hosts/hazel: decommission

2026-03-15 19:48:08 +11:00 · 2026-03-15 19:48:08 +11:00 · f84e8c1013
commit f84e8c1013
parent 5c55793134
6 changed files with 0 additions and 174 deletions
--- a/flake.nix
+++ b/flake.nix
@ -76,7 +76,6 @@
    {
      nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" [];
      nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" [];
      nixosConfigurations."hazel" = mkSystem nixpkgs "hazel" "x86_64-linux" [];
      nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" [];
      packages."x86_64-linux" =
--- a/hosts/hazel/default.nix
+++ b/hosts/hazel/default.nix
@ -1,95 +0,0 @@
 { config, modules, pkgs, ... }:
 let
  dirs = [
    ["immich" "immich"]
    ["nextcloud" "nextcloud"]
    ["postgresql" "postgres"]
    ["redis-immich" "redis-immich"]
  ];
  rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs;
  mounts = builtins.listToAttrs (builtins.map (d: {
    name = "/var/lib/${builtins.elemAt d 0}";
    value = {
      depends = [ "/flower" ];
      device = "/flower/${builtins.elemAt d 0}";
      fsType = "none";
      options = [ "bind" ];
    };
  }) dirs);
 in
 {
  networking.hostName = "hazel";
  system.stateVersion = "24.11";
  time.timeZone = "Australia/Melbourne";
  age.secrets = {
    acme_dns.file = ../../secrets/acme_dns.age;
    wg_hazel.file = ../../secrets/wg_hazel.age;
  };
  imports = with modules.system; with modules.services; [
    home-manager-stable
    base
    kernel
    nix-stable
    packages
    security
    nginx
    unbound
    wireguard
    ./filesystem.nix
    ./kernel.nix
    ./networking.nix
    ../../users/hana
  ];
  me.environment = "headless";
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud31;
    hostName = "cloud.lava.moe";
    database.createLocally = true;
    config = {
      dbtype = "pgsql";
      adminpassFile = "/persist/nextcloud-admin-pass";
    };
    https = true;
  };
  services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
    forceSSL = true;
    enableACME = true;
  };
  services.immich = {
    enable = true;
    port = 2283;
  };
  users.users.immich.extraGroups = [ "video" "render" ];
  hardware.graphics.enable = true;
  services.nginx.virtualHosts."photos.lava.moe" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://[::1]:${toString config.services.immich.port}";
      proxyWebsockets = true;
      recommendedProxySettings = true;
      extraConfig = ''
        client_max_body_size 50000M;
        proxy_read_timeout   600s;
        proxy_send_timeout   600s;
        send_timeout         600s;
      '';
    };
  };
  systemd.tmpfiles.rules = rules;
  fileSystems = mounts;
 }
--- a/hosts/hazel/filesystem.nix
+++ b/hosts/hazel/filesystem.nix
@ -1,53 +0,0 @@
 { ... }:
 let
  mkLabelMount = label: type: options: {
    device = "/dev/disk/by-label/${label}";
    fsType = type;
    options = [ "defaults" ] ++ options;
  };
  mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs"
  ([
    "autodefrag"
    "compress=zstd:4"
    "compress-force=zstd:4"
    "defaults"
    "nossd"
    "space_cache=v2"
    "subvol=${subvol}"
    (if atime then "relatime" else "noatime")
  ] ++ ext);
  mkHazelMount = mkBtrfsMount "HAZEL" [];
 in
 {
  boot.supportedFilesystems = [ "btrfs" ];
  fileSystems = {
    "/" = {
      device = "rootfs";
      fsType = "tmpfs";
      options = [ "defaults" "mode=755" ];
    };
    "/boot" = mkLabelMount "ROOT" "vfat" [];
    "/flower" = mkHazelMount "/current/flower" true;
    "/persist" = mkHazelMount "/current/persist" true;
    "/var" = mkHazelMount "/current/var" true;
    "/nix" = mkHazelMount "/current/nix" false;
    "/mnt" = mkHazelMount "/" true;
  };
  services.snapper.cleanupInterval = "1h";
  services.snapper.configs.flower = {
      FSTYPE = "btrfs";
      SUBVOLUME = "/mnt/current/flower";
      TIMELINE_CLEANUP = true;
      TIMELINE_CREATE = true;
      TIMELINE_MIN_AGE = "1800";
      TIMELINE_LIMIT_HOURLY = "5";
      TIMELINE_LIMIT_DAILY = "7";
      TIMELINE_LIMIT_WEEKLY = "0";
      TIMELINE_LIMIT_MONTHLY = "0";
      TIMELINE_LIMIT_YEARLY = "0";
    };
 }
--- a/hosts/hazel/fs-decrypt.nix
+++ b/hosts/hazel/fs-decrypt.nix
--- a/hosts/hazel/kernel.nix
+++ b/hosts/hazel/kernel.nix
@ -1,10 +0,0 @@
 { ... }: {
  boot = {
    loader = {
      efi.canTouchEfiVariables = true;
      systemd-boot.enable = true;
    };
    initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
    kernelModules = [ "kvm-amd" ];
  };
 }
--- a/hosts/hazel/networking.nix
+++ b/hosts/hazel/networking.nix
@ -1,15 +0,0 @@
 { gcSecrets, ... }: {
  networking = {
    useDHCP = true;
    interfaces.enp8s0.ipv6.addresses = [
      {
        address = gcSecrets.hazel.ipv6Addr;
        prefixLength = 64;
      }
    ];
    defaultGateway6 = {
      address = "fe80::1";
      interface = "enp8s0";
    };
  };
 }