXMH8/zWs -ú„¦vzÈZ:Fˆ8÷«S@®_¥~#¾÷e}¿’a‘¼ª]³¤@Mƒ”0õ"y<áéöÉdÓÝBŽÃ±:e%]…øêsõL„ßE®»NÐvT/™OgÜúéü \ No newline at end of file diff --git a/secrets/discordtoken.age b/secrets/discordtoken.age deleted file mode 100644 index 00907c99..00000000 Binary files a/secrets/discordtoken.age and /dev/null differ diff --git a/secrets/mailserver.age b/secrets/mailserver.age deleted file mode 100644 index 788fde75..00000000 Binary files a/secrets/mailserver.age and /dev/null differ diff --git a/secrets/openai.age b/secrets/openai.age deleted file mode 100644 index 6a818554..00000000 --- a/secrets/openai.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 naeoPA jrPMtlZMlSMY/iVRfw8U0ALe9QKwtDqsxMync57kfTQ -VuMXwP0dZw+EnuFleddOM4m02k4YCc/epJpIywKMXfk --> ssh-ed25519 mUdfUg ii9dUI0jw3v4mfcIF1xcOKkT1iOxDSsLlGP45/UtBQ4 -J3u/sQi6eKJUU7lNzS7C19qZvxLi+Jzn8dhmEJOLxUw ---- Mvjw8HJHkNZiZ5lAJ2aK3TpAiOo9L7MnfO2wGqvDdmc -G®³m‚ü:êä ‰ß}s0ÊÚÖ° ÃIä HJ[F MM³Ðí䙈®¡Hü@ñ ;ž¥v¹Þ÷ïÍþé™ ³Æž ºµÉ³Æ%åÓ<)Ó¿¥Ùu*©IRØ ²–¶?œŽGb{$".óÙ&Ú™úºèGeÖ,ûå° .œ Øßþ2AJ \ No newline at end of file diff --git a/secrets/radicale-pass.age b/secrets/radicale-pass.age deleted file mode 100644 index 860aed7a..00000000 --- a/secrets/radicale-pass.age +++ /dev/null @@ -1,21 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 naeoPA yP6blwsHEEamvoOiUL3aQB74L1qGxj3pjCRYlhW4kwM -MfqmmFzXG0CuY7PcjsGl1jw2rrtYkIIFTQyh7zRZK1M --> ssh-ed25519 mUdfUg J8eRngBraeP3FHgJLK+36l0cHQ2id8SG8dxAdW02FRg -rsUIVUCXJUdgyX115J88GLKZqOqnTvecfPtIg1yROyw --> ssh-ed25519 G6wImw Hpq7ZY8eH+pMd0vDQiTKwxI2hiRBTSv0ihuAW7w8Dxc -W4M1kelpMWorzgQBzin1TnvskYMJhC+nwCLZFeuGlFM --> ssh-rsa 29b9iQ -oxWYvXRI4Bbc+YN44NJDa2VpwE3AKjD6Kt+RVBXEFsMZ4xdAG9zjTHYj1i+RS97s -QrmyeNEopvp6BEciXx1aHAaJerRqUonS0ulYCyClYsdOym1ocmuwoltMVhNgxD44 -iaBkfMsgXYi/pr1MLuTF+t6zCXXgUGyqfkI4uk3/FA3qYdllbrUQZwfNp1gbtw3t -bfcwylyDjwsOUEBiEcffSvntDYXrMPphZSg46n/QjkNn31oxbYYha50oV6V2sMKK -IxGFb0x/8ImB92IKT+edJNPnPxOV/epF6T3SdTV52e1vAzywJVKMYy3FoWvQobHA -1vrfO8mOjOkVxxPrcL2A9ADtNoQWn9xp3e1T/ZUtVGgwpp6YLTKrSsTvCHWWq2QJ -z2EkAcyt6YwWpDWQhIXrpiZO5lyf/uOVblUh7oLK3pNdBzID5AbRzWm0gLKmq1tV -5TkcSONAXITrKA3Mnl0SvL7PgjjubPZi2IJchxmPi+ONR3Hm2dyBEPKUT7eCcsos -UaqBUzNtqmR17bPkCcoQXxPhpQAs7RGSflQg3IMy3DfE7YB986ErEjY1pGINgrkp -0AEjisruQ3YmWHQoc2Nz7ys0cN5/3xEo7bDGU80iGcKX55xGB836RimFeBA/dVJc -+ZakUIEl6qKiu5Pay/x2gRU6+9U+392ZV1GFFewfJXc ---- JjYN3dlyr0490nJoZH406CEokam0+LG0w9o2heKdhJ0 -ÛR÷ÝÈ*>D¯fY¹;‰«Uæ>uÿ&’2qÜ]fZsàÀ;V \ No newline at end of file diff --git a/secrets/radicale.age b/secrets/radicale.age deleted file mode 100644 index 31658735..00000000 Binary files a/secrets/radicale.