diff --git a/machines/bin-cache/default.nix b/machines/bin-cache/default.nix deleted file mode 100644 index 0f8c6b2..0000000 --- a/machines/bin-cache/default.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ config, pkgs, lib, ... }: - -{ - imports = - [ - ./hardware.nix - ./home-julien.nix - ../../users/julien.nix - ../../users/default.nix - ]; - - - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.useOSProber = true; - - networking.hostName = "bin-cache"; - - time.timeZone = "Europe/Paris"; - - environment.systemPackages = [ pkgs.tailscale pkgs.attic ]; - services.tailscale.enable = true; - networking.firewall.checkReversePath = "loose"; - - services.nginx.enable = true; - services.nginx.recommendedGzipSettings = true; - services.nginx.recommendedOptimisation = true; - services.nginx.recommendedProxySettings = true; - services.nginx.recommendedTlsSettings = true; - - services.nginx.virtualHosts."cache.julienmalka.me" = { - locations."/" = { - proxyPass = "http://localhost:8080"; - proxyWebsockets = true; - }; - }; - - networking.nameservers = [ "100.100.45.5" "9.9.9.9" ]; - environment.etc."resolv.conf" = with lib; with pkgs; { - source = writeText "resolv.conf" '' - ${concatStringsSep "\n" (map (ns: "nameserver ${ns}") config.networking.nameservers)} - options edns0 - ''; - }; - - - sops.secrets.attic-secret = { - owner = "root"; - path = "/etc/atticd.env"; - format = "binary"; - sopsFile = ../../secrets/attic-secret; - }; - - services.atticd = { - enable = true; - # Replace with absolute path to your credentials file - credentialsFile = "/etc/atticd.env"; - - settings = { - listen = "[::]:8080"; - - # Data chunking - # - # Warning: If you change any of the values here, it will be - # difficult to reuse existing chunks for newly-uploaded NARs - # since the cutpoints will be different. As a result, the - # deduplication ratio will suffer for a while after the change. - chunking = { - # The minimum NAR size to trigger chunking - # - # If 0, chunking is disabled entirely for newly-uploaded NARs. - # If 1, all NARs are chunked. - nar-size-threshold = 64 * 1024; # 64 KiB - - # The preferred minimum size of a chunk, in bytes - min-size = 16 * 1024; # 16 KiB - - # The preferred average size of a chunk, in bytes - avg-size = 64 * 1024; # 64 KiB - - # The preferred maximum size of a chunk, in bytes - max-size = 256 * 1024; # 256 KiB - }; - }; - }; - - security.acme.acceptTerms = true; - security.acme.defaults.email = "julien@malka.sh"; - - - security.pki.certificates = [ - ''-----BEGIN CERTIFICATE----- -MIIByzCCAXKgAwIBAgIQAcJCOR+99m5v3dHWQw5m9jAKBggqhkjOPQQDAjAwMRIw -EAYDVQQKEwlTYXVtb25OZXQxGjAYBgNVBAMTEVNhdW1vbk5ldCBSb290IENBMB4X -DTIyMDQyNDIwMDE1MFoXDTMyMDQyMTIwMDE1MFowODESMBAGA1UEChMJU2F1bW9u -TmV0MSIwIAYDVQQDExlTYXVtb25OZXQgSW50ZXJtZWRpYXRlIENBMFkwEwYHKoZI -zj0CAQYIKoZIzj0DAQcDQgAE5Sk6vYJcYlh4aW0vAN84MWr84TTVTTdsM2s8skH6 -7fDsqNMb7FMwUMEAFwQRiADjYy3saU2Dogh2ESuB1dDFFqNmMGQwDgYDVR0PAQH/ -BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFO5iTfZiutpsM7ja -mP3yuMIy6iNTMB8GA1UdIwQYMBaAFBWOQHe4eAeothQTmTNKiG/pAowGMAoGCCqG -SM49BAMCA0cAMEQCICu8u19I7RMfnQ7t3QXHP5fdUm/fX/puqF+jYSf9SZEoAiBc -oVcd0OfuAExWHhOMUZ0OV4bws9WCax333I+Pg4nDNw== ------END CERTIFICATE-----'' - ''-----BEGIN CERTIFICATE----- -MIIBpTCCAUqgAwIBAgIRALevKnnElllot/cRNGjnUqUwCgYIKoZIzj0EAwIwMDES -MBAGA1UEChMJU2F1bW9uTmV0MRowGAYDVQQDExFTYXVtb25OZXQgUm9vdCBDQTAe -Fw0yMjA0MjQyMDAxNDlaFw0zMjA0MjEyMDAxNDlaMDAxEjAQBgNVBAoTCVNhdW1v -bk5ldDEaMBgGA1UEAxMRU2F1bW9uTmV0IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggq -hkjOPQMBBwNCAAQG356Ui437dBTSOiJILKjVkwrJMsXN3eba/T1N+IJeqRBfigo7 -BW9YZfs1xIbMZ5wL0Zc/DsSEo5xCC7j4YaXro0UwQzAOBgNVHQ8BAf8EBAMCAQYw -EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUFY5Ad7h4B6i2FBOZM0qIb+kC -jAYwCgYIKoZIzj0EAwIDSQAwRgIhALdsEqiRa4ak5Cnin6Tjnel5uOiHSjoC6LKf -VfXtULncAiEA2gmqdr+ugFz5tvPdKwanroTiMTUMhhCRYVlQlyTApyQ= ------END CERTIFICATE-----'' - ]; - - - services.openssh = { - enable = true; - ports = [ 45 ]; - settings.PermitRootLogin = "yes"; - openFirewall = true; - }; - - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9Uzb7szWlux7HuxLZej9cBR5MhLz/vaAPPfSoozt2k julien@enigma.local" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower" - ]; - - networking.firewall.allowedTCPPorts = [ 443 80 8428 ]; - networking.firewall.allowedUDPPorts = [ 443 80 8428 ]; - system.stateVersion = "22.11"; -} diff --git a/machines/bin-cache/hardware.nix b/machines/bin-cache/hardware.nix deleted file mode 100644 index aca781a..0000000 --- a/machines/bin-cache/hardware.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, modulesPath, ... }: - -{ - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { - device = "/dev/disk/by-uuid/60c91357-1fe9-41da-8fb4-2f601d53ccab"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens18.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/machines/bin-cache/home-julien.nix b/machines/bin-cache/home-julien.nix deleted file mode 100644 index fe8d093..0000000 --- a/machines/bin-cache/home-julien.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - luj.hmgr.julien = { }; -}