commit d04357d570dfa9da492ce9fd5f9e15c2d8fa417b
parent 7226c379cce4e199b809b3abe238490d57663ee8
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 21:45:22 +0100
parent 7226c379cce4e199b809b3abe238490d57663ee8
Author: Leah (ctucx) <git@ctu.cx>
Date: Sat, 26 Nov 2022 21:45:22 +0100
machines: cleanup deprecated
9 files changed, 0 insertions(+), 639 deletions(-)
D
|
85
-------------------------------------------------------------------------------
D
|
77
-----------------------------------------------------------------------------
D
|
107
-------------------------------------------------------------------------------
D
|
200
-------------------------------------------------------------------------------
diff --git a/machines/deprecated/currywurst/configuration.nix b/machines/deprecated/currywurst/configuration.nix @@ -1,85 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = [ - ./hardware-configuration.nix - ../../configurations/mobile-device.nix - ../../configurations/thunderbolt.nix - - ../../configurations/common.nix - - ../../configurations/desktop-sway.nix - ../../configurations/bluetooth.nix - ]; - - hardware = { - cpu.intel.updateMicrocode = true; - desktop-speakers = { - power-control.enable = true; - pipewire-tunnel.enable = true; - }; - }; - - boot = { - loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - - consoleLogLevel = 3; - kernel.sysctl."vm.swappiness" = 0; - kernel.sysctl."kernel/sysrq" = 1; - kernelPackages = pkgs.linuxKernel.packages.linux_5_16; - kernelModules = [ "tpm-rng" "thunderbolt-net" ]; - - extraModulePackages = [ - pkgs.linuxKernel.packages.linux_5_16.acpi_call - (pkgs.callPackage ./xmm7360.nix { kernel = pkgs.linux_5_16; }) - ]; - - kernelParams = [ - "quiet" - "scsi_mod.use_blk_mq=1" - "modeset" - "nofb" - "rd.systemd.show_status=auto" - "rd.udev.log_priority=3" - "pti=off" - "spectre_v2=off" - ]; - - extraModprobeConfig = lib.mkMerge [ - "options ec_sys write_support=1" - "options iwlwifi power_save=0 uapsd_disable=1" - "options i915 fastboot=1" - ]; - - initrd.availableKernelModules = [ "i915" ]; - }; - - networking = { - hostName = "currywurst"; -# domain = "ctu.cx"; - - dhcpcd.enable = true; - - wireless = { - iwd.enable = true; - }; - - firewall = { - enable = true; - allowedTCPPorts = [ 5201 ]; - }; - }; - - services = { - fwupd.enable = true; - fprintd.enable = true; - }; - - security.pam.services.swaylock.fprintAuth = true; - - home-manager.users.leah.home.stateVersion = "21.05"; - system.stateVersion = "21.05"; # Did you read the comment? -}
diff --git a/machines/deprecated/currywurst/hardware-configuration.nix b/machines/deprecated/currywurst/hardware-configuration.nix @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/8c643a77-4607-4f3d-880f-58a7290beb4c"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/dd3703ad-1222-45d0-845f-3c5d3b5f1d80"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/804C-16D2"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - # high-resolution display - hardware.video.hidpi.enable = lib.mkDefault true; -}
diff --git a/machines/deprecated/currywurst/xmm7360.nix b/machines/deprecated/currywurst/xmm7360.nix @@ -1,29 +0,0 @@ -{ lib, stdenv, fetchFromGitHub, fetchpatch, kernel, perl, bc, breakpointHook }: - -stdenv.mkDerivation rec { - pname = "xmm7360-pci"; - version = "unstable-2022-02-10"; - - src = fetchFromGitHub { - owner = "xmm7360"; - repo = "xmm7360-pci"; - rev = "cf6625ace8da1bd44f46eb71b2557ac01ee1d11a"; - sha256 = "0yzjk8mv2rm74fqrxrpxv1hl2w4lmlqg9yyb4dnyds6c9wbflni1"; - }; - - makeFlags = [ "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" ]; - - nativeBuildInputs = kernel.moduleBuildDependencies; - INSTALL_MOD_PATH = placeholder "out"; - installFlags = [ "DEPMOD=true" ]; - - meta = with lib; { - homepage = "https://github.com/xmm7360/xmm7360-pci"; - description = "PCI driver for Fibocom L850-GL modem based on Intel XMM7360 modem"; - downloadPage = "https://github.com/xmm7360/xmm7360-pci"; - license = licenses.isc; - maintainers = with maintainers; [ flokli hexa ]; - platforms = platforms.linux; -# broken = kernel.kernelOlder "4.10" || kernel.kernelAtLeast "5.14"; - }; -}
