rm vno3-rp3b

2024-12-01 23:05:41 +02:00 · 2024-12-01 23:05:41 +02:00 · e079259376
commit e079259376
parent 08c740909f
6 changed files with 40 additions and 235 deletions
--- a/data.nix
+++ b/data.nix
@ -48,11 +48,6 @@ rec {
  };

  hosts = {
-    "vno3-rp3b.servers.jakst" = rec {
-      extraHostNames = [ jakstIP ];
-      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBudUFFEBpUVdr26vLJup8Hk6wj1iDbOPPQnJbv6GUGC";
-      jakstIP = "100.89.176.2";
-    };
    "fra1-b.servers.jakst" = rec {
      extraHostNames = [
        "fra1-b.jakstys.lt"
--- a/flake.nix
+++ b/flake.nix
@ -194,21 +194,6 @@
          } // inputs;
        };

-        vno3-rp3b = nixpkgs.lib.nixosSystem {
-          system = "aarch64-linux";
-          modules = [
-            { nixpkgs.overlays = overlays; }
-            ./hosts/vno3-rp3b/configuration.nix
-            ./modules
-            agenix.nixosModules.default
-            home-manager.nixosModules.home-manager
-          ];
-
-          specialArgs = {
-            inherit myData;
-          } // inputs;
-        };
-
        fra1-b = nixpkgs.lib.nixosSystem {
          system = "aarch64-linux";
          modules = [
@ -260,17 +245,6 @@
          };
        };

-        vno3-rp3b = {
-          hostname = myData.hosts."vno3-rp3b.servers.jakst".jakstIP;
-          profiles = {
-            system = {
-              sshUser = "motiejus";
-              path = self.nixosConfigurations.vno3-rp3b.pkgs.deploy-rs.lib.activate.nixos self.nixosConfigurations.vno3-rp3b;
-              user = "root";
-            };
-          };
-        };
-
        fra1-b = {
          hostname = myData.hosts."fra1-b.servers.jakst".jakstIP;
          profiles = {
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@ -496,42 +496,47 @@ in
        enable = true;
        passwordPath = config.age.secrets.borgbackup-password.path;
        sshKeyPath = "/etc/ssh/ssh_host_ed25519_key";
-        dirs = builtins.concatMap (
-          host:
-          let
-            prefix = "${host}:${config.networking.hostName}.${config.networking.domain}";
-          in
-          [
-            {
-              subvolume = "/var/lib";
-              repo = "${prefix}-var_lib";
-              paths = [
-                "hass"
-                "gitea"
-                "caddy"
-                "grafana"
-                "headscale"
-                "bitwarden_rs"
-                "matrix-synapse"
-                "private/soju"
+        dirs =
+          builtins.concatMap
+            (
+              host:
+              let
+                prefix = "${host}:${config.networking.hostName}.${config.networking.domain}";
+              in
+              [
+                {
+                  subvolume = "/var/lib";
+                  repo = "${prefix}-var_lib";
+                  paths = [
+                    "hass"
+                    "gitea"
+                    "caddy"
+                    "grafana"
+                    "headscale"
+                    "bitwarden_rs"
+                    "matrix-synapse"
+                    "private/soju"

-                # https://immich.app/docs/administration/backup-and-restore/
-                "immich/library"
-                "immich/upload"
-                "immich/profile"
-                "postgresql"
-              ];
-              patterns = [ "- gitea/data/repo-archive/" ];
-              backup_at = "*-*-* 01:00:01 UTC";
-            }
-            {
-              subvolume = "/home";
-              repo = "${prefix}-home-motiejus-annex2";
-              paths = [ "motiejus/annex2" ];
-              backup_at = "*-*-* 02:30:01 UTC";
-            }
-          ]
-        );
+                    # https://immich.app/docs/administration/backup-and-restore/
+                    "immich/library"
+                    "immich/upload"
+                    "immich/profile"
+                    "postgresql"
+                  ];
+                  patterns = [ "- gitea/data/repo-archive/" ];
+                  backup_at = "*-*-* 01:00:01 UTC";
+                }
+                {
+                  subvolume = "/home";
+                  repo = "${prefix}-home-motiejus-annex2";
+                  paths = [ "motiejus/annex2" ];
+                  backup_at = "*-*-* 02:30:01 UTC";
+                }
+              ]
+            )
+            [
+              "zh2769@zh2769.rsync.net"
+            ];
      };

