rm nova

2026-02-24 16:47:46 -05:00 · 2026-02-24 16:47:46 -05:00 · a0d7c07b06
commit a0d7c07b06
parent 085db7bbd6
8 changed files with 17 additions and 162 deletions
--- a/clients/nova/ava.nix
+++ b/clients/nova/ava.nix
@ -1,16 +0,0 @@
-{ config, lib, ... }:
-{
-  users = {
-    mutableUsers = lib.mkForce true;
-    users.ava = {
-      isNormalUser = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcXzWUeVwJN7iPxMT/1lhJySY4t6Z2/fH/GHVuzQFr6 cardno:32_241_564"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBnstd9HyyIjfXWfGymWDcRlK9nZuqgTIcueiqPUDaQ star@starforge"
-      ];
-      hashedPasswordFile = config.age.secrets."initialFloriPassword.age".path;
-      description = "Flori Ava Star";
-      extraGroups = [ "wheel" ];
-    };
-  };
-}
--- a/clients/nova/hardware-configuration.nix
+++ b/clients/nova/hardware-configuration.nix
@ -1,38 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-
-  boot = {
-    initrd.luks.devices."luks-ef228969-52cc-4238-b90f-9d97d625bba6".device =
-      "/dev/disk/by-uuid/ef228969-52cc-4238-b90f-9d97d625bba6";
-    kernelParams = [ "ip=dhcp" ];
-    initrd.availableKernelModules = [
-      "sr_mod"
-      "ata_piix"
-      "uhci_hcd"
-      "virtio_pci"
-      "virtio_net"
-      "virtio_blk"
-    ];
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/3c343e41-ca80-413f-a48c-af513bb28f5c";
-      fsType = "btrfs";
-      options = [ "subvol=@" ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/9300-4D1C";
-      fsType = "vfat";
-      options = [
-        "fmask=0077"
-        "dmask=0077"
-      ];
-    };
-  };
-
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/c0c9de6f-9990-4346-b774-5f315b5ea115"; }
-  ];
-}
--- a/clients/nova/matrix/continuwuity.nix
+++ b/clients/nova/matrix/continuwuity.nix
@ -1,10 +0,0 @@
-{
-  quad.matrix = {
-    enable = true;
-    domain = "polyphony.chat";
-    settings.well_known = {
-      support_email = "info@polyphony.chat";
-      support_mxid = null;
-    };
-  };
-}
--- a/clients/nova/matrix/zulip.nix
+++ b/clients/nova/matrix/zulip.nix
@ -1,51 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-{
-  systemd.services.matrix-zulip-bridge = {
-    description = "matrix-zulip-bridge server";
-    wantedBy = [ "multi-user.target" ];
-    wants = [ "network-online.target" ];
-    after = [ "network-online.target" ];
-
-    serviceConfig =
-      let
-        secretName = "matrix-zulip-bridge-secrets";
-      in
-      {
-        LoadCredential = [
-          "${secretName}:${config.age.secrets."zulipRegistration.age".path}"
-        ];
-        ExecStart = "${lib.getExe pkgs.matrix-zulip-bridge} --config /run/credentials/matrix-zulip-bridge.service/${secretName} --owner @quadradical:${config.quad.matrix.domain} ${config.services.matrix-continuwuity.settings.global.well_known.client}";
-        DynamicUser = true;
-        LockPersonality = true;
-        MemoryDenyWriteExecute = true;
-        ProtectClock = true;
-        ProtectControlGroups = true;
-        ProtectHostname = true;
-        ProtectKernelLogs = true;
-        ProtectKernelModules = true;
-        ProtectKernelTunables = true;
-        PrivateDevices = true;
-        PrivateMounts = true;
-        RestrictAddressFamilies = [
-          "AF_INET"
-          "AF_INET6"
-        ];
-        RestrictNamespaces = true;
-        RestrictRealtime = true;
-        ProtectHome = true;
-        SystemCallArchitectures = "native";
-        SystemCallFilter = [
-          "@system-service"
-          "~@privileged"
-          "~@resources"
-        ];
-        Restart = "always";
-        RestartSec = 5;
-      };
-  };
-}
--- a/clients/nova/unlock-ssh-initrd.nix
+++ b/clients/nova/unlock-ssh-initrd.nix
@ -1,20 +0,0 @@
-{ config, ... }:
-{
-  fileSystems."/".options = [ "x-systemd.device-timeout=0" ];
-  networking.firewall.allowedTCPPorts = [ 222 ];
-  boot = {
-    loader.grub.enable = false;
-    initrd = {
-      systemd = {
-        enable = true;
-        users.root.shell = "/bin/systemd-tty-ask-password-agent";
-      };
-      network.ssh = {
-        enable = true;
-        port = 222;
-        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ];
-        authorizedKeys = config.users.users.ava.openssh.authorizedKeys.keys;
-      };
-    };
-  };
-}
--- a/clients/quadraticserver/boot.nix
+++ b/clients/quadraticserver/boot.nix
@ -1,12 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
-}
--- a/clients/quadraticserver/network.nix
+++ b/clients/quadraticserver/network.nix
@ -1,19 +1,21 @@
 {
  networking.useDHCP = false;
-  systemd.network.enable = true;
-  systemd.network.networks."30-wan" = {
-    matchConfig.Name = "enp1s0";
-    networkConfig.DHCP = "no";
-    address = [
-      "91.99.155.129/32"
-      "2a01:4f8:c012:d202::1/64"
-    ];
-    routes = [
-      {
-        Gateway = "172.31.1.1";
-        GatewayOnLink = true;
-      }
-      { Gateway = "fe80::1"; }
-    ];
+  systemd.network = {
+    enable = true;
+    networks."30-wan" = {
+      matchConfig.Name = "enp1s0";
+      networkConfig.DHCP = "no";
+      address = [
+        "91.99.155.129/32"
+        "2a01:4f8:c012:d202::1/64"
+      ];
+      routes = [
+        {
+          Gateway = "172.31.1.1";
+          GatewayOnLink = true;
+        }
+        { Gateway = "fe80::1"; }
+      ];
+    };
  };
 }
--- a/modules/desktop/boot.nix
+++ b/modules/desktop/boot.nix