diff --git a/machines/deprecated/taurus/configuration.nix b/machines/deprecated/taurus/configuration.nix @@ -1,77 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - imports = [ - ./hardware-configuration.nix - ../../configurations/common.nix - - ../../configurations/services/prometheus-node-exporter.nix - ../../configurations/services/bind.nix - - ./syncthing.nix - ./matrix-synapse.nix - ./pleroma - ]; - - age.secrets.restic-server-lollo.file = ../../secrets/restic-server/lollo.age; - age.secrets.restic-server-desastro.file = ../../secrets/restic-server/desastro.age; - age.secrets.restic-server-hector.file = ../../secrets/restic-server/hector.age; - - boot = { - loader.grub = { - enable = true; - version = 2; - device = "/dev/vda"; - }; - - initrd.network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ /etc/ssh/ssh_host_rsa_key ]; - authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); - }; - - postCommands = '' - ip link set dev ens3 up - ip addr add 2a03:4000:9:f8::1/128 dev ens3 - ip route add default via fe80::1 dev ens3 onlink - - ip addr add 37.221.196.131/22 dev ens3 - ip route add default via 37.221.196.1 dev ens3 onlink - - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - }; - - networking = { - hostName = "taurus"; - domain = "ctu.cx"; - - useDHCP = false; - - defaultGateway6 = { - interface = "ens3"; - address = "fe80::1"; - }; - - interfaces.ens3 = { - useDHCP = true; - - ipv6.addresses = [{ - address = "2a03:4000:9:f8::1"; - prefixLength = 64; - }]; - }; - - firewall.enable = true; - }; - - system.stateVersion = "21.11"; - home-manager.users.leah.home.stateVersion = "21.11"; - -} -
diff --git a/machines/deprecated/taurus/hardware-configuration.nix b/machines/deprecated/taurus/hardware-configuration.nix @@ -1,31 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/736af6d6-f9c2-464f-85e6-f3f226d0ba10"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/c445487c-e0a6-44f1-9f5d-c64cf8446597"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/88C3-5967"; - fsType = "vfat"; - }; - - swapDevices = [ ]; - - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -}
diff --git a/machines/deprecated/taurus/matrix-synapse.nix b/machines/deprecated/taurus/matrix-synapse.nix @@ -1,107 +0,0 @@ -{config, lib, pkgs, ...}: - -let - secrets = import ../../secrets; - -in { - - age.secrets.restic-matrix-synapse.file = ../../secrets/taurus/restic/matrix-synapse.age; - - restic-backups.matrix-synapse = { - user = "matrix-synapse"; - passwordFile = config.age.secrets.restic-matrix-synapse.path; - postgresDatabases = [ "matrix-synapse" ]; - paths = [ "/var/lib/matrix-synapse" ]; - }; - - systemd.services.matrix-synapse.onFailure = [ "email-notify@%i.service" ]; - - services = { - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - matrix-synapse = { - enable = true; - withJemalloc = true; - server_name = "trans-agenda.de"; - no_tls = false; - public_baseurl = "https://matrix.trans-agenda.de/"; - max_upload_size = "100M"; - dynamic_thumbnails = true; - enable_registration = true; - enable_registration_captcha = true; - registration_shared_secret = secrets.hosts.taurus.matrix.registration_shared_secret; - url_preview_enabled = true; - url_preview_ip_range_blacklist = ["127.0.0.0/8" "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" "169.254.0.0/16" "::1/128" "fe80::/64" "fc00::/7"]; - listeners = [{ - bind_address = "127.0.0.1"; - port = 8008; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { names = [ "client" ]; compress = true; } - { names = [ "federation" ]; compress = false; } - ]; - }]; - extraConfig = '' - recaptcha_siteverify_api: "https://www.google.com/recaptcha/api/siteverify" - recaptcha_public_key: "${secrets.hosts.taurus.matrix.recaptcha_public_key}" - recaptcha_private_key: "${secrets.hosts.taurus.matrix.recaptcha_private_key}" - - admin_contact: 'mailto:leah@ctu.cx' - - email: - smtp_host: osterei.ctu.cx - smtp_port: 587 - smtp_user: "matrix@trans-agenda.de" - smtp_pass: "${secrets.hosts.taurus.matrix.smtp_password}" - require_transport_security: true - notif_from: "trans-agenda.de Matrix Server <matrix@trans-agenda.de>" - app_name: Matrix - enable_notifs: true - notif_for_new_users: false - client_base_url: "https://matrix.trans-agenda.de" - validation_token_lifetime: 1h - ''; - }; - - nginx = { - enable = true; - virtualHosts."matrix.trans-agenda.de" = { - enableACME = true; - forceSSL = true; - locations = { - "/_matrix".proxyPass = "http://127.0.0.1:8008"; - "/".root = pkgs.buildEnv { - name = "schildichat-web-env"; - paths = [ - pkgs.schildichat-web - (lib.hiPrio (pkgs.writeTextDir "config.json" (builtins.toJSON { - brand = "matrix.trans-agenda.de"; - disable_guests = false; - defaultCountryCode = "DE"; - piwik = false; - default_server_config = { - "m.homeserver" = { - base_url = "https://matrix.trans-agenda.de"; - server_name = "trans-agenda.de"; - }; - }; - }))) - ]; - }; - }; - }; - }; - }; - -}
diff --git a/machines/deprecated/taurus/pleroma/config.exs b/machines/deprecated/taurus/pleroma/config.exs @@ -1,200 +0,0 @@ -import Config - -config :pleroma, Pleroma.Web.Endpoint, - url: [host: "trans-agenda.de", scheme: "https", port: 443], - http: [ip: {127, 0, 0, 1}, port: 4000] - -config :pleroma, Pleroma.Repo, - adapter: Ecto.Adapters.Postgres, - username: "pleroma", - database: "pleroma", - socket_dir: "/run/postgresql", - pool_size: 10 - -# Configure web push notifications -config :web_push_encryption, :vapid_details, subject: "mailto:pleroma@trans-agenda.de" - -config :pleroma, :database, rum_enabled: false -config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" -config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" - -config :pleroma, :static_fe, enabled: false - -config :pleroma, :frontend_configurations, - pleroma_fe: %{ - theme: "mammal", - background: "/static/bg.png", - logo: "/static/logo.png", - nsfwCensorImage: "/static/nsfw.png", - chatDisabled: true, - webPushNotifications: true, - showFeaturesPanel: true, - collapseMessageWithSubject: true, - hideUserStats: false - } - -config :pleroma, :instance, - name: "trans-agenda.de", - email: "the@trans-agenda.de", - notify_email: "the@trans-agenda.de", - limit: 5000, - registrations_open: true, - account_approval_required: true, - account_activation_required: true, - invites_enabled: true, - remote_post_retention_days: 180, - external_user_synchronization: true, - upload_limit: 50_000_000, - avatar_upload_limit: 10_000_000, - background_upload_limit: 10_000_000, - banner_upload_limit: 10_000_000, - allowed_post_formats: [ - "text/plain", - "text/html", - "text/markdown" - ], - quarantined_instances: [ - "search.fedi.app", - "freespeechextremist.com", - "gleasonator.com", - "gab.com", - "gab.ai", - "spinster.xyz", - "clubcyberia.co", - "glowers.club", - "shitposter.club", - "social.urspringer.de", - "pleroma.soykaf.com", - "nnia.space", - "kiwifarms.cc", - "wintermute.fr.to", - "anitwitter.moe", - "brighteon.social", - "cawfee.club", - "community.halle-leaks.de", - "crypto-group-buy.com", - "freefedifollowers.ga", - "freevoice.space", - "glindr.org", - "gs.smuglo.li", - "pl.smuglo.li", - "humblr.social", - "jaeger.website", - "lets.saynoto.lgbt", - "libre.tube", - "neckbeard.xyz", - "newjack.city", - "ohai.su", - "pawoo.net", - "pieville.net", - "play.xmr.101010.pl", - "pleroma.rareome.ga", - "preteengirls.biz", - "skippers-bin.com", - "sneak.berlin", - "the.hedgehoghunter.club", - "toot.canberrasocial.net", - "video.halle-leaks.de", - "weedis.life", - "yggdrasil.social", - "anime.website", - "collapsitarian.io", - "pleroma.gretagangbang.biz", - "gitmo.life" - ] - -config :pleroma, Pleroma.Emails.Mailer, - enabled: true, - adapter: Swoosh.Adapters.SMTP, - relay: "wanderduene.ctu.cx", - username: "the@trans-agenda.de", - password: "{{ lookup('diskcache', 'passwordstore', 'E-Mail/the@trans-agenda.de')}}", - port: 465, - ssl: true, - auth: :always - -config :pleroma, :media_proxy, - enabled: true, - proxy_opts: [ - redirect_on_failure: true - ] - #base_url: "https://cache.pleroma.social" - -config :pleroma, :fetch_initial_posts, - enabled: false, - pages: 1 - -config :pleroma, :shout, enabled: false - -config :pleroma, :mrf, - policies: [Pleroma.Web.ActivityPub.MRF.SimplePolicy] - -config :pleroma, :mrf_simple, - reject: [ - "search.fedi.app", - "freespeechextremist.com", - "gleasonator.com", - "gab.com", - "gab.ai", - "spinster.xyz", - "clubcyberia.co", - "glowers.club", - "shitposter.club", - "social.urspringer.de", - "pleroma.soykaf.com", - "nnia.space", - "kiwifarms.cc", - "wintermute.fr.to", - "anitwitter.moe", - "brighteon.social", - "cawfee.club", - "community.halle-leaks.de", - "crypto-group-buy.com", - "freefedifollowers.ga", - "freevoice.space", - "glindr.org", - "gs.smuglo.li", - "pl.smuglo.li", - "humblr.social", - "jaeger.website", - "lets.saynoto.lgbt", - "libre.tube", - "neckbeard.xyz", - "newjack.city", - "ohai.su", - "pawoo.net", - "pieville.net", - "play.xmr.101010.pl", - "pleroma.rareome.ga", - "preteengirls.biz", - "skippers-bin.com", - "sneak.berlin", - "the.hedgehoghunter.club", - "toot.canberrasocial.net", - "video.halle-leaks.de", - "weedis.life", - "yggdrasil.social", - "anime.website", - "collapsitarian.io", - "pleroma.gretagangbang.biz", - "gitmo.life" - ] - -config :pleroma, :emoji, - shortcode_globs: ["/emoji/custom/**/*.png"], - groups: [ - "Bahn": "/emoji/cuties/Bahn/*.png", - "Blobs": "/emoji/cuties/Blobs/*.png", - "Bread": "/emoji/cuties/Bread/*.png", - "LGBTIQ*": "/emoji/cuties/LGBTIQ\*/*.png", - "Signale": "/emoji/cuties/Signale/*.png", - "Naughty_Goose": "/emoji/cuties/naughty_goose/*.png", - 'Technology': "/emoji/cuties/Technology/*.png", - "Transportation": "/emoji/cuties/Transportation/*.png", - "Chaos": "/emoji/chaos/*.png", - "Femojis": "/emoji/femojis/*.png" - ] - -config :pleroma, configurable_from_database: false - -config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.Exiftool, Pleroma.Upload.Filter.AnonymizeFilename, Pleroma.Upload.Filter.Dedupe]
diff --git a/machines/deprecated/taurus/pleroma/default.nix b/machines/deprecated/taurus/pleroma/default.nix @@ -1,48 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - - age.secrets.restic-pleroma.file = ../../../secrets/taurus/restic/pleroma.age; - - restic-backups.pleroma = { - user = "pleroma"; - passwordFile = config.age.secrets.restic-pleroma.path; - paths = [ "/var/lib/pleroma" ]; - postgresDatabases = [ "pleroma" ]; - }; - - systemd.services.pleroma.path = [ pkgs.exiftool ]; - systemd.services.pleroma.onFailure = [ "email-notify@%i.service" ]; - - services = { - postgresql = { - enable = true; - ensureDatabases = [ "pleroma" ]; - ensureUsers = [ - { - name = "pleroma"; - ensurePermissions."DATABASE pleroma" = "ALL PRIVILEGES"; - } - ]; - }; - - pleroma = { - enable = true; - configs = [ (lib.fileContents ./config.exs) ]; - secretConfigFile = "/var/lib/pleroma/secret.exs"; - }; - - nginx = { - enable = true; - virtualHosts."trans-agenda.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:4000/"; - proxyWebsockets = true; - }; - }; - }; - }; - -}
diff --git a/machines/deprecated/taurus/syncthing.nix b/machines/deprecated/taurus/syncthing.nix @@ -1,28 +0,0 @@ -{config, lib, pkgs, ...}: - -{ - - imports = [ - ../../configurations/services/syncthing.nix - ]; - - systemd.services.syncthing.onFailure = [ "email-notify@%i.service" ]; - - services = { - syncthing = { - guiAddress = "0.0.0.0:8384"; - }; - - nginx = { - enable = true; - virtualHosts."syncthing.${config.networking.hostName}.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://127.0.0.1:8384/"; - }; - }; - }; - }; - -}