      btrfssnapshot = {
--- a/hosts/vno3-rp3b/configuration.nix
+++ b/hosts/vno3-rp3b/configuration.nix
@ -1,166 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running `nixos-help`).
-{
-  config,
-  pkgs,
-  myData,
-  ...
-}:
-{
-  imports = [ ../../modules/profiles/sdcard ];
-
-  age.secrets = {
-    motiejus-passwd-hash.file = ../../secrets/motiejus_passwd_hash.age;
-    root-passwd-hash.file = ../../secrets/root_passwd_hash.age;
-    sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
-  };
-
-  boot = {
-    initrd = {
-      availableKernelModules = [ "usbhid" ];
-      kernelModules = [
-        "vc4"
-        "bcm2835_dma"
-      ];
-      luks.devices = {
-        luksdata = {
-          device = "/dev/disk/by-uuid/efa9b396-9ec0-40f7-a0d0-75edc0f6d5ad";
-          allowDiscards = true;
-          keyFileOffset = 9728;
-          keyFileSize = 512;
-          keyFile = "/dev/mmcblk1";
-        };
-      };
-
-    };
-    loader = {
-      grub.enable = false;
-      generic-extlinux-compatible.enable = true;
-    };
-
-    kernelModules = [ ];
-    extraModulePackages = [ ];
-  };
-
-  powerManagement.cpuFreqGovernor = "ondemand";
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
-      fsType = "ext4";
-    };
-    "/data" = {
-      device = "/dev/mapper/luksdata";
-      fsType = "btrfs";
-      options = [ "compress=zstd" ];
-    };
-  };
-
-  swapDevices = [ ];
-
-  mj = {
-    stateVersion = "23.05";
-    timeZone = "Europe/Vilnius";
-    username = "motiejus";
-
-    base = {
-      #zfs.enable = true;
-      users = {
-        enable = true;
-        root.hashedPasswordFile = config.age.secrets.root-passwd-hash.path;
-        user.hashedPasswordFile = config.age.secrets.motiejus-passwd-hash.path;
-      };
-      unitstatus = {
-        enable = true;
-        email = "motiejus+alerts@jakstys.lt";
-      };
-
-      #snapshot = {
-      #  enable = true;
-      #  mountpoints = [ "/data/shared" ];
-      #};
-    };
-
-    services = {
-      printing.enable = true;
-      tailscale.enable = true;
-      node_exporter.enable = true;
-      ping_exporter.enable = true;
-
-      #borgstor = {
-      #  enable = true;
-      #  dataDir = "/data/borg";
-      #  sshKeys = with myData; [
-      #    hosts."fwminex.servers.jakst".publicKey
-      #    people_pubkeys.motiejus
-      #  ];
-      #};
-
-      postfix = {
-        enable = true;
-        saslPasswdPath = config.age.secrets.sasl-passwd.path;
-      };
-
-      deployerbot = {
-        follower = {
-          publicKeys = [ myData.hosts."fwminex.servers.jakst".publicKey ];
-
-          enable = true;
-          sshAllowSubnets = [ myData.subnets.tailscale.sshPattern ];
-          uidgid = myData.uidgid.updaterbot-deployee;
-        };
-      };
-
-      #jakstpub = {
-      #  enable = true;
-      #  dataDir = "/data/shared";
-      #  requires = [ "data-shared.mount" ];
-      #  uidgid = myData.uidgid.jakstpub;
-      #  hostname = "hdd.jakstys.lt";
-      #};
-    };
-  };
-
-  services = {
-    chrony.extraConfig = ''
-      makestep 1 -1
-    '';
-
-    # shared printing
-    avahi = {
-      enable = true;
-      nssmdns4 = true;
-      openFirewall = true;
-      publish = {
-        enable = true;
-        userServices = true;
-      };
-    };
-
-    printing = {
-      openFirewall = true;
-      allowFrom = [ "all" ];
-      browsing = true;
-      defaultShared = true;
-    };
-  };
-
-  environment.systemPackages = with pkgs; [
-    raspberrypi-eeprom
-    libraspberrypi
-    borgbackup
-  ];
-
-  networking = {
-    hostId = "4bd17751";
-    hostName = "vno3-rp3b";
-    domain = "servers.jakst";
-    dhcpcd.enable = true;
-    firewall.rejectPackets = true;
-  };
-
-  nixpkgs.hostPlatform = "aarch64-linux";
-
-  security.rtkit.enable = true;
-}
--- a/secrets.nix
+++ b/secrets.nix
@ -10,11 +10,9 @@ let
  mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
  fra1-b = (import ./data.nix).hosts."fra1-b.servers.jakst".publicKey;
  vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.motiejus.jakst".publicKey;
-  vno3-rp3b = (import ./data.nix).hosts."vno3-rp3b.servers.jakst".publicKey;
  systems = [
    fra1-b
    vno1-gdrx
-    vno3-rp3b
    fwminex
    mtworx
  ];
@ -31,7 +29,6 @@ let
    );
 in
 { }
-// mk ([ vno3-rp3b ] ++ motiejus) [ "secrets/vno3-rp3b/datapool-passphrase.age" ]
 // mk ([ mtworx ] ++ motiejus) [
  "secrets/motiejus_work_passwd_hash.age"
  "secrets/root_work_passwd_hash.age"
--- a/secrets/vno3-rp3b/datapool-passphrase.age
+++ b/secrets/vno3-rp3b/datapool-passphrase.age