ctucx.git: nixfiles

machines: remove hector

diff --git a/hive.nix b/hive.nix
@@ -22,6 +22,4 @@ inputs: overlays:
   trabbi       = import ./machines/trabbi/configuration.nix;
   wanderduene  = import ./machines/wanderduene/configuration.nix;
 
-  hector       = import ./machines/hector/configuration.nix;
-
 }

diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix
@@ -1,70 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
-  imports = [
-    ./hardware-configuration.nix
-
-    ../../configurations/linux/services/prometheus-exporters.nix
-    ../../configurations/linux/services/restic-server.nix
-  ];
-
-  dns.zones."ctu.cx".subdomains."${config.networking.hostName}".AAAA = [ "2a01:4f9:6b:2d99:2829:acab::1" ];
-
-  boot = {
-    loader.grub = {
-      enable  = true;
-      version = 2;
-      device  = "/dev/sda";
-    };
-
-    initrd.network = {
-      enable = true;
-      ssh    = {
-        enable         = true;
-        port           = 22;
-        hostKeys       = [ /etc/ssh/ssh_host_rsa_key ];
-        authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
-      };
-
-      postCommands = ''
-        ip link set dev ens18 up
-        ip addr add 2a01:4f9:6b:2d99:2829:acab::1 dev ens18
-        ip route add default via 2a01:4f9:6b:2d99::2 dev ens18 onlink
-
-        echo 'cryptsetup-askpass' >> /root/.profile
-      '';
-    };
-  };
-
-  networking = {
-    useDHCP = false;
-
-    interfaces.ens18 = {
-      ipv6.addresses = [{
-        address     = "2a01:4f9:6b:2d99:2829:acab::1";
-        prefixLength = 128;
-      }];
-    };
-
-    defaultGateway6 = {
-      address = "2a01:4f9:6b:2d99::2";
-      interface = "ens18";
-    };
-
-    nameservers = [
-      "2001:67c:2b0::4"
-      "2001:67c:2b0::6"
-    ];
-
-    firewall.enable = true;
-  };
-
-  systemd.services.restic.serviceConfig.ReadWritePaths = [ "/data/restic" ];
-
-  services.email-notify.enable = true;
-
-  system.stateVersion = "21.11";
-  home-manager.users.leah.home.stateVersion = "21.11";
-}
-

diff --git a/machines/hector/hardware-configuration.nix b/machines/hector/hardware-configuration.nix
@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/9183f812-936d-482a-bc25-17c35d31df71";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/116a46a2-f1ab-4313-bd8c-cdb5a522d368";
-
-  fileSystems."/data" =
-    { device = "/dev/disk/by-uuid/25c3bc2a-b55b-483e-b0db-331508644b6a";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."data".device = "/dev/disk/by-uuid/c9cd1573-6c20-4e45-b720-5f182b140dba";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/6D4E-A4DD";
-      fsType = "vfat";
-    };
-
-  swapDevices = [ ];
-
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

diff --git a/machines/lollo-old/configuration.nix b/machines/lollo-old/configuration.nix
@@ -15,7 +15,6 @@
 
   dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host "195.39.246.44" "2a0f:4ac0:acab::44");
 
-  age.secrets.restic-server-hector.file   = ../../secrets/restic-server/hector.age;
   age.secrets.restic-server-lollo.file    = ../../secrets/restic-server/lollo.age;
 
   boot.loader = {

diff --git a/machines/lollo/configuration.nix b/machines/lollo/configuration.nix
@@ -34,7 +34,6 @@
   dns.zones."ctu.cx".subdomains."legacy.home"                        = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");
   dns.zones."ctu.cx".subdomains."home"                               = lib.mkIf config.networking.usePBBUplink (pkgs.dns.lib.combinators.host "195.39.246.42" "2a0f:4ac0:acab::42");
 