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index c4072b57..00000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,19 +0,0 @@ -let - calypso-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+S9LPxp3Mmha1keHlwc0iVq4CMbHvzAAwuYE2go7io sioodmy@calypso"; - - calypso-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPhD+J2Iivt9mTVV2I79iGlqN+YQFb4PPkqle0brUKy4 root@calypso"; - - prometheus-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEO6goNjMrTXD3l2eaCET5PW3+ec3RWREtPp8TK8r82B root@prometheus"; - - calypso = [calypso-user calypso-host]; - - prometheus = [calypso-user prometheus-host]; -in { - age.identityPaths = "/persist/home/sioodmy/.ssh/id_ed25519"; - - "openai.age".publicKeys = calypso; - - "mailserver.age".publicKeys = prometheus; - "caldav.age".publicKeys = prometheus; - "discordtoken.age".publicKeys = prometheus; -} diff --git a/secrets/spotify-tui.age b/secrets/spotify-tui.age deleted file mode 100644 index 75cee2f2..00000000 --- a/secrets/spotify-tui.age +++ /dev/null @@ -1,21 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 G6wImw U1vh26ILIrqV2V/x5NQqkX2YF/zjX2FVhbpGQ0nT8wY -WDu/nFL/vj3uBu7mOuadvN5QZ9HBYSPm10KlKrvTzfw --> ssh-rsa 29b9iQ -mth/VdUdwesPd/qhrRmk87UOX66j9SuLwzuZ6RSldTFsAciwuJUuW8hqM83FBid1 -Bfg+GCsSaEfa7H+kmdUgDNMukegE5K7KxyYUlSgYhw9YaD/0NxrTALvCRbLx/9pD -5zTrJWnxXDgUWqWQaAdY9KHwhL3FY4dGjoVH1bAp+bosNcDdqv34fK/DDQHICJhG -KMOIvAOT4lOCn6wzLWo8TkAiyrbOM8bI2YP0LWyoczgC32f0LHbcGT+jYSPiWXEu -9g4OpiRlIQcdDlPmWBwOTkEt51z2JGTxN9wQkaweHTbHh7Vlkg9DO4sSJS2HzAIF -wMcbIpCeLb6s2ES7Po3nVl1gDqmkAcwa0eNCWn1Uk75D/J0i0ciNwcaLwXnWqXVD -4lOFeEwoef4bwyX2ekYm9HFFEr1E6cMRnvvUMdbErrOha3IFm1EJs7xCg4UceIOw -uM8odCfiqKiNkmNHYVEwmSgTZHm/OP89f0EAuiVGRyE6D6GH2w5wupG2Hk/6AceO -ot1vlXINHXCgqR4mo4Y8RaX5kuOSs7JFopUFppHXQOwpppI/RHTEMJSaroQWR2TQ -kqhG+YGMVH6MuOET7evL49CKEvNnzUAb78GI1EAGQGbbkLahm0INMePOcMO3Yjhd -OtRRdKmbmuFhUQptArJ9jpnPnHMmyOZX/eQm7KgW5f8 --> v`-grease cLKK~] -Su3F459PazQSC0t65W5G6R0I6Q6f3laUu2Y5z6iPuPFDXa5TjTprTrCbQW80KguH -j3pkkm9sG0hJ7VGz ---- uBVcocySBshFMolxs/EEeIy9ztYmnrocWMNAfUnqCWc -M6Â|»8´Ä_d5xðt#¿7¨w~! < ¯öm¯é™þ†¯ýM_£RÜ`]™¥:¶€Ÿ¨üêcT~eÝ[• -M³¹ü­—üŸ³Mü€Š§yŒºS¤qH¹Sí„šZQ•À6æ4i_9]gæ¡Ÿ V{Xîå_LÉ&lµ^šê1hD…¸|qáå>]S@e…/Ó}e_á8 \ No newline at end of file diff --git a/secrets/spotify.age b/secrets/spotify.age deleted file mode 100644 index 2835c388..00000000 --- a/secrets/spotify.age +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEc2d0ltdyA1VS92 -VGNiVWFDYkZKNWFNM2VBcnVpVjV0Q2tSTWRTVXZ2UXFpUmVsK0hJCkRLMnhqN0h3 -WWNpL0t4VHRndE9aV3c4bGJGV1hSVmtWVHJDeEp2OTJxaXMKLT4gc3NoLXJzYSAy -OWI5aVEKRHNWRDRodzhGU0RKK2JmTXc0YkZCcTRCQ1ZGSDVwZnJtOEhPd04zU3Rr -b2p5TnNLS25WdWl2TFRMOUlRbUlldQpJYVRUQXBJY1h2OWowVExhY2tKa01oREF0 -TnRxdWpDY1VXeDZqNjRMQkxpSE5Rd2F4cVc5aVA0Z0pIVnlLR05QCjZ4MW5WQkRP -dDJmQlEwRXBlU1pTZWVjNElYN0NiRVdPWTAvR3ZUL1hwZ1ovNlJUb0w1Ulp3RHUw -UkdsOUI5ZkwKRUNRMzFCcUNteG42NGxkYXZxQlJxa0ROdExRZlZxMUJXUUlDZTdB -MWJTMDNwdVA0eFFyNExWWllEM1dBSFVzWAo5MHp2cUxreEo5OFYrTHk4OEhNWjRW -R3dzVjNNVi9FU0RPSGc2S3BnakhZWFpPbndmYTVJdVJUb2hxNVJtbEx5CkxsZEhC -TGs0cmJGbmNTTnBSOStnRWJsN0R4b2Y5NTB2UzlGNDBrQmFjQklNaHFGUDFvZHJN -aVljVC9TdW8xYVEKR0FXempNNUNkWmk1ZWEydTNMM2pmUDJNRUdJbkxLZFdyeVYv -Rmx5c05OV3R1bHhVUU4xYVVuY0hWeEg5VUtSQwp6QzR2d1hzRlgrNlM0d2lvVlhI -K0NXWUVCVlRVUmNtOFl2ME9QdzdaMVZvbW1NY2hmdXpjZ2o1UEdRWnl2Y1FvCkZI -bU1DK1B1bTQrNk5HS3V1WEJUeVZ5NkxFMVFBa2pxOGM0dk5kUVZWNDhkZXJlMFVh -ZVZlS1dVVlRWOEdJVDEKUkVwTzBaeFZhQ3NlQmFoUUJEK0M3RHRwSVZma0hmenEz -MWh5MXcrL01VLzY5QzFxUXpDWkc5NDFQdzNKR0xSNApRaHRhVjJVTmIvQnpHb1lz -RmZkRHdML2E4RWJka2VpWitueGRwVStKRGVzCi0+IDBkT2NALWdyZWFzZQp1TWxz -YWZGOG45MXg1aTcwanNzSnYzbjZlU2NSZFdhQ1VPQ0c4dXBaLzJicnJzVDh3M2Ez -S1dIQ0lLWEEvS3JECnMyOFB5Uzhxc1YrWlJHL3JNS0ZsNWcybEllWHNHK3VIQWdS -UUtWdHJsNGhQdng5T1NybFNRejB5Yy9rYwotLS0gazhmMWlrYjI0SzMvWUdjbU92 -c1dKVkNic0I1a0UwVEdqUktoSHJhSjlVWQrTCwMlrk8bkcHLYiJkpe12XWFURpTT -AgklwVIBABsxv0cB0fYPFLHOohH78nF8Ww4HPTw0QwzIQA2zMcrMpmhPMFxv26xD -mTovt5AaNqJyoHkfWCONjI37sKHIZoth7eoGWyivhpcO+mMN1EUdI6asAMwQol5l -8Xqrx84mhpZD72bwNDUn9t1C5JS+GIMkf01zI8o= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/syncthing-calypso-cert.age b/secrets/syncthing-calypso-cert.age deleted file mode 100644 index 9c68ce03..00000000 Binary files a/secrets/syncthing-calypso-cert.age and /dev/null differ diff --git a/secrets/syncthing-calypso-key.age b/secrets/syncthing-calypso-key.age deleted file mode 100644 index da08a85c..00000000 Binary files a/secrets/syncthing-calypso-key.age and /dev/null differ diff --git a/secrets/syncthing-cert.age b/secrets/syncthing-cert.age deleted file mode 100644 index 87513624..00000000 Binary files a/secrets/syncthing-cert.age and /dev/null differ diff --git a/secrets/syncthing-key.age b/secrets/syncthing-key.age deleted file mode 100644 index 9347cc81..00000000 Binary files a/secrets/syncthing-key.age and /dev/null differ diff --git a/system/core/default.nix b/system/core/default.nix index ab0b83a1..fc139fd2 100644 --- a/system/core/default.nix +++ b/system/core/default.nix @@ -3,7 +3,6 @@ ./system.nix ./schizo.nix ./network.nix - ./secrets.nix ./nix.nix ./users.nix ./git.nix diff --git a/system/core/devpkgs.nix b/system/core/devpkgs.nix index 3e43593a..45687229 100644 --- a/system/core/devpkgs.nix +++ b/system/core/devpkgs.nix @@ -1,18 +1,10 @@ -{ - pkgs, - inputs, - ... -}: { - environment.systemPackages = - (with pkgs; [ - clang - gnumake - cargo - go - cargo - gcc - ]) - ++ [ - inputs.zig-overlay.packages.${pkgs.system}.master - ]; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + clang + gnumake + cargo + go + cargo + gcc + ]; } diff --git a/system/core/network.nix b/system/core/network.nix index 455d86ec..9d3e4b14 100644 --- a/system/core/network.nix +++ b/system/core/network.nix @@ -20,7 +20,6 @@ in { dns = mkIf dnscrypt "none"; wifi = { macAddress = "random"; - backend = "iwd"; powersave = true; }; }; @@ -49,8 +48,6 @@ in { }; }; - virtualisation.docker.enable = true; - # slows down boot time systemd.services.NetworkManager-wait-online.enable = false; } diff --git a/system/core/nix.nix b/system/core/nix.nix index 88a0276e..9db0baa0 100644 --- a/system/core/nix.nix +++ b/system/core/nix.nix @@ -10,18 +10,14 @@ sessionVariables.FLAKE = "/home/sioodmy/dev/dotfiles"; etc."nix/flake-channels/nixpkgs".source = inputs.nixpkgs; - systemPackages = - (with pkgs; [ - git - deadnix - alejandra - statix - nix-output-monitor - nvfetcher - ]) - ++ [ - inputs.agenix.packages."