diff --git a/README.md b/README.md index 2511be7..2185021 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Flakes: $ deploy --interactive '#fwminex' - $ nix build .#deploy.nodes.fra1-b.profiles.system.path + $ nix build .#deploy.nodes.fra1-c.profiles.system.path Other: diff --git a/data.nix b/data.nix index 3a3d1ae..0f05263 100644 --- a/data.nix +++ b/data.nix @@ -14,8 +14,6 @@ rec { borgstor = 504; jakstpub = 505; - - remote-builder = 508; }; ports = { @@ -79,23 +77,6 @@ rec { publicIP = "128.140.60.129"; system = "x86_64-linux"; }; - "fra1-b.jakst.vpn" = rec { - extraHostNames = [ - "fra1-b.jakstys.lt" - "fra1-b" - publicIP - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy"; - publicIP = "188.245.84.21"; - system = "aarch64-linux"; - supportedFeatures = [ - "nixos-test" - "benchmark" - "big-parallel" - "kvm" - "gccarch-armv8-a" - ]; - }; "vno1-gdrx.jakst.vpn" = rec { extraHostNames = [ "vno1-gdrx" @@ -161,7 +142,6 @@ rec { jakstysLTZone = let - fra1b = hosts."fra1-b.jakst.vpn".publicIP; fra1c = hosts."fra1-c.jakst.vpn".publicIP; vno1 = hosts."fwminex.jakst.vpn".publicIP; vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP; @@ -185,7 +165,6 @@ rec { auth A ${vno1} dl A ${vno1} up A ${vno1} - fra1-b A ${fra1b} fra1-c A ${fra1c} vno4 A ${vno4} r1 A ${vno1} diff --git a/flake.nix b/flake.nix index c1e1f38..3421175 100644 --- a/flake.nix +++ b/flake.nix @@ -197,21 +197,6 @@ } // inputs; }; - fra1-b = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - { nixpkgs.overlays = overlays; } - agenix.nixosModules.default - home-manager.nixosModules.home-manager - ./hosts/fra1-b/configuration.nix - ./modules - ]; - - specialArgs = { - inherit myData; - } // inputs; - }; - fra1-c = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -274,17 +259,6 @@ }; }; - fra1-b = { - hostname = "fra1-b.jakst.vpn"; - profiles = { - system = { - sshUser = "motiejus"; - path = self.nixosConfigurations.fra1-b.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.fra1-b; - user = "root"; - }; - }; - }; - fra1-c = { hostname = "fra1-c.jakst.vpn"; profiles = { diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix deleted file mode 100644 index 6260ee4..0000000 --- a/hosts/fra1-b/configuration.nix +++ /dev/null @@ -1,153 +0,0 @@ -{ - config, - myData, - modulesPath, - ... -}: -let - disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_50294864"; -in -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - age.secrets = { - motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age; - root-passwd-hash.file = ../../secrets/root_passwd_hash.age; - sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; - ssh8022-server = { - file = ../../secrets/ssh8022.age; - owner = "spiped"; - path = "/var/lib/spiped/ssh8022.key"; - }; - - }; - - boot = { - loader.systemd-boot.enable = true; - initrd = { - kernelModules = [ "usb_storage" ]; - availableKernelModules = [ - "xhci_pci" - "virtio_scsi" - "sr_mod" - ]; - }; - }; - - fileSystems = { - "/boot" = { - device = "${disk}-part1"; - fsType = "vfat"; - options = [ - "fmask=0022" - "dmask=0022" - ]; - }; - "/" = { - device = "${disk}-part3"; - fsType = "btrfs"; - options = [ - "compress=zstd" - "noatime" - ]; - }; - }; - - swapDevices = [ { device = "${disk}-part2"; } ]; - - mj = { - stateVersion = "24.05"; - timeZone = "UTC"; - username = "motiejus"; - - base = { - users = { - enable = true; - root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path; - user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path; - }; - - unitstatus = { - enable = true; - email = "motiejus+alerts@jakstys.lt"; - }; - - }; - - services = { - node_exporter.enable = true; - ping_exporter.enable = true; - tailscale.enable = true; - - ssh8022.server = { - enable = true; - keyfile = config.age.secrets.ssh8022-server.path; - openGlobalFirewall = false; - }; - - remote-builder.server = { - enable = true; - uidgid = myData.uidgid.remote-builder; - sshAllowSubnet = myData.subnets.tailscale.sshPattern; - publicKeys = map (h: myData.hosts.