-  age.secrets.restic-server-hector.file      = ../../secrets/restic-server/hector.age;
   age.secrets.restic-server-lollo.file       = ../../secrets/restic-server/lollo.age;
   age.secrets.restic-server-wanderduene.file = ../../secrets/restic-server/wanderduene.age;
 

diff --git a/machines/trabbi/configuration.nix b/machines/trabbi/configuration.nix
@@ -28,7 +28,6 @@
   dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host "89.58.62.171" "2a0a:4cc0:1:2d7::1");
 
   age.secrets.restic-server-lollo.file       = ../../secrets/restic-server/lollo.age;
-  age.secrets.restic-server-hector.file      = ../../secrets/restic-server/hector.age;
   age.secrets.restic-server-wanderduene.file = ../../secrets/restic-server/wanderduene.age;
 
   boot = {

diff --git a/modules/linux/restic-backups.nix b/modules/linux/restic-backups.nix
@@ -44,7 +44,7 @@ let
 
       targets = mkOption {
         type    = with types; listOf str;
-        default = [ "wanderduene.ctu.cx" "lollo.ctu.cx" "hector.ctu.cx" ];
+        default = [ "wanderduene.ctu.cx" "lollo.ctu.cx" ];
       };
 
       timerConfig = mkOption {

@@ -103,10 +103,6 @@ in {
                   cp /run/agenix/restic-server-lollo /tmp/lollo.ctu.cx;
                 '' else "" }
 
-                ${if builtins.elem "hector.ctu.cx" backup.targets then ''
-                  cp /run/agenix/restic-server-hector /tmp/hector.ctu.cx;
-                '' else "" }
-
                 ${if builtins.elem "wanderduene.ctu.cx" backup.targets then ''
                   cp /run/agenix/restic-server-wanderduene /tmp/wanderduene.ctu.cx;
                 '' else "" }

diff --git a/secrets/hector/restic-server-htpasswd.age b/secrets/hector/restic-server-htpasswd.age
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> X25519 mlNf0kLkbC39+HfNhqNluw9fnwWCaIJBYtzbv4yZ2zw
-m8YB36Lid4Fqh0Fz6Ril1bodNwHwg4AaV1qSoz68ffM
--> ssh-ed25519 NrwbpQ 89jCIBFHFFAfvNV3TIzqperGsdthyzluKDihBc/QWwU
-i869YPiEfkdcck6Tl8ZAAsLJ1OhtUT4btqQIHPHICjY
--> K*D-grease .ISc/( 8:CGWy- :
-ybKk3KVVAn9lrevkv7dnfLjRzhJFn8oUGDrDrePPDU37GufxNIBwjM0
---- XhbOgHzmlJOEJiZzV5CuMDC+Yy6dtsyUaYKAtd36t20
-��	"���z��:��ΆB7����� �YC���u���Ӕ]�QiRI���ާKH�F,����-��/#�a-
\ No newline at end of file

