hosts/{caramel,dandelion}: decommission

2025-03-15 22:50:44 +11:00 · 2025-03-15 22:50:44 +11:00 · bebaa0c14f
commit bebaa0c14f
parent 4a71a4cb79
12 changed files with 0 additions and 308 deletions
--- a/flake.nix
+++ b/flake.nix
@ -87,19 +87,8 @@
    in
    {
      nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" true [];
      nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true [];
      nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" true [];
      nixosConfigurations."caramel" = mkSystem nixpkgs-raccoon "caramel" "aarch64-linux" false [{
        nixpkgs.overlays = [
          (self: super: {
            makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
          })
        ];
      }];
      nixosConfigurations."sugarcane" = mkSystem nixpkgs-raccoon "sugarcane" "x86_64-linux" false [];
      nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" false [];
      packages."x86_64-linux" =
        let
          pkgs = import nixpkgs rec {
@ -119,7 +108,6 @@
          };
        in
        {
          caramel-img = self.nixosConfigurations."caramel".config.system.build.sdImage;
        };
      # TODO: currently broken
--- a/hosts/caramel/default.nix
+++ b/hosts/caramel/default.nix
@ -1,43 +0,0 @@
 { config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
  networking.hostName = "caramel";
  system.stateVersion = "22.11";
  time.timeZone = "Asia/Phnom_Penh";
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
    passwd.file = ../../secrets/passwd.age;
    warden_admin.file = ../../secrets/warden_admin.age;
    wpa_conf.file = ../../secrets/wpa_conf.age;
    wg_caramel.file = ../../secrets/wg_caramel.age;
  };
  imports =
    (with modules.system; [
      "${builtins.toString modulesPath}/installer/sd-card/sd-image-aarch64.nix"
      inputs.home-manager-raccoon.nixosModule
      base
      home-manager
      input
      nix-stable
      security
      transmission
      wireguard
      ./filesystem.nix
      ./kernel.nix
      ./image.nix
      ./networking.nix
      ./packages.nix
      ../../users/hana
    ]) ++
    (with modules.services; [
 #       nginx
 #       postgres
 #       synapse
      jellyfin
      sonarr
      tmptsync
      unbound
    ]);
 }
--- a/hosts/caramel/filesystem.nix
+++ b/hosts/caramel/filesystem.nix
@ -1,50 +0,0 @@
 { config, lib, ... }:
 let
  bind = src: {
    depends = [ "/persist" ];
    device = src;
    fsType = "none";
    neededForBoot = true;
    options = [ "bind" ];
  };
 in {
  fileSystems = {
    "/" = lib.mkForce {
      device = "rootfs";
      fsType = "tmpfs";
      options = [ "defaults" "size=1G" "mode=755" ];
    };
    # "/nix" = {
    #   device = "overlayfs";
    #   fsType = "overlay";
    #   options = [
    #     "lowerdir=/mnt/image/nix"
    #     "upperdir=/persist/nix-overlay"
    #     "workdir=/persist/.overlaytmp"
    #   ];
    #   noCheck = true;
    #   depends = [ "/mnt/image" "/persist" ];
    # };
    "/nix" = (bind "/mnt/image/nix") // { depends = [ "/mnt/image" ]; };
    "/mnt/image" = {
      device = "/dev/disk/by-label/NIXOS_SD";
      fsType = "ext4";
      options = [ "defaults" "noatime" ];
      neededForBoot = true;
    };
    "/persist" = {
      device = "/dev/disk/by-label/PI_HDD";
      fsType = "ext4";
      options = [ "defaults" "relatime" ];
      neededForBoot = true;
    };
    "/var/lib/acme" = bind "/persist/acme";
    "/var/log/journal" = bind "/persist/journal";
    "/boot" = (bind "/mnt/image/boot") // { depends = [ "/mnt/image" ]; };
  };
 }
--- a/hosts/caramel/image.nix
+++ b/hosts/caramel/image.nix
@ -1,29 +0,0 @@
 { config, lib, pkgs, ... }: {
  sdImage.expandOnBoot = false;
  boot.postBootCommands = ''
    # On the first boot do some maintenance tasks
    if [ -f /mnt/image/nix-path-registration ]; then
      set -euo pipefail
      set -x
      # Figure out device names for the boot device and root filesystem.
      rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /mnt/image)
      bootDevice=$(lsblk -npo PKNAME $rootPart)
      partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
      # Resize the root partition and the filesystem to fit the disk
      echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
      ${pkgs.parted}/bin/partprobe
      ${pkgs.e2fsprogs}/bin/resize2fs $rootPart
      # Register the contents of the initial Nix store
      ${config.nix.package.out}/bin/nix-store --load-db < /mnt/image/nix-path-registration
      # nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
      touch /etc/NIXOS
      ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
      # Prevents this from running on later boots.
      rm -f /mnt/image/nix-path-registration
    fi
  '';
 }
--- a/hosts/caramel/kernel.nix
+++ b/hosts/caramel/kernel.nix
@ -1,15 +0,0 @@
 { config, inputs, lib, pkgs, ... }: {
  imports = [
    inputs.nixos-hardware.nixosModules.raspberry-pi-4
  ];
  hardware.raspberry-pi."4".fkms-3d.enable = true;
  boot = {
    initrd.kernelModules = [ "overlay" ];
    supportedFilesystems = lib.mkForce [ "btrfs" "vfat" ];
    kernel.sysctl = {
      "kernel.core_pattern" = "|/bin/false";
      "kernel.sysrq" = 1;
    };
  };
 }
--- a/hosts/caramel/networking.nix
+++ b/hosts/caramel/networking.nix
@ -1,35 +0,0 @@
 { config, ... }: {
  environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
  networking = {
    firewall.allowedTCPPorts = [ 80 443 ];
    wireless = {
      enable = true;
      interfaces = [ "wlan0" ];
    };
    useDHCP = false;
    interfaces.wlan0.useDHCP = false;
    interfaces.wlan0.ipv4.addresses = [{
      address = "192.168.100.15";
      prefixLength = 24;
    }];
    defaultGateway = "192.168.100.1";
    nameservers = [ "8.8.8.8" ];
    extraHosts = ''
      192.168.100.12 strawberry
      192.168.100.13 blossom
    '';
  };
  # wait for ntp before connecting to wireguard
  systemd = {
    additionalUpstreamSystemUnits = [ "systemd-time-wait-sync.service" ];
    services = {
      "systemd-time-wait-sync".wantedBy = [ "multi-user.target" ];
      "wireguard-wg0".after = [ "time-sync.target" ];
    };
  };
 }
--- a/hosts/caramel/packages.nix
+++ b/hosts/caramel/packages.nix
@ -1,14 +0,0 @@
 { lib, pkgs, ... }: {
  environment.systemPackages = with pkgs; [
    git
    htop
    jq
    neovim
    rsync
    sshfs
    wget
    kitty.terminfo
  ];
  environment.variables.EDITOR = "nvim";
 }
--- a/hosts/dandelion/default.nix
+++ b/hosts/dandelion/default.nix
@ -1,31 +0,0 @@
 { config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
  networking.hostName = "dandelion";
  system.stateVersion = "23.11";
  time.timeZone = "Australia/Melbourne";
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
  };
  imports = with modules.system; [
    (modulesPath + "/profiles/qemu-guest.nix")
    inputs.home-manager-stable.nixosModule
    base
    home-manager
    input
    nix-stable
    security
    #wireguard
    modules.services.nginx
    modules.services.postgres
    ./filesystem.nix
    ./kernel.nix
    ./networking.nix
    ./packages.nix
    ../../users/hana
  ];
 }
--- a/hosts/dandelion/filesystem.nix
+++ b/hosts/dandelion/filesystem.nix
@ -1,35 +0,0 @@
 { config, lib, ... }:
 let
  bind = src: {
    depends = [ "/nix" ];
    device = src;
    fsType = "none";
    neededForBoot = true;
    options = [ "bind" ];
  };
  mkLabelMount = label: type: lazy: {
    device = "/dev/disk/by-label/${label}";
    fsType = type;
    options = [ "defaults" "relatime" ] ++ lib.optionals lazy [ "nofail" ];
  };
  mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" false // {
    options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
  };
  submount = mkBtrfsMount "DANDELION";
 in {
  fileSystems = {
    "/" = {
      device = "rootfs";
      fsType = "tmpfs";
      options = [ "defaults" "size=12G" "mode=755" ];
    };
    "/boot" = submount "/@/boot" false;
    "/boot/efi" = mkLabelMount "UEFI" "vfat" true;
    "/nix" = submount "/@/nix" false;
    "/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
    "/persist/.snapshots" = submount "/snap/persist" false;
    "/var/log/journal" = bind "/persist/journal";
  };
 }
--- a/hosts/dandelion/kernel.nix
+++ b/hosts/dandelion/kernel.nix
@ -1,20 +0,0 @@
 { config, inputs, pkgs, ... }: {
  boot = {
    loader = {
      systemd-boot.enable = false;
      efi.canTouchEfiVariables = true;
      efi.efiSysMountPoint = "/boot/efi";
      grub = {
        enable = true;
        efiSupport = true;
        device = "/dev/sda";
      };
    };
    initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
    initrd.kernelModules = [ "nvme" ];
    kernel.sysctl = {
      "kernel.core_pattern" = "|/bin/false";
      "kernel.sysrq" = 1;
    };
  };
 }
--- a/hosts/dandelion/networking.nix
+++ b/hosts/dandelion/networking.nix
@ -1,10 +0,0 @@
 { config, ... }: {
  networking = {
    useDHCP = true;
    # extraHosts = ''
    #   10.100.0.3 blossom
    #   10.100.0.4 strawberry
    # '';
  };
 }
--- a/hosts/dandelion/packages.nix
+++ b/hosts/dandelion/packages.nix
@ -1,14 +0,0 @@
 { lib, pkgs, ... }: {
  environment.systemPackages = with pkgs; [
    git
    htop
    jq
    neovim
    rsync
    sshfs
    wget
    kitty.terminfo
  ];
  environment.variables.EDITOR = "nvim";
 }