From 5ad39391cff77ceb939ea4dbd75aeea6b022f333 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 7 Nov 2023 19:27:01 +0100 Subject: [PATCH 1/2] hosts/schule: remove host --- flake.lock | 17 ---- flake.nix | 2 - hosts/porter/configuration.nix | 33 ------- hosts/schule/configuration.nix | 125 ------------------------ hosts/schule/hardware-configuration.nix | 32 ------ hosts/schule/ssh.pub | 1 - lib/flake-helper.nix | 2 +- 7 files changed, 1 insertion(+), 211 deletions(-) delete mode 100644 hosts/schule/configuration.nix delete mode 100644 hosts/schule/hardware-configuration.nix delete mode 100644 hosts/schule/ssh.pub diff --git a/flake.lock b/flake.lock index e942b57..1d665c6 100644 --- a/flake.lock +++ b/flake.lock @@ -207,22 +207,6 @@ "type": "github" } }, - "nixpkgs-schule": { - "locked": { - "lastModified": 1679437018, - "narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1697456312, @@ -249,7 +233,6 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", "nixpkgs-krypton": "nixpkgs-krypton", - "nixpkgs-schule": "nixpkgs-schule", "solid-xmpp-alarm": "solid-xmpp-alarm" } }, diff --git a/flake.nix b/flake.nix index b01750e..9830c65 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-krypton.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixpkgs-schule.url = "github:NixOS/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; agenix = { url = "github:ryantm/agenix"; @@ -69,7 +68,6 @@ osmium = { name = "osmium"; }; palladium = { name = "palladium"; }; porter = { name = "porter"; }; - schule = { name = "schule"; }; storage-2 = { name = "storage-2"; }; web-2 = { name = "web-2"; }; zinc = { name = "zinc"; }; diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix index beb13b5..d74c7e9 100644 --- a/hosts/porter/configuration.nix +++ b/hosts/porter/configuration.nix @@ -21,32 +21,6 @@ networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; networking.nameservers = [ "46.38.255.230" "46.38.252.230" ]; - services.nginx.enable = true; - services.nginx.virtualHosts.default = lib.mkForce {}; - services.nginx.virtualHosts."*.schule.clerie.de" = { - locations."/" = { - proxyPass = "http://schule.net.clerie.de"; - }; - }; - - services.sniproxy = { - enable = true; - config = '' - error_log { - filename /var/log/sniproxy/error.log - } - access_log { - filename /var/log/sniproxy/access.log - } - listen 443 { - proto tls - } - table { - ^.*\.schule\.clerie\.de$ [2001:638:904:ffcb::d] - } - ''; - }; - clerie.nginx-port-forward = { enable = true; tcpPorts."2022" = { @@ -55,13 +29,6 @@ }; }; - services.chisel-server = { - enable = false; - host = "[::1]"; - port = 3765; - authfile = "/var/src/secrets/chisel/users.json"; - }; - services.snowflake-proxy.enable = true; networking.firewall.allowedTCPPorts = [ 80 443 ]; diff --git a/hosts/schule/configuration.nix b/hosts/schule/configuration.nix deleted file mode 100644 index 3b7078c..0000000 --- a/hosts/schule/configuration.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = - [ - ./hardware-configuration.nix - ]; - - boot.kernelParams = [ "console=ttyS0,115200n8" ]; - - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/vda"; - - boot.loader.grub.extraConfig = '' - serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1 - terminal_input serial - terminal_output serial - ''; - - networking.hostName = "schule"; - - networking.useDHCP = false; - networking.interfaces.ens18.useDHCP = false; - networking.interfaces.ens18.ipv4.addresses = [ { address = "192.168.10.37"; prefixLength = 24; } ]; - networking.interfaces.ens19.ipv6.addresses = [ { address = "2001:638:904:ffcb::d"; prefixLength = 64; } ]; - networking.defaultGateway6 = { address = "2001:638:904:ffcb::1"; interface = "ens19"; }; - networking.defaultGateway = { address = "192.168.10.1"; interface = "ens18"; }; - networking.nameservers = [ "141.24.40.3" "141.24.40.4" ]; - - users.users.lord.isNormalUser = true; - - users.users.js.isNormalUser = true; - - services.openssh.settings = { - PasswordAuthentication = lib.mkForce true; - ChallengeResponseAuthentication = lib.mkForce true; - }; - - services.ttyd = { - enable = true; - port = 8436; - enableIPv6 = true; - interface = "::1"; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 8436 ]; - - services.nginx = { - enable = true; - - virtualHosts = { - "term.schule.clerie.