diff --git a/secrets/passwords/leah-at-f2k1-de.age b/secrets/passwords/leah-at-f2k1-de.age
@@ -1,17 +1,16 @@
 age-encryption.org/v1
--> X25519 Fcv42buFI65XHpNL+BZq3EnOJEEmygVauYHiVxYiC0Y
-TfxIZoFLj1dTlGjPBkwrgE8KGNp12gbffTGtjTl/56E
--> ssh-ed25519 V0uUrw Zy5c1nSLBbqb+KnT/8FHgr2puBl/qRbss/LYW3n+i1I
-hMUBevsAx63fVRVlYtIFEXt601eYIkmcWTTcX1qncuc
--> ssh-ed25519 1rccKw rbriQN+8sDUgy3LLQ8HPok/KJfJvNCGLVUE10YpGzGM
-sbwMK+mP6IBR3/40ytVQaiYE99rM63MSCs2JEk6LYRg
--> ssh-ed25519 2LuoZg aDTglr+d/EctJt5AbhURq+cocvg3eRlvukK/9pLhW2M
-5041I0KmqnrJPBCtN0RauaKqOo9hqRuYsYQDCe7VSd0
--> ssh-ed25519 NrwbpQ Sd2g19soihVWdlEXca8wl6HGFGq/s4SW5kYsm0d5z1k
-95+4IpCdL2oVrM+GkZ7vQqgL4vNENogwtnghbujWPio
--> ssh-ed25519 sh8POQ jZafHfN6KzL9vuQaAihlfpVWHmmZLEzvysazntvY4lA
-QLgJkNn1CE//U0ur8ow++pEOSBQ2dWnGplB4D9K9Q9Y
--> ;%V[F!v`-grease
-wT0
---- skcIh0790dWxjQr7asFVeH5A1r+3XduUzb/zD+2JMZo
-!E�i��cQ&mQ����	['E����m�ȃk25�ޥ���"XV̶a�T��-
\ No newline at end of file
+-> X25519 aQPmxsafZXymDX9SF1QszPvVJv6Lo9+tTtmSFE3y7R8
+IMrdJO5PwfQtza8MVIGbksr8C0BetLmdL3eBXSzRLU0
+-> ssh-ed25519 V0uUrw FRgV1KoZ4+n982WVLEfuToc3qWDqj3OospOecXoHTGM
+DNTTI4HFRh/ZAQ89s+DTLjaiLH42PhdY0hPDJ0NUnWk
+-> ssh-ed25519 1rccKw gUVodfu3t9vWBGWmzhGzywigtwFP5OQw2QymTOT1oy0
+lbUEu1MfJh7nEMM57l+BXIyEYkyZ9hq7uS9hhZpJSWE
+-> ssh-ed25519 2LuoZg blRqNO90Tns9T+KZt6AUWBmgDElOz6omFIFNzji6mm8
+iiTQ+OXK2Vgrhne/CP8WCWnjmOecH1O0LN0gUY1RRpo
+-> ssh-ed25519 sh8POQ wwIts1gMFQOaUap4n+fuFy26TVIM47VqzFaLEio5fWM
+opJj6OLBUlh95a5v6ViRa68/y2kzokSbVBSUiA4aVrc
+-> 8+-grease
+0UXMIEs1v5bkQcv9vhu9vz8wH3h4Okl7FNmp4OoB6vN9uLpAw+dHM3932tDFQhZC
+zi3fFOPa1pKnC8CAC8aE1RCuGiSJtHvN0o8C+6OCYsllTZaAFjdQ
+--- nqaVH0rdW0a5PBUNVLLKC//sXVVvERJMpzzPHh419dY
+`�G#�\�#�Ҥe�1�)���n��*�_i4�70��ӓ����ch�r�R+
\ No newline at end of file

diff --git a/secrets/passwords/leah.age b/secrets/passwords/leah.age  Binary files differ.

diff --git a/secrets/restic-server/hector.age b/secrets/restic-server/hector.age
@@ -1,15 +0,0 @@
-age-encryption.org/v1
--> X25519 yfJpcKYA4TCTQhihV1DFhecgykOchG7fWBkS/rUR/yY
-hlLMvh4gSGHHnQb+qahNCF5SamkiU/t7L55clymTs8U
--> ssh-ed25519 V0uUrw rItZyXGIbPxMByRSgwdlKkdsDnmrOjluU0KGfP20oyg
-ujOvyejx/Rf1aNZ2gCYXRAthemx0l43De7M6UCd7P8I
--> ssh-ed25519 NrwbpQ Ij67RfcLfNielloMoyp/bHqsTqxvpe14wto2Mn2aOSo
-4pw3HlvQYUlySAL1FEyFYcqfzBxBHtpyausLZR32758
--> ssh-ed25519 1rccKw 4zsPw/V2swHhwQPPOPJvzlBaJwnzAgQ2XkO7DeUKIWw
-UH4RdoNA+Z8LHEWSAbDfVlan/9ZakGOufIOqkL04W1s
--> ssh-ed25519 2LuoZg jhs7/G/lP1kAdldJdgB8l7qovn0ywKYvoCl6oe4qfV8
-b1K3GeGSAwKZ/4j/0gjJkVb8FekQcT3ffcHDqDJhjig
--> Pt.mb9-grease s ksTb k*w<2 IqTfM
-N7cCfH7j2pbxh6sqpk8L6TvCLRnrqno
---- 1PFJS7yqLPQYFSYyxq1M1N0PejUbcrqwSgBDrCMVdeY
-��Y-�/Lt���M*9Q�b��̵�Bu���i�N#�v	��]�s$�#�-
\ No newline at end of file

