commit 21e3076474b526701ac5e906cc2570286dc1a0d8 (tree)
parent 6a4149d6ef857fc381d06a926de51e1d6ed164e2
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date: Tue, 1 Jul 2025 19:10:38 +0000
rm fra1-b
Diffstat:
13 files changed, 1 insertion(+), 332 deletions(-)
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@ Flakes:
$ deploy --interactive '#fwminex'
- $ nix build .#deploy.nodes.fra1-b.profiles.system.path
+ $ nix build .#deploy.nodes.fra1-c.profiles.system.path
Other:
diff --git a/data.nix b/data.nix
@@ -14,8 +14,6 @@ rec {
borgstor = 504;
jakstpub = 505;
-
- remote-builder = 508;
};
ports = {
@@ -79,23 +77,6 @@ rec {
publicIP = "128.140.60.129";
system = "x86_64-linux";
};
- "fra1-b.jakst.vpn" = rec {
- extraHostNames = [
- "fra1-b.jakstys.lt"
- "fra1-b"
- publicIP
- ];
- publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP1tL1FQeKE+28ATuD4USa4oAdPkONfk4uF/McMm+2sy";
- publicIP = "188.245.84.21";
- system = "aarch64-linux";
- supportedFeatures = [
- "nixos-test"
- "benchmark"
- "big-parallel"
- "kvm"
- "gccarch-armv8-a"
- ];
- };
"vno1-gdrx.jakst.vpn" = rec {
extraHostNames = [
"vno1-gdrx"
@@ -161,7 +142,6 @@ rec {
jakstysLTZone =
let
- fra1b = hosts."fra1-b.jakst.vpn".publicIP;
fra1c = hosts."fra1-c.jakst.vpn".publicIP;
vno1 = hosts."fwminex.jakst.vpn".publicIP;
vno4 = hosts."vno4-rutx11.jakst.vpn".publicIP;
@@ -185,7 +165,6 @@ rec {
auth A ${vno1}
dl A ${vno1}
up A ${vno1}
- fra1-b A ${fra1b}
fra1-c A ${fra1c}
vno4 A ${vno4}
r1 A ${vno1}
diff --git a/flake.nix b/flake.nix
@@ -197,21 +197,6 @@
} // inputs;
};
- fra1-b = nixpkgs.lib.nixosSystem {
- system = "aarch64-linux";
- modules = [
- { nixpkgs.overlays = overlays; }
- agenix.nixosModules.default
- home-manager.nixosModules.home-manager
- ./hosts/fra1-b/configuration.nix
- ./modules
- ];
-
- specialArgs = {
- inherit myData;
- } // inputs;
- };
-
fra1-c = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
@@ -274,17 +259,6 @@
};
};
- fra1-b = {
- hostname = "fra1-b.jakst.vpn";
- profiles = {
- system = {
- sshUser = "motiejus";
- path = self.nixosConfigurations.fra1-b.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.fra1-b;
- user = "root";
- };
- };
- };
-
fra1-c = {
hostname = "fra1-c.jakst.vpn";
profiles = {
diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
@@ -1,153 +0,0 @@
-{
- config,
- myData,
- modulesPath,
- ...