${pkgs.system}".default - ]; + systemPackages = with pkgs; [ + git + deadnix + alejandra + statix + nix-output-monitor + nvfetcher + ]; defaultPackages = []; }; diff --git a/system/core/secrets.nix b/system/core/secrets.nix deleted file mode 100644 index 1886cfeb..00000000 --- a/system/core/secrets.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - ... -}: let - forHost = hostnames: secretFile: secretName: extra: - lib.mkIf (builtins.elem config.networking.hostName hostnames) { - ${secretName} = - { - file = secretFile; - } - // extra; - }; - - user = { - owner = "sioodmy"; - group = "users"; - }; -in { - age.secrets = lib.mkMerge [ - (forHost ["calypso"] ../../secrets/syncthing-calypso-key.age "syncthing-calypso-key" user) - (forHost ["calypso"] ../../secrets/syncthing-calypso-cert.age "syncthing-calypso-cert" user) - # TODO: rework - (forHost ["calypso"] ../../secrets/radicale-pass.age "radicale-pass" user) - (forHost ["calypso"] ../../secrets/openai.age "openai" user) - (forHost ["prometheus"] ../../secrets/mailserver.age "mailserver" {mode = "400";}) - (forHost ["prometheus"] ../../secrets/caldav.age "caldav" {mode = "400";}) - (forHost ["prometheus"] ../../secrets/discordtoken.age "discordtoken" {mode = "400";}) - - (forHost ["iapetus"] ../../secrets/radicale.age "radicale" { - owner = "radicale"; - group = "radicale"; - }) - ]; - # age.secrets.syncthing-key = { - # file = syncthing-key.age; - # owner = "sioodmy"; - # group = "users"; - # }; - # age.secrets.syncthing-cert = { - # file = ../../secrets/syncthing-cert.age; - # owner = "sioodmy"; - # group = "users"; - # }; -} diff --git a/system/server/default.nix b/system/server/default.nix deleted file mode 100644 index dd34a166..00000000 --- a/system/server/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ - pkgs, - inputs, - config, - ... -}: let - inherit (config.age) secrets; -in - # TODO - { - imports = [ - ./mail.nix - inputs.lyricsapi.nixosModules.default - inputs.bitcoinstatus.nixosModules.default - ]; - services.nginx = { - enable = true; - # package = pkgs.nginx.override {openssl = pkgs.libressl;}; - package = pkgs.angieQuic.override {openssl = pkgs.libressl;}; - - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - recommendedZstdSettings = true; - - # lets be more picky on our ciphers and protocols - sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL"; - sslProtocols = "TLSv1.3 TLSv1.2"; - - commonHttpConfig = '' - #real_ip_header CF-Connecting-IP; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - add_header X-Frame-Options DENY; - add_header X-Content-Type-Options nosniff; - ''; - - virtualHosts = { - "sioodmy.dev" = { - root = inputs.website.packages.${pkgs.system}.website; - enableACME = true; - locations."/" = { - tryFiles = "$uri/index.html $uri.html $uri/ $uri =404"; - extraConfig = '' - rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent; - rewrite ^/(.