diff --git a/secrets/restic-server/lollo.age b/secrets/restic-server/lollo.age
@@ -1,16 +1,13 @@
 age-encryption.org/v1
--> X25519 awUCdgppt5qkhmTK9njZWYt4WprclV+RVsDnCRukrhE
-YzEi9v9xzutDGFm/mYJ4/dw2hYagYGzVOJZ7mZzrBVM
--> ssh-ed25519 V0uUrw ND0xjJKayCHqyQiVS7V9Jxc7msHTM3VceXhpqusYJ20
-mPLuVJWM3AvdhdiIJbxXpB8N3zRuEcUe9Aa6JPAKhGg
--> ssh-ed25519 NrwbpQ gW/XdFx3LI41NZGp0a143yNXEqEMcYoa5WcBjV2dAmI
-KgSITRkEBbxFNAL+G1fchjr2MowMSw2nLUImKlnnNqw
--> ssh-ed25519 1rccKw 9N0Ap7jrB1s49kEoCtyXdWE3eNWIabPM3IW1PCIWhzg
-BxlqjMNkyo3uZgX2C8+TSm3+DKI0x5MgK8npKO+rU1k
--> ssh-ed25519 2LuoZg UBT2dUQtiDs5+Fxn8yDRcopvgfJegxvFebsSQZ3b1Xk
-oLSoBhsDAm2bMvKTUZoEaS9LY/9/CDtZcvLVxKjOr9Y
--> S-grease tTb8u_%L Uc{KKd
-ssm14fV4fsXSUMQ8EFVCK6Hp5FxpyC82vkX92Pjo3tLGShJ9uWup0/pOAUlhC5pj
-tGcpfDMv22K880z34+svcFhum1sGYGq2aHz7oHI9lpjY95555v1Q56lcbcZjpPw
---- Ufs5dbdMIK5NYo+mhMPeJPdWmkzKoCgg/eTF7QiVnTA
-�5��'pG�$�Rf/�*-�*��%���#H����#leG���\R�V[(�#-
\ No newline at end of file
+-> X25519 gA0mZiGu0PL8LRutR6rMbhoz33Wqj9eJX+BQ2vUHWxk
+EVtrHwLGbqhD/LidNMaPiyIINHjCGXxqFFLIazN2148
+-> ssh-ed25519 V0uUrw cjJSoPD0ocrjIQXMXwufR4TZ3ikQOFbtfs//7FclSDM
+MaoaUXhRqBgmBXzauZtD0ei8HgSUgo3jHCF+QWIp9+I
+-> ssh-ed25519 1rccKw 4i9yQfrcCBarE+0Us80vI0LCnT216iNp0NT8WfwaPFE
+dqy1DlEEnw+NkrYO33aYfNrV8/f+wOJQhWzv1jsXLQs
+-> ssh-ed25519 2LuoZg BU8y37RFF9gSmU+MIM0a+GXIrmDBX6gfwtWx/2HBYz4
+/fO4CQQ/1TBczmQxBGvgouglLYhRvN3c2Z3yUithxc8
+-> ;?w0se-grease |'ses`H? W>Dg 01Esg8on
+AWXWges+enwKAyw3dhtItu8
+--- hiBmuZCkVkUuajCwUXZ1bQvDdIRfI9Lh8DAdrs/Jgns
+�F������.����q�ȋ�"�¥߰j�<;{u�$�y��+r�oc��q�ӡ+
\ No newline at end of file