-}:
-let
- disk = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_50294864";
-in
-{
- imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
- age.secrets = {
- motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
- root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
- sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
- ssh8022-server = {
- file = ../../secrets/ssh8022.age;
- owner = "spiped";
- path = "/var/lib/spiped/ssh8022.key";
- };
-
- };
-
- boot = {
- loader.systemd-boot.enable = true;
- initrd = {
- kernelModules = [ "usb_storage" ];
- availableKernelModules = [
- "xhci_pci"
- "virtio_scsi"
- "sr_mod"
- ];
- };
- };
-
- fileSystems = {
- "/boot" = {
- device = "${disk}-part1";
- fsType = "vfat";
- options = [
- "fmask=0022"
- "dmask=0022"
- ];
- };
- "/" = {
- device = "${disk}-part3";
- fsType = "btrfs";
- options = [
- "compress=zstd"
- "noatime"
- ];
- };
- };
-
- swapDevices = [ { device = "${disk}-part2"; } ];
-
- mj = {
- stateVersion = "24.05";
- timeZone = "UTC";
- username = "motiejus";
-
- base = {
- users = {
- enable = true;
- root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
- user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
- };
-
- unitstatus = {
- enable = true;
- email = "motiejus+alerts@jakstys.lt";
- };
-
- };
-
- services = {
- node_exporter.enable = true;
- ping_exporter.enable = true;
- tailscale.enable = true;
-
- ssh8022.server = {
- enable = true;
- keyfile = config.age.secrets.ssh8022-server.path;
- openGlobalFirewall = false;
- };
-
- remote-builder.server = {
- enable = true;
- uidgid = myData.uidgid.remote-builder;
- sshAllowSubnet = myData.subnets.tailscale.sshPattern;
- publicKeys = map (h: myData.hosts.${h}.publicKey) [
- "vno1-gdrx.jakst.vpn"
- "fwminex.jakst.vpn"
- "mtworx.jakst.vpn"
- ];
- };
-
- postfix = {
- enable = true;
- saslPasswdPath = config.age.secrets.sasl-passwd.path;
- };
-
- deployerbot = {
- follower = {
- publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
-
- enable = true;
- sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
- uidgid = myData.uidgid.updaterbot-deployee;
- };
- };
-
- };
- };
-
- services = {
- nsd = {
- enable = true;
- interfaces = [
- "0.0.0.0"
- "::"
- ];
- zones = {
- "jakstys.lt.".data = myData.jakstysLTZone;
- };
- };
- };
-
- powerManagement.cpuFreqGovernor = "performance";
-
- networking = {
- hostName = "fra1-b";
- domain = "jakst.vpn";
- useDHCP = true;
- interfaces.enp1s0.ipv6.addresses = [
- {
- address = "2a01:4f8:c012:1ba::";
- prefixLength = 64;
- }
- ];
- defaultGateway6 = {
- address = "fe80::1";
- interface = "enp1s0";
- };
- firewall = {
- allowedUDPPorts = [ 53 ];
- allowedTCPPorts = [ 53 ];
- };
- };
-
- nixpkgs.hostPlatform = "aarch64-linux";
-}
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
@@ -432,7 +432,6 @@ in
hosts = [
"fwminex.jakst.vpn"
"vno3-nk.jakst.vpn"
- "fra1-b.jakst.vpn"
"fra1-c.jakst.vpn"
"vno1-gdrx.jakst.vpn"
];
@@ -478,7 +477,6 @@ in
}
)
[
- "fra1-b.jakst.vpn"
"fra1-c.jakst.vpn"
"vno3-nk.jakst.vpn"
"fwminex.jakst.vpn"
@@ -692,17 +690,6 @@ in
macaroonSecretKeyPath = config.age.secrets.synapse-macaroon-secret-key.path;
};
- remote-builder.client =
- let
- host = myData.hosts."fra1-b.jakst.vpn";
- in
- {
- enable = true;
- inherit (host) system supportedFeatures;
- hostName = "fra1-b.jakst.vpn";
- sshKey = "/etc/ssh/ssh_host_ed25519_key";
- };
-
deployerbot = {
main = {
enable = true;
@@ -710,7 +697,6 @@ in
repo = "git@git.jakstys.lt:motiejus/config";
deployDerivations = [
".#fwminex"
- ".#fra1-b"
".#fra1-c"
".#vno3-nk"
];
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
@@ -131,18 +131,6 @@ in
toUser = config.mj.username;
};
- remote-builder.client =
- let
- host = myData.hosts."fra1-b.jakst.vpn";
- in
- {
- enable = true;
- inherit (host) system supportedFeatures;
- hostName = "fra1-b.jakst.vpn";
- sshKey = "/etc/ssh/ssh_host_ed25519_key";
- maxJobs = 2;
- };
-
node_exporter = {
