summaryrefslogtreecommitdiff
path: root/hosts/cez
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/cez')
-rw-r--r--hosts/cez/configuration.nix47
-rw-r--r--hosts/cez/hardware-configuration.nix38
-rw-r--r--hosts/cez/modules/network.nix15
-rw-r--r--hosts/cez/modules/sshfs.nix27
-rw-r--r--hosts/cez/modules/wayland.nix83
-rw-r--r--hosts/cez/modules/wireguard.nix27
-rw-r--r--hosts/cez/secrets.yaml32
7 files changed, 0 insertions, 269 deletions
diff --git a/hosts/cez/configuration.nix b/hosts/cez/configuration.nix
deleted file mode 100644
index 6a801b0..0000000
--- a/hosts/cez/configuration.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- user = config.userdata.user;
-in
-{
- imports = [
- ./hardware-configuration.nix
- ./modules/wayland.nix
- ./modules/sshfs.nix
- ./modules/wireguard.nix
- ./modules/network.nix
- ../../common.nix
- ];
-
- boot = {
- initrd.luks.reusePassphrases = true;
- consoleLogLevel = 3;
- kernelPackages = pkgs.linuxPackages_latest;
- };
-
- sound = {
- enable = true;
- extraConfig = ''
- defaults.pcm.card 1
- defaults.ctl.card 1
- '';
- };
-
- services = {
- pipewire = {
- enable = true;
- pulse.enable = true;
- };
- getty.autologinUser = user;
- };
-
- programs.adb.enable = true;
- users.users.${user} = {
- extraGroups = [ "adbusers" ];
- packages = with pkgs; [
- geoipWithDatabase
- ffmpeg
- (pass.withExtensions (exts: [ exts.pass-otp ]))
- ];
- };
-}
diff --git a/hosts/cez/hardware-configuration.nix b/hosts/cez/hardware-configuration.nix
deleted file mode 100644
index 19313e5..0000000
--- a/hosts/cez/hardware-configuration.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ modulesPath, ... }:
-
-{
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
- boot = {
- loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
-
- kernelModules = [ "kvm-amd" ];
- initrd = {
- availableKernelModules = [
- "nvme"
- "xhci_pci"
- "ahci"
- "usb_storage"
- "sd_mod"
- "sdhci_pci"
- ];
-
- luks.devices."crypt".device =
- "/dev/disk/by-uuid/84acd784-caad-41a1-a2e4-39468d01fefd";
- };
- };
-
- fileSystems = {
- "/boot" = {
- device = "/dev/disk/by-uuid/E37E-F611";
- fsType = "vfat";
- };
- "/" = {
- device = "/dev/disk/by-uuid/e063c9ad-b48f-4b6c-b94e-4c21d2238bce";
- fsType = "ext4";
- };
- };
-}
diff --git a/hosts/cez/modules/network.nix b/hosts/cez/modules/network.nix
deleted file mode 100644
index fb30056..0000000
--- a/hosts/cez/modules/network.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ ... }:
-
-{
- networking = {
- firewall.enable = false;
-
- wireless.iwd = {
- enable = true;
- settings = {
- General.EnableNetworkConfiguration = true;
- Network.NameResolvingService = "resolvconf";
- };
- };
- };
-}
diff --git a/hosts/cez/modules/sshfs.nix b/hosts/cez/modules/sshfs.nix
deleted file mode 100644
index a9ff183..0000000
--- a/hosts/cez/modules/sshfs.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, pkgs, ... }:
-
-let
- domain = config.userdata.domain;
- user = config.userdata.user;
- uid = config.users.users.${user}.uid;
- gid = config.users.groups.users.gid;
-in
-{
- sops.secrets."misc/sftp" = {};
- system.fsPackages = with pkgs; [ sshfs ];
-
- fileSystems."/kay" = {
- device = "sftp@${domain}:";
- fsType = "sshfs";
- options = [
- "allow_other" # for non-root access
- "uid=${toString uid}"
- "gid=${toString gid}"
- "_netdev" # this is a network fs
- "x-systemd.automount" # mount on demand
- "reconnect" # handle connection drops
- "ServerAliveInterval=15" # keep connections alive
- "IdentityFile=${config.sops.secrets."misc/sftp".path}"
- ];
- };
-}
diff --git a/hosts/cez/modules/wayland.nix b/hosts/cez/modules/wayland.nix
deleted file mode 100644
index c04d1bf..0000000
--- a/hosts/cez/modules/wayland.nix
+++ /dev/null
@@ -1,83 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
- user = config.userdata.user;
-in
-{
- # pkgs
- environment.systemPackages = with pkgs; [
- bemenu
- sway
- i3status
- swaylock
- swayidle
- swaybg
- foot
- wl-clipboard
- mako
- xdg-utils
- libnotify
- ];
-
- users.users.${user} = {
- extraGroups = [ "seat" ];
- packages = with pkgs; [
- zathura
- mpv
- imv
- wtype
- qemu
- OVMFFull
- grim
- slurp
- tor-browser-bundle-bin
- element-desktop-wayland
- pinentry-bemenu
- ];
- };
-
- # font
- fonts = {
- packages = with pkgs; [
- terminus-nerdfont
- dm-sans
- ];
- enableDefaultPackages = true;
- fontconfig = {
- hinting.style = "full";
- subpixel.rgba = "rgb";
- defaultFonts = {
- monospace = [ "Terminess Nerd Font" ];
- serif = [ "DeepMind Sans" ];
- sansSerif = [ "DeepMind Sans" ];
- };
- };
- };
-
- # misc
- services = {
- seatd.enable = true;
- dbus = {
- implementation = "broker";
- enable = true;
- };
- };
-
- programs = {
- gnupg.agent = {
- enable = true;
- settings.pinentry-program = lib.mkForce "${pkgs.pinentry-bemenu}/bin/pinentry-bemenu";
- };
- firefox = {
- enable = true;
- preferences = {
- "media.ffmpeg.vaapi.enabled" = true;
- "gfx.webrender.all" = true;
- "identity.fxaccounts.enabled" = false;
- };
- };
- };
-
- security.pam.services.swaylock.text = "auth include login";
- hardware.opengl.enable = true;
-}
diff --git a/hosts/cez/modules/wireguard.nix b/hosts/cez/modules/wireguard.nix
deleted file mode 100644
index d8e8dd0..0000000
--- a/hosts/cez/modules/wireguard.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, ... }:
-
-let
- domain = config.userdata.domain;
-in
-{
- sops.secrets."misc/wireguard" = {};
-
- networking.wg-quick.interfaces."kay" = {
- autostart = false;
- address = [ "10.0.1.2/24" ];
- dns = [ "10.0.1.1" ];
- mtu = 1380;
- privateKeyFile = config.sops.secrets."misc/wireguard".path;
-
- peers = [{
- publicKey = "wJMyQDXmZO4MjYRk6NK4+J6ZKWLTTZygAH+OwbPjOiw=";
- allowedIPs = [
- "10.0.1.0/24"
- "104.16.0.0/12"
- "172.64.0.0/13"
- ];
- endpoint = "${domain}:51820";
- persistentKeepalive = 25;
- }];
- };
-}
diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml
deleted file mode 100644
index f72eba6..0000000
--- a/hosts/cez/secrets.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-misc:
- sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str]
- wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL
- b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC
- TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj
- d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A
- xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps
- V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu
- Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X
- dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
- fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-01-09T06:00:09Z"
- mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.8.1