${h}.publicKey) [ - "vno1-gdrx.jakst.vpn" - "fwminex.jakst.vpn" - "mtworx.jakst.vpn" - ]; - }; - - postfix = { - enable = true; - saslPasswdPath = config.age.secrets.sasl-passwd.path; - }; - - deployerbot = { - follower = { - publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ]; - - enable = true; - sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ]; - uidgid = myData.uidgid.updaterbot-deployee; - }; - }; - - }; - }; - - services = { - nsd = { - enable = true; - interfaces = [ - "0.0.0.0" - "::" - ]; - zones = { - "jakstys.lt.".data = myData.jakstysLTZone; - }; - }; - }; - - powerManagement.cpuFreqGovernor = "performance"; - - networking = { - hostName = "fra1-b"; - domain = "jakst.vpn"; - useDHCP = true; - interfaces.enp1s0.ipv6.addresses = [ - { - address = "2a01:4f8:c012:1ba::"; - prefixLength = 64; - } - ]; - defaultGateway6 = { - address = "fe80::1"; - interface = "enp1s0"; - }; - firewall = { - allowedUDPPorts = [ 53 ]; - allowedTCPPorts = [ 53 ]; - }; - }; - - nixpkgs.hostPlatform = "aarch64-linux"; -} diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix index 2f202e0..9da748b 100644 --- a/hosts/fwminex/configuration.nix +++ b/hosts/fwminex/configuration.nix @@ -432,7 +432,6 @@ in hosts = [ "fwminex.jakst.vpn" "vno3-nk.jakst.vpn" - "fra1-b.jakst.vpn" "fra1-c.jakst.vpn" "vno1-gdrx.jakst.vpn" ]; @@ -478,7 +477,6 @@ in } ) [ - "fra1-b.jakst.vpn" "fra1-c.jakst.vpn" "vno3-nk.jakst.vpn" "fwminex.jakst.vpn" @@ -692,17 +690,6 @@ in macaroonSecretKeyPath = config.age.secrets.synapse-macaroon-secret-key.path; }; - remote-builder.client = - let - host = myData.hosts."fra1-b.jakst.vpn"; - in - { - enable = true; - inherit (host) system supportedFeatures; - hostName = "fra1-b.jakst.vpn"; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - }; - deployerbot = { main = { enable = true; @@ -710,7 +697,6 @@ in repo = "git@git.jakstys.lt:motiejus/config"; deployDerivations = [ ".#fwminex" - ".#fra1-b" ".#fra1-c" ".#vno3-nk" ]; diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix index 1a75d16..be7a325 100644 --- a/hosts/mtworx/configuration.nix +++ b/hosts/mtworx/configuration.nix @@ -131,18 +131,6 @@ in toUser = config.mj.username; }; - remote-builder.client = - let - host = myData.hosts."fra1-b.jakst.vpn"; - in - { - enable = true; - inherit (host) system supportedFeatures; - hostName = "fra1-b.jakst.vpn"; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - maxJobs = 2; - }; - node_exporter = { enable = true; extraSubnets = [ myData.subnets.vno1.cidr ]; diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix index a32fb9e..5e54b8d 100644 --- a/hosts/vno1-gdrx/configuration.nix +++ b/hosts/vno1-gdrx/configuration.nix @@ -139,18 +139,6 @@ in ]; }; - remote-builder.client = - let - host = myData.hosts."fra1-b.jakst.vpn"; - in - { - enable = true; - inherit (host) system supportedFeatures; - hostName = "fra1-b.jakst.vpn"; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - maxJobs = 2; - }; - deployerbot = { follower = { publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ]; diff --git a/hosts/vno3-nk/configuration.nix b/hosts/vno3-nk/configuration.nix index 135d58d..0e611b8 100644 --- a/hosts/vno3-nk/configuration.nix +++ b/hosts/vno3-nk/configuration.nix @@ -191,17 +191,6 @@ in ]; }; - remote-builder.client = - let - host = myData.hosts."fra1-b.jakst.vpn"; - in - { - enable = true; - inherit (host) system