*)/$ /$1 permanent; - - error_page 404 /404.html; - ''; - }; - - forceSSL = true; - }; - "lyrics.sioodmy.dev" = { - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - }; - quic = true; - forceSSL = true; - enableACME = true; - }; - }; - }; - services = { - lyricsapi.enable = true; - bitcoinstatus = { - enable = true; - tokenFile = secrets.discordtoken.path; - }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "hello@sioodmy.dev"; - }; - - networking.firewall = { - allowedTCPPorts = [80 443]; - }; - } diff --git a/system/server/mail.nix b/system/server/mail.nix deleted file mode 100644 index ed7f4b5d..00000000 --- a/system/server/mail.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ - inputs, - config, - ... -}: let - inherit (config.age) secrets; -in { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - # credits: raf <3 - mailserver = { - enable = true; - # mailDirectory = "/srv/storage/mail/vmail"; - # dkimKeyDirectory = "/srv/storage/mail/dkim"; - # sieveDirectory = "/srv/storage/mail/sieve"; - openFirewall = true; - enableImap = true; - enableImapSsl = true; - enablePop3 = false; - enablePop3Ssl = false; - enableSubmission = false; - enableSubmissionSsl = true; - hierarchySeparator = "/"; - localDnsResolver = false; - fqdn = "mail.sioodmy.dev"; - certificateScheme = "acme-nginx"; - domains = ["sioodmy.dev"]; - loginAccounts = { - "me@sioodmy.dev" = { - hashedPasswordFile = secrets.mailserver.path; - aliases = [ - "hello" - "sioodmy" - "me@sioodmy.dev" - "admin" - "admin@sioodmy.dev" - "root" - "root@sioodmy.dev" - "postmaster" - "postmaster@sioodmy.dev" - ]; - }; - }; - }; - - services.radicale = { - enable = true; - settings = { - server.hosts = ["0.0.0.0:5232"]; - auth = { - type = "htpasswd"; - htpasswd_filename = secrets.caldav.path; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - networking.firewall.allowedTCPPorts = [5232]; - services.nginx = { - virtualHosts = { - "cal.sioodmy.dev" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://localhost:5232"; - extraConfig = '' - proxy_set_header X-Script-Name /; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass_header Authorization; - ''; - }; - }; - }; - }; -} diff --git a/system/server/traggo.nix b/system/server/traggo.nix deleted file mode 100644 index c68fa58e..00000000 --- a/system/server/traggo.nix +++ /dev/null @@ -1,38 +0,0 @@ -{pkgs, ...}: let - traggo-server = pkgs.buildGoModule { - pname = "traggo-server"; - version = "0.3.0"; - src = pkgs.fetchFromGitHub { - owner = "traggo"; - repo = "server"; - rev = "6842b5c706d8eaf4608d984669463f441f270fd1"; - sha256 = "viwC2OpvAEpvDw6Cj9Os9dS7/6UlVR4Jq9ZBHL6ELSg="; - }; - vendorHash = ""; - }; -in { - environment = { - systemPackages = [traggo-server]; - variables = { - TRAGGO_DEFAULT_USER_NAME = "sioodmy"; - TRAGGO_DEFAULT_USER_PASS = "sioodmy"; - }; - }; - - networking.firewall.allowedUDPPorts = [3030]; - - systemd.services.traggo = { - description = "self-hosted tag-based time tracking"; - wantedBy = ["multi-user.target"]; - wants = ["network.target"]; - after = [ - "network-online.target" - "NetworkManager.service" - "systemd-resolved.service" - ]; - serviceConfig = { - ExecStart = ''${traggo-server}/bin/traggo-server''; - Restart = "always"; - }; - }; -}