rm nova

2026-02-24 16:47:46 -05:00 · 2026-02-24 16:47:46 -05:00 · a0d7c07b06
commit a0d7c07b06
parent 085db7bbd6
8 changed files with 17 additions and 162 deletions
--- a/clients/nova/ava.nix
+++ b/clients/nova/ava.nix
@ -1,16 +0,0 @@
 { config, lib, ... }:
 {
  users = {
    mutableUsers = lib.mkForce true;
    users.ava = {
      isNormalUser = true;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcXzWUeVwJN7iPxMT/1lhJySY4t6Z2/fH/GHVuzQFr6 cardno:32_241_564"
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBnstd9HyyIjfXWfGymWDcRlK9nZuqgTIcueiqPUDaQ star@starforge"
      ];
      hashedPasswordFile = config.age.secrets."initialFloriPassword.age".path;
      description = "Flori Ava Star";
      extraGroups = [ "wheel" ];
    };
  };
 }
--- a/clients/nova/hardware-configuration.nix
+++ b/clients/nova/hardware-configuration.nix
@ -1,38 +0,0 @@
 { modulesPath, ... }:
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
  boot = {
    initrd.luks.devices."luks-ef228969-52cc-4238-b90f-9d97d625bba6".device =
      "/dev/disk/by-uuid/ef228969-52cc-4238-b90f-9d97d625bba6";
    kernelParams = [ "ip=dhcp" ];
    initrd.availableKernelModules = [
      "sr_mod"
      "ata_piix"
      "uhci_hcd"
      "virtio_pci"
      "virtio_net"
      "virtio_blk"
    ];
  };
  fileSystems = {
    "/" = {
      device = "/dev/disk/by-uuid/3c343e41-ca80-413f-a48c-af513bb28f5c";
      fsType = "btrfs";
      options = [ "subvol=@" ];
    };
    "/boot" = {
      device = "/dev/disk/by-uuid/9300-4D1C";
      fsType = "vfat";
      options = [
        "fmask=0077"
        "dmask=0077"
      ];
    };
  };
  swapDevices = [
    { device = "/dev/disk/by-uuid/c0c9de6f-9990-4346-b774-5f315b5ea115"; }
  ];
 }
--- a/clients/nova/matrix/continuwuity.nix
+++ b/clients/nova/matrix/continuwuity.nix
@ -1,10 +0,0 @@
 {
  quad.matrix = {
    enable = true;
    domain = "polyphony.chat";
    settings.well_known = {
      support_email = "info@polyphony.chat";
      support_mxid = null;
    };
  };
 }
--- a/clients/nova/matrix/zulip.nix
+++ b/clients/nova/matrix/zulip.nix
@ -1,51 +0,0 @@
 {
  lib,
  pkgs,
  config,
  ...
 }:
 {
  systemd.services.matrix-zulip-bridge = {
    description = "matrix-zulip-bridge server";
    wantedBy = [ "multi-user.target" ];
    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];
    serviceConfig =
      let
        secretName = "matrix-zulip-bridge-secrets";
      in
      {
        LoadCredential = [
          "${secretName}:${config.age.secrets."zulipRegistration.age".path}"
        ];
        ExecStart = "${lib.getExe pkgs.matrix-zulip-bridge} --config /run/credentials/matrix-zulip-bridge.service/${secretName} --owner @quadradical:${config.quad.matrix.domain} ${config.services.matrix-continuwuity.settings.global.well_known.client}";
        DynamicUser = true;
        LockPersonality = true;
        MemoryDenyWriteExecute = true;
        ProtectClock = true;
        ProtectControlGroups = true;
        ProtectHostname = true;
        ProtectKernelLogs = true;
        ProtectKernelModules = true;
        ProtectKernelTunables = true;
        PrivateDevices = true;
        PrivateMounts = true;
        RestrictAddressFamilies = [
          "AF_INET"
          "AF_INET6"
        ];
        RestrictNamespaces = true;
        RestrictRealtime = true;
        ProtectHome = true;
        SystemCallArchitectures = "native";
        SystemCallFilter = [
          "@system-service"
          "~@privileged"
          "~@resources"
        ];
        Restart = "always";
        RestartSec = 5;
      };
  };
 }
--- a/clients/nova/unlock-ssh-initrd.nix
+++ b/clients/nova/unlock-ssh-initrd.nix
@ -1,20 +0,0 @@
 { config, ... }:
 {
  fileSystems."/".options = [ "x-systemd.device-timeout=0" ];
  networking.firewall.allowedTCPPorts = [ 222 ];
  boot = {
    loader.grub.enable = false;
    initrd = {
      systemd = {
        enable = true;
        users.root.shell = "/bin/systemd-tty-ask-password-agent";
      };
      network.ssh = {
        enable = true;
        port = 222;
        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ];
        authorizedKeys = config.users.users.ava.openssh.authorizedKeys.keys;
      };
    };
  };
 }
--- a/clients/quadraticserver/boot.nix
+++ b/clients/quadraticserver/boot.nix
@ -1,12 +0,0 @@
 { modulesPath, ... }:
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
  boot.loader.grub = {
    enable = true;
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
 }
--- a/clients/quadraticserver/network.nix
+++ b/clients/quadraticserver/network.nix
@ -1,19 +1,21 @@
 {
  networking.useDHCP = false;
-  systemd.network.enable = true;
+  systemd.network = {
-  systemd.network.networks."30-wan" = {
+    enable = true;
-    matchConfig.Name = "enp1s0";
+    networks."30-wan" = {
-    networkConfig.DHCP = "no";
+      matchConfig.Name = "enp1s0";
-    address = [
+      networkConfig.DHCP = "no";
-      "91.99.155.129/32"
+      address = [
-      "2a01:4f8:c012:d202::1/64"
+        "91.99.155.129/32"
-    ];
+        "2a01:4f8:c012:d202::1/64"
-    routes = [
+      ];
-      {
+      routes = [
-        Gateway = "172.31.1.1";
+        {
-        GatewayOnLink = true;
+          Gateway = "172.31.1.1";
-      }
+          GatewayOnLink = true;
-      { Gateway = "fe80::1"; }
+        }
-    ];
+        { Gateway = "fe80::1"; }
      ];
    };
  };
 }
--- a/modules/desktop/boot.nix
+++ b/modules/desktop/boot.nix