supportedFeatures; - hostName = "fra1-b.jakst.vpn"; - sshKey = "/etc/ssh/ssh_host_ed25519_key"; - }; - postfix = { enable = true; saslPasswdPath = config.age.secrets.sasl-passwd.path; diff --git a/modules/services/default.nix b/modules/services/default.nix index 51f2f91..a2c2472 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -19,7 +19,6 @@ ./ping_exporter ./postfix ./printing - ./remote-builder ./ssh8022 ./syncthing ./syncthing-relay diff --git a/modules/services/ping_exporter/default.nix b/modules/services/ping_exporter/default.nix index 262001e..109b231 100644 --- a/modules/services/ping_exporter/default.nix +++ b/modules/services/ping_exporter/default.nix @@ -33,7 +33,6 @@ in "github.com" "jakstys.lt" - "fra1-b.jakstys.lt" "fra1-c.jakstys.lt" "vno3-nk.jakst.vpn" diff --git a/modules/services/remote-builder/default.nix b/modules/services/remote-builder/default.nix deleted file mode 100644 index 0831b64..0000000 --- a/modules/services/remote-builder/default.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, ... }: -{ - options.mj.services.remote-builder = with lib.types; { - server = { - enable = lib.mkEnableOption "Enable remote builder server"; - uidgid = lib.mkOption { type = int; }; - sshAllowSubnet = lib.mkOption { type = str; }; - publicKeys = lib.mkOption { type = listOf str; }; - }; - client = { - enable = lib.mkEnableOption "Enable remote builder client"; - system = lib.mkOption { - type = enum [ - "aarch64-linux" - "x86_64-linux" - ]; - }; - hostName = lib.mkOption { type = str; }; - sshKey = lib.mkOption { type = path; }; - supportedFeatures = lib.mkOption { type = listOf str; }; - maxJobs = lib.mkOption { - type = int; - default = 1; - }; - }; - }; - - config = lib.mkMerge [ - ( - let - cfg = config.mj.services.remote-builder.server; - in - lib.mkIf cfg.enable { - users.users.remote-builder = { - description = "Remote Builder"; - home = "/var/lib/remote-builder"; - shell = "/bin/sh"; - group = "remote-builder"; - isSystemUser = true; - createHome = true; - uid = cfg.uidgid; - openssh.authorizedKeys.keys = map (k: ''from="${cfg.sshAllowSubnet}" ${k}'') cfg.publicKeys; - }; - users.groups.remote-builder.gid = cfg.uidgid; - nix.settings.trusted-users = [ "remote-builder" ]; - } - ) - ( - let - cfg = config.mj.services.remote-builder.client; - in - lib.mkIf cfg.enable { - nix = { - buildMachines = [ - { - inherit (cfg) - hostName - system - sshKey - supportedFeatures - ; - protocol = "ssh-ng"; - sshUser = "remote-builder"; - } - ]; - distributedBuilds = true; - extraOptions = "builders-use-substitutes = true"; - }; - } - ) - ]; -} diff --git a/modules/services/ssh8022/default.nix b/modules/services/ssh8022/default.nix index 1220add..ca66c24 100644 --- a/modules/services/ssh8022/default.nix +++ b/modules/services/ssh8022/default.nix @@ -33,12 +33,6 @@ Host fra1-c HostName fra1-c.jakstys.lt ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile} - - Host fra1-b.jakstys.lt jakstys.lt - ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile} - Host fra1-b - HostName fra1-b.jakstys.lt - ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile} ''; } ) diff --git a/secrets.nix b/secrets.nix index 56a4fdf..8903ba1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,7 +8,6 @@ let fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey; vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey; - fra1-b = (import ./data.nix).hosts."fra1-b.jakst.vpn".publicKey; fra1-c = (import ./data.nix).hosts."fra1-c.jakst.vpn".publicKey; mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey; vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey; @@ -16,7 +15,6 @@ let systems = [ fwminex vno3-nk - fra1-b fra1-c vno1-gdrx mtworx