diff --git a/clients/nova/ava.nix b/clients/nova/ava.nix deleted file mode 100644 index bfbc569..0000000 --- a/clients/nova/ava.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, ... }: -{ - users = { - mutableUsers = lib.mkForce true; - users.ava = { - isNormalUser = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcXzWUeVwJN7iPxMT/1lhJySY4t6Z2/fH/GHVuzQFr6 cardno:32_241_564" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBnstd9HyyIjfXWfGymWDcRlK9nZuqgTIcueiqPUDaQ star@starforge" - ]; - hashedPasswordFile = config.age.secrets."initialFloriPassword.age".path; - description = "Flori Ava Star"; - extraGroups = [ "wheel" ]; - }; - }; -} diff --git a/clients/nova/hardware-configuration.nix b/clients/nova/hardware-configuration.nix deleted file mode 100644 index 4064169..0000000 --- a/clients/nova/hardware-configuration.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - boot = { - initrd.luks.devices."luks-ef228969-52cc-4238-b90f-9d97d625bba6".device = - "/dev/disk/by-uuid/ef228969-52cc-4238-b90f-9d97d625bba6"; - kernelParams = [ "ip=dhcp" ]; - initrd.availableKernelModules = [ - "sr_mod" - "ata_piix" - "uhci_hcd" - "virtio_pci" - "virtio_net" - "virtio_blk" - ]; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/3c343e41-ca80-413f-a48c-af513bb28f5c"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/9300-4D1C"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/c0c9de6f-9990-4346-b774-5f315b5ea115"; } - ]; -} diff --git a/clients/nova/matrix/continuwuity.nix b/clients/nova/matrix/continuwuity.nix deleted file mode 100644 index 20bc9bc..0000000 --- a/clients/nova/matrix/continuwuity.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - quad.matrix = { - enable = true; - domain = "polyphony.chat"; - settings.well_known = { - support_email = "info@polyphony.chat"; - support_mxid = null; - }; - }; -} diff --git a/clients/nova/matrix/zulip.nix b/clients/nova/matrix/zulip.nix deleted file mode 100644 index 042e7e1..0000000 --- a/clients/nova/matrix/zulip.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -{ - systemd.services.matrix-zulip-bridge = { - description = "matrix-zulip-bridge server"; - wantedBy = [ "multi-user.target" ]; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - - serviceConfig = - let - secretName = "matrix-zulip-bridge-secrets"; - in - { - LoadCredential = [ - "${secretName}:${config.age.secrets."zulipRegistration.age".path}" - ]; - ExecStart = "${lib.getExe pkgs.matrix-zulip-bridge} --config /run/credentials/matrix-zulip-bridge.service/${secretName} --owner @quadradical:${config.quad.matrix.domain} ${config.services.matrix-continuwuity.settings.global.well_known.client}"; - DynamicUser = true; - LockPersonality = true; - MemoryDenyWriteExecute = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - PrivateDevices = true; - PrivateMounts = true; - RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" - ]; - RestrictNamespaces = true; - RestrictRealtime = true; - ProtectHome = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "@system-service" - "~@privileged" - "~@resources" - ]; - Restart = "always"; - RestartSec = 5; - }; - }; -} diff --git a/clients/nova/unlock-ssh-initrd.nix b/clients/nova/unlock-ssh-initrd.nix deleted file mode 100644 index 716edad..0000000 --- a/clients/nova/unlock-ssh-initrd.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, ... }: -{ - fileSystems."/".options = [ "x-systemd.device-timeout=0" ]; - networking.firewall.allowedTCPPorts = [ 222 ]; - boot = { - loader.grub.enable = false; - initrd = { - systemd = { - enable = true; - users.root.shell = "/bin/systemd-tty-ask-password-agent"; - }; - network.ssh = { - enable = true; - port = 222; - hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ]; - authorizedKeys = config.users.users.ava.openssh.authorizedKeys.keys; - }; - }; - }; -} diff --git a/clients/quadraticserver/boot.nix b/clients/quadraticserver/boot.nix deleted file mode 100644 index 7711dd0..0000000 --- a/clients/quadraticserver/boot.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - (modulesPath + "/profiles/qemu-guest.nix") - ]; - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - }; -} diff --git a/clients/quadraticserver/network.nix b/clients/quadraticserver/network.nix index 737c642..3d7a753 100644 --- a/clients/quadraticserver/network.nix +++ b/clients/quadraticserver/network.nix @@ -1,19 +1,21 @@ { networking.useDHCP = false; - systemd.network.enable = true; - systemd.network.networks."30-wan" = { - matchConfig.Name = "enp1s0"; - networkConfig.DHCP = "no"; - address = [ - "91.99.155.129/32" - "2a01:4f8:c012:d202::1/64" - ]; - routes = [ - { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - } - { Gateway = "fe80::1"; } - ]; + systemd.network = { + enable = true; + networks."30-wan" = { + matchConfig.Name = "enp1s0"; + networkConfig.DHCP = "no"; + address = [ + "91.99.155.129/32" + "2a01:4f8:c012:d202::1/64" + ]; + routes = [ + { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + } + { Gateway = "fe80::1"; } + ]; + }; }; } diff --git a/modules/desktop/boot.nix b/modules/common/boot.nix similarity index 100% rename from modules/desktop/boot.nix rename to modules/common/boot.nix