diff --git a/containers/garnet/configuration.nix b/containers/garnet/configuration.nix deleted file mode 100644 index ff514e8..0000000 --- a/containers/garnet/configuration.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ ... }: { - system.stateVersion = "25.11"; - fileSystems."/var/lib/opencloud" = { - device = "/flower/data"; - fsType = "none"; - options = [ "bind" ]; - }; - fileSystems."/etc/opencloud" = { - device = "/persist/cfg"; - fsType = "none"; - options = [ "bind" ]; - }; - # TODO: hardcoded address - networking.extraHosts = '' - 100.67.2.1 cloud.lava.moe - ''; - - networking.firewall.allowedTCPPorts = [ 9200 ]; - networking.firewall.allowedUDPPorts = [ 9200 ]; - - environment.etc."opencloud-admin-pass".text = '' - IDM_ADMIN_PASSWORD=supersillysecure - ''; - services.opencloud = { - enable = true; - url = "https://cloud.lava.moe"; - address = "10.30.7.2"; - port = 9200; - environment = { - PROXY_TLS = "false"; - }; - environmentFile = "/etc/opencloud-admin-pass"; - }; -} diff --git a/containers/garnet/flake.lock b/containers/garnet/flake.lock deleted file mode 100644 index 4070242..0000000 --- a/containers/garnet/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1779560665, - "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/containers/garnet/flake.nix b/containers/garnet/flake.nix deleted file mode 100644 index 93c3304..0000000 --- a/containers/garnet/flake.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - }; - outputs = { nixpkgs, ... }: - let - name = "garnet"; - fqdn = "cloud.lava.moe"; - subnetId = "7"; - - subnet = x: "fd0d:1::${subnetId}:${toString x}"; - host = subnet 1; - client = subnet 2; - - subnet4 = x: "10.30.${subnetId}.${toString x}"; - host4 = subnet4 1; - client4 = subnet4 2; - - modules = [ - ./configuration.nix - { - networking.useHostResolvConf = false; - networking.nameservers = [ host ]; - } - ]; - in { - nixosConfigurations.container = nixpkgs.lib.nixosSystem { - inherit modules; - }; - nixosModule = { config, ... }: { - networking.nat = { - enable = true; - enableIPv6 = true; - internalInterfaces = [ "ve-${name}" ]; - }; - - services.nginx.virtualHosts."${fqdn}" = { - useACMEHost = "lava.moe"; - forceSSL = true; - locations."/" = { - proxyPass = "http://${client4}:9200"; - proxyWebsockets = true; - }; - # TODO: hardcoded address - listenAddresses = [ "100.67.2.1" ]; - }; - - systemd.tmpfiles.rules = [ - "d /persist/containers/${name} 755 root users" - ]; - containers.${name} = { - autoStart = true; - privateNetwork = true; - hostAddress = host4; - localAddress = client4; - hostAddress6 = host; - localAddress6 = client; - # privateUsers = "pick"; - nixpkgs = nixpkgs; - ephemeral = true; - config = { imports = modules; }; - specialArgs = { inherit fqdn; }; - - bindMounts."persist" = { - hostPath = "/persist/containers/${name}"; - mountPoint = "/persist"; - isReadOnly = false; - }; - bindMounts."content" = { - hostPath = "/flower/opencloud"; - mountPoint = "/flower"; - isReadOnly = false; - }; - }; - }; - }; -} diff --git a/flake.lock b/flake.lock index 2578a7e..db4bae9 100644 --- a/flake.lock +++ b/flake.lock @@ -128,20 +128,6 @@ }, "parent": [] }, - "c-garnet": { - "inputs": { - "nixpkgs": "nixpkgs_9" - }, - "locked": { - "path": "./containers/garnet", - "type": "path" - }, - "original": { - "path": "./containers/garnet", - "type": "path" - }, - "parent": [] - }, "catppuccin": { "inputs": { "nixpkgs": "nixpkgs_4" @@ -609,7 +595,7 @@ "inputs": { "flake-parts": "flake-parts_2", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1779768228, @@ -693,22 +679,6 @@ } }, "nixpkgs_10": { - "locked": { - "lastModified": 1779536132, - "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_11": { "locked": { "lastModified": 1779560665, "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", @@ -724,7 +694,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_11": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -854,16 +824,16 