enable = true;
extraSubnets = [ myData.subnets.vno1.cidr ];
diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix
@@ -139,18 +139,6 @@ in
];
};
- remote-builder.client =
- let
- host = myData.hosts."fra1-b.jakst.vpn";
- in
- {
- enable = true;
- inherit (host) system supportedFeatures;
- hostName = "fra1-b.jakst.vpn";
- sshKey = "/etc/ssh/ssh_host_ed25519_key";
- maxJobs = 2;
- };
-
deployerbot = {
follower = {
publicKeys = [ myData.hosts."fwminex.jakst.vpn".publicKey ];
diff --git a/hosts/vno3-nk/configuration.nix b/hosts/vno3-nk/configuration.nix
@@ -191,17 +191,6 @@ in
];
};
- remote-builder.client =
- let
- host = myData.hosts."fra1-b.jakst.vpn";
- in
- {
- enable = true;
- inherit (host) system supportedFeatures;
- hostName = "fra1-b.jakst.vpn";
- sshKey = "/etc/ssh/ssh_host_ed25519_key";
- };
-
postfix = {
enable = true;
saslPasswdPath = config.age.secrets.sasl-passwd.path;
diff --git a/modules/services/default.nix b/modules/services/default.nix
@@ -19,7 +19,6 @@
./ping_exporter
./postfix
./printing
- ./remote-builder
./ssh8022
./syncthing
./syncthing-relay
diff --git a/modules/services/ping_exporter/default.nix b/modules/services/ping_exporter/default.nix
@@ -33,7 +33,6 @@ in
"github.com"
"jakstys.lt"
- "fra1-b.jakstys.lt"
"fra1-c.jakstys.lt"
"vno3-nk.jakst.vpn"
diff --git a/modules/services/remote-builder/default.nix b/modules/services/remote-builder/default.nix
@@ -1,72 +0,0 @@
-{ config, lib, ... }:
-{
- options.mj.services.remote-builder = with lib.types; {
- server = {
- enable = lib.mkEnableOption "Enable remote builder server";
- uidgid = lib.mkOption { type = int; };
- sshAllowSubnet = lib.mkOption { type = str; };
- publicKeys = lib.mkOption { type = listOf str; };
- };
- client = {
- enable = lib.mkEnableOption "Enable remote builder client";
- system = lib.mkOption {
- type = enum [
- "aarch64-linux"
- "x86_64-linux"
- ];
- };
- hostName = lib.mkOption { type = str; };
- sshKey = lib.mkOption { type = path; };
- supportedFeatures = lib.mkOption { type = listOf str; };
- maxJobs = lib.mkOption {
- type = int;
- default = 1;
- };
- };
- };
-
- config = lib.mkMerge [
- (
- let
- cfg = config.mj.services.remote-builder.server;
- in
- lib.mkIf cfg.enable {
- users.users.remote-builder = {
- description = "Remote Builder";
- home = "/var/lib/remote-builder";
- shell = "/bin/sh";
- group = "remote-builder";
- isSystemUser = true;
- createHome = true;
- uid = cfg.uidgid;
- openssh.authorizedKeys.keys = map (k: ''from="${cfg.sshAllowSubnet}" ${k}'') cfg.publicKeys;
- };
- users.groups.remote-builder.gid = cfg.uidgid;
- nix.settings.trusted-users = [ "remote-builder" ];
- }
- )
- (
- let
- cfg = config.mj.services.remote-builder.client;
- in
- lib.mkIf cfg.enable {
- nix = {
- buildMachines = [
- {
- inherit (cfg)
- hostName
- system
- sshKey
- supportedFeatures
- ;
- protocol = "ssh-ng";
- sshUser = "remote-builder";
- }
- ];
- distributedBuilds = true;
- extraOptions = "builders-use-substitutes = true";
- };
- }
- )
- ];
-}
diff --git a/modules/services/ssh8022/default.nix b/modules/services/ssh8022/default.nix
@@ -33,12 +33,6 @@
Host fra1-c
HostName fra1-c.jakstys.lt
ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile}
-
- Host fra1-b.jakstys.lt jakstys.lt
- ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile}
- Host fra1-b
- HostName fra1-b.jakstys.lt
- ProxyCommand ${pkgs.spiped}/bin/spipe -t %h:8022 -k ${cfg.keyfile}
'';
}
)
diff --git a/secrets.nix b/secrets.nix
@@ -8,7 +8,6 @@ let
fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey;
vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey;
- fra1-b = (import ./data.nix).hosts."fra1-b.jakst.vpn".publicKey;
fra1-c = (import ./data.nix).hosts."fra1-c.jakst.vpn".publicKey;
mtworx = (import ./data.nix).hosts."mtworx.jakst.vpn".publicKey;
vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
@@ -16,7 +15,6 @@ let
systems = [
fwminex
vno3-nk
- fra1-b
fra1-c
vno1-gdrx
mtworx
