rm fra1-a

2024-07-31 09:06:53 +03:00
parent 613a7ec3f3
commit bd10c64250
10 changed files with 2 additions and 266 deletions
--- a/hosts/fra1-a/configuration.nix
+++ b/hosts/fra1-a/configuration.nix
@@ -1,138 +0,0 @@
-{
-  config,
-  myData,
-  modulesPath,
-  ...
-}:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  zfs-root = {
-    boot = {
-      enable = true;
-      devNodes = "/dev/disk/by-id/";
-      bootDevices = [ "scsi-0QEMU_QEMU_HARDDISK_36151096" ];
-      immutable = false;
-      availableKernelModules = [
-        "xhci_pci"
-        "virtio_pci"
-        "virtio_scsi"
-        "usbhid"
-        "sr_mod"
-        "virtio_gpu"
-      ];
-      removableEfi = true;
-      kernelParams = [ "console=tty" ];
-      sshUnlock = {
-        enable = true;
-        authorizedKeys = (builtins.attrValues myData.people_pubkeys) ++ [
-          myData.hosts."vno1-oh2.servers.jakst".publicKey
-        ];
-      };
-    };
-  };
-
-  mj = {
-    stateVersion = "23.05";
-    timeZone = "UTC";
-    username = "motiejus";
-
-    base = {
-      users = {
-        enable = true;
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
-      };
-
-      unitstatus = {
-        enable = true;
-        email = "motiejus+alerts@jakstys.lt";
-      };
-
-      snapshot = {
-        enable = true;
-        mountpoints = [ "/var/lib" ];
-      };
-    };
-
-    services = {
-      node_exporter.enable = true;
-      sshguard.enable = true;
-      tailscale.enable = true;
-
-      remote-builder.server = {
-        enable = true;
-        uidgid = myData.uidgid.remote-builder;
-        sshAllowSubnet = myData.subnets.tailscale.sshPattern;
-        publicKeys = map (h: myData.hosts.${h}.publicKey) [
-          "vno1-oh2.servers.jakst"
-          "fwminex.motiejus.jakst"
-          "mtworx.motiejus.jakst"
-        ];
-      };
-
-      postfix = {
-        enable = true;
-        saslPasswdPath = config.age.secrets.sasl-passwd.path;
-      };
-
-      deployerbot = {
-        follower = {
-          publicKeys = [
-            myData.hosts."vno1-oh2.servers.jakst".publicKey
-            myData.hosts."fwminex.motiejus.jakst".publicKey
-          ];
-
-          enable = true;
-          sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
-          uidgid = myData.uidgid.updaterbot-deployee;
-        };
-      };
-
-      zfsunlock = {
-        enable = false;
-        targets."vno1-oh2.servers.jakst" =
-          let
-            host = myData.hosts."vno1-oh2.servers.jakst";
-          in
-          {
-            sshEndpoint = host.publicIP;
-            pingEndpoint = host.jakstIP;
-            remotePubkey = host.initrdPubKey;
-            pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path;
-            startAt = "*-*-* *:00/5:00";
-          };
-      };
-    };
-  };
-
-  services = {
-    nsd = {
-      enable = true;
-      interfaces = [
-        "0.0.0.0"
-        "::"
-      ];
-      zones = {
-        "jakstys.lt.".data = myData.jakstysLTZone;
-        "11sync.net.".data = myData.e11syncZone;
-      };
-    };
-  };
-
-  networking = {
-    hostId = "bed6fa0b";
-    hostName = "fra1-a";
-    domain = "servers.jakst";
-    useDHCP = true;
-    firewall = {
-      allowedUDPPorts = [ 53 ];
-      allowedTCPPorts = [
-        22
-        53
-      ];
-    };
-  };
-
-  nixpkgs.hostPlatform = "aarch64-linux";
-}
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -155,7 +155,6 @@ in
          deployDerivations = [
            ".#fwminex"
            ".#vno1-oh2"
-            ".#fra1-a"
            ".#fra1-b"
            ".#vno3-rp3b"
          ];
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -145,14 +145,6 @@ in
        group = "users";
      };

-      #remote-builder.client = let
-      #  host = myData.hosts."fra1-a.servers.jakst";
-      #in {
-      #  enable = true;
-      #  inherit (host) system supportedFeatures;
-      #  hostName = host.jakstIP;
-      #  sshKey = "/etc/ssh/ssh_host_ed25519_key";
-      #};
    };
  };

--- a/hosts/vno1-oh2/configuration.nix
+++ b/hosts/vno1-oh2/configuration.nix
@@ -25,12 +25,6 @@
      kernelParams = [
        "ip=192.168.189.1::192.168.189.4:255.255.255.0:vno1-oh2.jakstys.lt:enp0s21f0u2:off"
      ];
-      sshUnlock = {
-        enable = true;
-        authorizedKeys = (builtins.attrValues myData.people_pubkeys) ++ [
-          myData.hosts."fra1-a.servers.jakst".publicKey
-        ];
-      };
    };
  };

@@ -229,24 +223,9 @@
        macaroonSecretKeyPath = config.age.secrets.synapse-macaroon-secret-key.path;
      };

-      zfsunlock = {
-        enable = true;
-        targets."fra1-a.servers.jakst" =
-          let
-            host = myData.hosts."fra1-a.servers.jakst";
-          in
-          {
-            sshEndpoint = host.publicIP;
-            pingEndpoint = host.jakstIP;
-            remotePubkey = host.initrdPubKey;
-            pwFile = config.age.secrets.zfs-passphrase-fra1-a.path;
-            startAt = "*-*-* *:00/5:00";
-          };
-      };
-
      remote-builder.client =
        let
-          host = myData.hosts."fra1-a.servers.jakst";
+          host = myData.hosts."fra1-b.servers.jakst";
        in
        {
          enable = true;
@@ -478,10 +457,6 @@
            job_name = "${config.networking.hostName}.${config.networking.domain}";
            static_configs = [ { targets = [ "127.0.0.1:${port}" ]; } ];
          }
-          {
-            job_name = "fra1-a.servers.jakst";
-            static_configs = [ { targets = [ "${myData.hosts."fra1-a.servers.jakst".jakstIP}:${port}" ]; } ];
-          }
          {
            job_name = "fra1-b.servers.jakst";
            static_configs = [ { targets = [ "${myData.hosts."fra1-b.servers.jakst".jakstIP}:${port}" ]; } ];