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1779560665, - "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", + "lastModified": 1779536132, + "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", + "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -910,7 +880,7 @@ "pastel": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_11", "pnpm2nix": "pnpm2nix" }, "locked": { @@ -976,7 +946,6 @@ "c-diamond": "c-diamond", "c-emerald": "c-emerald", "c-fluorite": "c-fluorite", - "c-garnet": "c-garnet", "catppuccin": "catppuccin_2", "catppuccin-palette": "catppuccin-palette", "fast-syntax-highlighting": "fast-syntax-highlighting", @@ -985,7 +954,7 @@ "neovim-nightly": "neovim-nightly", "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_11", + "nixpkgs": "nixpkgs_10", "nvim-treesitter": "nvim-treesitter", "pastel": "pastel", "pure": "pure", diff --git a/flake.nix b/flake.nix index 5cf3457..377e601 100644 --- a/flake.nix +++ b/flake.nix @@ -44,7 +44,6 @@ c-diamond.url = "path:./containers/diamond"; c-emerald.url = "path:./containers/emerald"; c-fluorite.url = "path:./containers/fluorite"; - c-garnet.url = "path:./containers/garnet"; }; outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: diff --git a/hosts/alyssum/default.nix b/hosts/alyssum/default.nix index 9a53926..087c77f 100644 --- a/hosts/alyssum/default.nix +++ b/hosts/alyssum/default.nix @@ -1,10 +1,9 @@ -{ inputs, modules, modulesPath, ... }: { +{ lib, modules, modulesPath, ... }: { networking.hostName = "alyssum"; system.stateVersion = "25.11"; time.timeZone = "Australia/Melbourne"; age.secrets = { - acme_dns.file = ../../secrets/acme_dns.age; wpa_conf = { file = ../../secrets/wpa_conf.age; path = "/etc/wpa_supplicant/imperative.conf"; @@ -23,10 +22,6 @@ security tailscale - modules.services.nginx - - inputs.c-garnet.nixosModule - ./filesystem.nix ./kernel.nix ./networking.nix diff --git a/hosts/alyssum/filesystem.nix b/hosts/alyssum/filesystem.nix index bdea423..205106a 100644 --- a/hosts/alyssum/filesystem.nix +++ b/hosts/alyssum/filesystem.nix @@ -26,7 +26,6 @@ in { }; "/boot" = mkLabelMount "stem" "vfat"; - "/flower" = mkBtrfsMount "myosotis" "/@" true; "/nix" = submount "/@/nix" false; "/persist" = (submount "/@/persist" true) // { neededForBoot = true; }; "/persist/.snapshots" = submount "/snap/persist" false; diff --git a/secrets.nix b/secrets.nix index d2dbc82..5a8bf1b 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,7 +10,7 @@ in { "secrets/passwd.age".publicKeys = [ anemone blossom rin ]; "secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ]; - "secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ]; + "secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ]; "secrets/navidrome_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ]; "secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index c440de6..a573417 100644 --- a/secrets/acme_dns.age +++ b/secrets/acme_dns.age @@ -1,11 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs -07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok --> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4 -FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84 --> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8 -xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE --> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o -aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM ---- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8 -Zr2. ~MPXŹ1)p9R9S cLzhQO0H7Lj5 \l97ܫn> +-> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8 +1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8 +-> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA +MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80 +-> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg +RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI +--- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg +H즏)k#%3cQں1?ad| 쳄ٗo2 +B)=Zi9pR Klg ՞h \ No newline at end of file