diff --git a/secrets/restic-server/wanderduene.age b/secrets/restic-server/wanderduene.age
@@ -1,16 +1,14 @@
 age-encryption.org/v1
--> X25519 2UkpqWpnY+kcY37/2o3T9v+B/12GbHt5hX+6So4OOSQ
-fc7pOAoEcnty77Ct0J6jti5Fbx2DLhi41BSXwJl39FQ
--> ssh-ed25519 V0uUrw bGk1RMq8zrXA9TnxvpSfA9lJmdk6YwLr6dR6bGIWAhM
-1qTNmqeAW3mPeeLzsLszRgYE+apdZLRGKve+RMyHTHU
--> ssh-ed25519 NrwbpQ vOn3ASWYFExBrTk5+4UQbJ1I7iaMeUcJyqh+Y/J8ZUY
-6s8nwJrexACx8AnCWmjeQQVJaHvN2A/RhI4CEUPBIzY
--> ssh-ed25519 1rccKw 3BR3nyeU23WSrx4Pg1id1tfix0RXut2IrvtxvutiwnE
-CdMJCh4zPlak0XW90MbBAi7nY4++SzJslFRbRaTe634
--> ssh-ed25519 2LuoZg gJVO8cNUVrYrSqg7qnZQNaPznCcr8P2LFEHbU/zaii0
-iT4DP0UDXsQ3gc1/BIxWhGOiAAUCp73rFrQBywU36BY
--> LI>-grease
-bXSWLrPoYfK0NASMpKIFxUtAjuWMzTN6pryaaa8DbS0KLruD7ReBTPaIv6RPQZAI
-Q6JO
---- EikkH8m+ANalGirpW/hnpajHga5KqyilnhNpq/E2pHs
->i�)��J	Z���pp�I#N����Ӗ����Q�D�*�k��d����(�.�O��$�8��rb-ս'G���vMk�ߎ_���ϣ��@����-
\ No newline at end of file
+-> X25519 2ZFUJ+Ozv6dkAlZQN4MLhdtwcBW8z4YqWjmd1YRbwFs
+PtSniN2bSNLe8B0lQAH1vxiEOxqJzpUsNNbj0bgCY1Q
+-> ssh-ed25519 V0uUrw zq4ByRpo+ctIagSPFohSRr+nY8kUmkbfyL6te1Jn224
+uRSDZgnOUbvxdRw7Igqjzx5/+5zm6qQ153caBKRQwz4
+-> ssh-ed25519 1rccKw Nk1gVLwwz616SKO+HatlydKy1fNm6NJq1hyM7FIscwY
+E+wBx6KniAVvk3bVsCuLIyyuz+5neU+CIstf5WqHqUw
+-> ssh-ed25519 2LuoZg BnI98+dH6ziFpb1auSgQuHbMa3F/3xlp2s8WIUvNpA4
+AQhVNtlNm4mZCj0Kjvo9n98ACMUmt0Hvl8yp9fB9PJs
+-> O9I2BXg-grease CSm4NZ+ FRN9i .}e
+I70W0Pdt1DDYZymTVY3crSMEEEn/6QKeIa3m6HAgn6KrIf9ykL/iZOhDXodjwyat
+pshEag
+--- 77EPXHG9J/bTfKhxtCbvzkP1UEbRbpznJNRmRTv+tko
+�M�������L����l`�5�U�{v�Db��Z�*��v�s��A"��O%
hގ�R��"�$%�s(X����g��^�!�Y��f?����C�+
\ No newline at end of file

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -9,16 +9,14 @@ let
 
   trabbi      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLBBZJ9/644d71E8A7IFU7dvDHI+OR/7q79KvqmI/i/";
   wanderduene = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+HWYkFCmuHR8HeExYXc2L9CxRdvYZ1UCkbbeDCvF0u";
-  hector      = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMWH8uGtxkYfv3CA5Q3qqOvbaTvp9KItrdSiKXZdDUsx";
 
 in {
-  "passwords/leah-at-f2k1-de.age".publicKeys                  = [ leah trabbi lollo lollo-old hector wanderduene ];
-  "passwords/leah.age".publicKeys                             = [ leah trabbi lollo lollo-old hector wanderduene ];
+  "passwords/leah-at-f2k1-de.age".publicKeys                  = [ leah trabbi lollo lollo-old wanderduene ];
+  "passwords/leah.age".publicKeys                             = [ leah trabbi lollo lollo-old wanderduene ];
 
 
-  "restic-server/lollo.age".publicKeys                        = [ leah trabbi hector lollo lollo-old ];
-  "restic-server/hector.age".publicKeys                       = [ leah trabbi hector lollo lollo-old ];
-  "restic-server/wanderduene.age".publicKeys                  = [ leah trabbi hector lollo lollo-old ];
+  "restic-server/lollo.age".publicKeys                        = [ leah trabbi lollo lollo-old ];
+  "restic-server/wanderduene.age".publicKeys                  = [ leah trabbi lollo lollo-old ];
 
 
   "blechkasten/syncthing/key.age".publicKeys                  = [ leah blechkasten ];

@@ -70,9 +68,6 @@ in {
   "lollo-old/syncthing/cert.age".publicKeys                   = [ leah lollo-old ];
 
 
-  "hector/restic-server-htpasswd.age".publicKeys              = [ leah hector ];
-
-
   "trabbi/matrix-synapse/registration_shared_secret.age".publicKeys = [ leah trabbi ];
 
   "trabbi/restic/gitolite.age".publicKeys                           = [ leah trabbi ];