europa is kil

This commit is contained in:
Oystein Kristoffer Tveit 2025-04-28 10:44:13 +02:00
parent 68594651ac
commit f38c03d787
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
11 changed files with 0 additions and 208 deletions

@ -3,7 +3,6 @@ keys:
- &host_tsuki age1c92j4w0gqh32hwssl5m2mfrggssxax9pge8qxwytv9lmrnfttcvqdrgsst
- &host_kasei age1eu2a6m3adakfzelfa9pqpl74a5dz0wkyr0v7gegm5ajnx7aqmqcqsp2ftc
- &host_dosei age1s6s4w7cdfgajm30z9gy8va8pvs2lrzk5gnsg0hmn5z2sl8z36seqej406r
- &host_europa age14mer45e52r2q4uz8n3fmv69tvk8gvwany4m4ndudud8ajv3jm4nqdj9m6a
- &host_xps16 age1np3fg9ue2tp4l47x7waapvjxh5zcaye2j54laapy7uklamve2c4qv3gytm
- &home age10f4a5acpar8vwz3v298r3nv7gggfpmyh4wxpkc2hwq9paq0scf8qee8lau
- &home_dosei age17acs5lw7npma4sughxq3wj3cs5gjkenqdzscyvaks0er33n8gupsce7jlp
@ -17,7 +16,6 @@ creation_rules:
- *host_tsuki
- *host_kasei
- *host_dosei
- *host_europa
- *host_xps16
- *home
- *home_dosei
@ -57,10 +55,3 @@ creation_rules:
- *gpg_h7x4
age:
- *host_dosei
- path_regex: secrets/europa.yaml
key_groups:
- pgp:
- *gpg_h7x4
age:
- *host_europa

@ -25,7 +25,6 @@ Here are some of the interesting files and dirs:
| `Tsuki` | Dell Poweredge r710 server | Data storage / Build server / Selfhosted services. This server hosts a wide variety of services, including websites, matrix server, git repos, CI/CD and more. **This is probably the most interesting machine to pick config from** |
| `Kasei` | AMD Zen 2 CPU / AMD GPU - desktop computer | Semi-daily driver. This is my main computer at home. |
| `Dosei` | Dell Optiplex | Work computer, mostly used for development and testing. |
| `Europa` | Dell Optiplex | Other work computer, used as nix builder for `Dosei`. |
## home-manager configuration

@ -274,14 +274,6 @@
nixos-hardware.nixosModules.common-gpu-intel
];
};
europa = nixSys "europa" {
modules = [
nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
];
};
tsuki = nixSys "tsuki" {
modules = [
matrix-synapse-next.nixosModules.default

@ -1,19 +0,0 @@
{ ... }:
{
# TODO: Reproducible certificates
services.journald.remote = {
enable = true;
settings.Remote = {
# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
ServerKeyFile = "/etc/journald-remote-certs/key.pem";
ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
TrustedCertificateFile = "-";
};
};
# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
# "key.pem:/etc/journald-remote-certs/key.pem"
# "cert.pem:/etc/journald-remote-certs/cert.pem"
# ];
}

@ -1,96 +0,0 @@
{ config, pkgs, lib, ... }:
{
imports = [
./hardware-configuration.nix
./services/avahi.nix
./services/docker.nix
./services/journald-remote.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
i18n.defaultLocale = "en_US.UTF-8";
services.udev.packages = with pkgs; [
segger-jlink
];
system.stateVersion = "24.05";
machineVars = {
headless = true;
gaming = false;
development = true;
creative = false;
dataDrives = let
main = "/data";
in {
drives = { inherit main; };
default = main;
};
};
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
# security.pam.services.login.unixAuth = true;
# systemd.network = {
# enable = true;
# # broken
# wait-online.enable = true;
# };
networking = {
hostName = "europa";
networkmanager.enable = true;
# TODO: reenable
firewall.enable = false;
# hostId = "007f0201";
};
services = {
openssh = {
enable = true;
settings.X11Forwarding = true;
settings.PasswordAuthentication = lib.mkForce true;
};
# xserver = {
# # displayManager.gdm.enable = true;
# # desktopManager.gnome.enable = true;
# # videoDrivers = [ "nvidia" ];
# };
# tailscale.enable = true;
};
hardware = {
bluetooth.enable = true;
# cpu.amd.updateMicrocode = true;
enableRedistributableFirmware = true;
keyboard.zsa.enable = true;
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
# nvidia = {
# modesetting.enable = true;
# nvidiaSettings = true;
# };
};
programs.usbtop.enable = true;
}

@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/2de4150d-e418-4f22-a516-3f35352eb66a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/12CE-A600";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/8c8bc640-83f4-4eee-909b-457989cebfe4"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

@ -1,4 +0,0 @@
{ ... }:
{
home.stateVersion = "24.05";
}

@ -1,13 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.avahi = {
enable = true;
publish.enable = true;
publish.addresses = true;
publish.domain = true;
publish.hinfo = true;
publish.userServices = true;
publish.workstation = true;
extraServiceFiles.ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
};
}

@ -1,4 +0,0 @@
{ config, pkgs, lib, ... }:
{
virtualisation.docker.enable = true;
}

@ -1,14 +0,0 @@
{ ... }:
{
services.journald.upload = {
enable = true;
settings.Upload = {
URL = "https://10.250.14.105:19532";
# ServerKeyFile = toString ./key.pem;
# ServerCertificateFile = toString ./cert.pem;
ServerKeyFile = "-";
ServerCertificateFile = "-";
TrustedCertificateFile = "-";
};
};
}