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - basicAuthFile = "/var/src/secrets/nginx/htpasswd"; - proxyPass = "http://[::1]:8436"; - proxyWebsockets = true; - }; - }; - - "term.v6.schule.clerie.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - basicAuthFile = "/var/src/secrets/nginx/htpasswd"; - proxyPass = "http://[::1]:8436"; - proxyWebsockets = true; - }; - }; - - "ports.schule.clerie.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - return = ''200 "Some piece of infrastructure\n"''; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - ''; - }; - }; - - "\"~^(?[0-9]{4,5})\.ports\.schule\.clerie\.de$\"" = { - forceSSL = true; - sslCertificate = "${config.security.acme.certs."ports.schule.clerie.de".directory}/fullchain.pem"; - sslCertificateKey = "${config.security.acme.certs."ports.schule.clerie.de".directory}/key.pem"; - locations."/" = { - basicAuthFile = "/var/src/secrets/nginx/htpasswd"; - proxyPass = "http://127.0.0.1:$requestedport"; - proxyWebsockets = true; - }; - }; - - "ports.v6.schule.clerie.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - return = ''200 "Some piece of infrastructure\n"''; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - ''; - }; - }; - - "\"~^(?[0-9]{4,5})\.ports\.v6\.schule\.clerie\.de$\"" = { - forceSSL = true; - sslCertificate = "${config.security.acme.certs."ports.v6.schule.clerie.de".directory}/fullchain.pem"; - sslCertificateKey = "${config.security.acme.certs."ports.v6.schule.clerie.de".directory}/key.pem"; - locations."/" = { - basicAuthFile = "/var/src/secrets/nginx/htpasswd"; - proxyPass = "http://127.0.0.1:$requestedport"; - proxyWebsockets = true; - }; - }; - }; - }; - - services.mysql = { - enable = true; - package = pkgs.mariadb; - }; - - system.stateVersion = "22.11"; -} diff --git a/hosts/schule/hardware-configuration.nix b/hosts/schule/hardware-configuration.nix deleted file mode 100644 index 78ce7ce..0000000 --- a/hosts/schule/hardware-configuration.nix +++ /dev/null @@ -1,32 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/f24fdef6-1ace-46a4-80cf-652edb285be6"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/schule/ssh.pub b/hosts/schule/ssh.pub deleted file mode 100644 index 342684f..0000000 --- a/hosts/schule/ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIuAyY1FtMWoBdLzOkDsCro6vQjGYQduGzU9HLcSvfj diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index cbb26ea..6c05915 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -64,7 +64,7 @@ rec { }; nixpkgs.system = hostSystem.config.nixpkgs.system; imports = hostSystem._module.args.modules; - deployment.allowLocalDeployment = builtins.any (n: n == name) [ "schule" "osmium" ]; + deployment.allowLocalDeployment = builtins.any (n: n == name) [ "osmium" ]; }; mapToColmenaHosts = hosts: builtins.mapAttrs (generateColmenaHost) hosts; From 14dfcea48693ef13309c6389c41d7646c1402507 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 7 Nov 2023 21:17:33 +0100 Subject: [PATCH 2/2] flake.lock: update nixpkgs --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1d665c6..c461158 100644 --- a/flake.lock +++ b/flake.lock @@ -193,11 +193,11 @@ }, "nixpkgs-krypton": { "locked": { - "lastModified": 1697059129, - "narHash": "sha256-9NJcFF9CEYPvHJ5ckE8kvINvI84SZZ87PvqMbH6pro0=", + "lastModified": 1699099776, + "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5e4c2ada4fcd54b99d56d7bd62f384511a7e2593", + "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", "type": "github" }, "original": { @@ -209,11 +209,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1697456312, - "narHash": "sha256-roiSnrqb5r+ehnKCauPLugoU8S36KgmWraHgRqVYndo=", + "lastModified": 1699099776, + "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ca012a02bf8327be9e488546faecae5e05d7d749", + "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", "type": "github" }, "original": {