Start refactor

2025-07-29 19:17:45 +00:00 · 2025-01-11 15:51:21 +03:00 · 2025-01-11 15:51:21 +03:00 · 06cce18e72
commit 06cce18e72
parent 99b7ccfadb
155 changed files with 2139 additions and 3738 deletions
--- a/hosts/disk/default.nix
+++ b/hosts/disk/default.nix
@ -1,56 +0,0 @@
-{ config, lib, keys, ... }: with lib; merge
-
-(systemConfiguration {
-  system.stateVersion  = "23.11";
-  nixpkgs.hostPlatform = "x86_64-linux";
-
-  secrets.id.file              = ./id.age;
-  secrets.floppyPassword.file  = ./password.floppy.age;
-
-  users.users = {
-    root.hashedPasswordFile = config.secrets.floppyPassword.path;
-
-    floppy = sudoUser {
-      description                 = "Floppy";
-      openssh.authorizedKeys.keys = keys.admins;
-      hashedPasswordFile          = config.secrets.floppyPassword.path;
-    };
-
-    backup = normalUser {
-      description                 = "Backup";
-      openssh.authorizedKeys.keys = keys.all;
-      hashedPasswordFile          = config.secrets.floppyPassword.path;
-    };
-  };
-
-  services.openssh.hostKeys = [{
-    type = "ed25519";
-    path = config.secrets.id.path;
-  }];
-
-  networking = {
-    ipv4 = "23.164.232.40";
-    ipv6 = "2602:f9f7::40";
-
-    domain = "rgbcu.be";
-
-    defaultGateway  = "23.164.232.1";
-    defaultGateway6 = "2602:f9f7::1";
-
-    interfaces.ens32 = {
-      ipv4.addresses = [{
-        address      = config.networking.ipv4;
-        prefixLength = 25;
-      }];
-
-      ipv6.addresses = [{
-        address      = config.networking.ipv6;
-        prefixLength = 64;
-      }];
-    };
-  };
-})
-
-(homeConfiguration {
-  home.stateVersion = "23.11";
-})
--- a/hosts/disk/hardware.nix
+++ b/hosts/disk/hardware.nix
@ -1,34 +0,0 @@
-{ config, lib, ... }: with lib;
-
-systemConfiguration {
-  boot.loader = {
-    systemd-boot = enabled {
-      editor = false;
-    };
-
-    efi.canTouchEfiVariables = true;
-  };
-
-  boot.initrd.availableKernelModules = [
-    "ahci"
-    "ata_piix"
-    "nvme"
-    "sr_mod"
-  ];
-
-  fileSystems."/" = {
-    device  = "/dev/disk/by-label/root";
-    fsType  = "ext4";
-    options = [ "noatime" ];
-  };
-
-  fileSystems.${config.boot.loader.efi.efiSysMountPoint} = {
-    device  = "/dev/disk/by-label/boot";
-    fsType  = "vfat";
-    options = [ "noatime" ];
-  };
-
-  swapDevices = [{
-    device = "/dev/disk/by-label/swap";
-  }];
-}
--- a/hosts/disk/id.age
+++ b/hosts/disk/id.age
--- a/hosts/disk/mail/default.nix
+++ b/hosts/disk/mail/default.nix
@ -1,55 +0,0 @@
-{ self, config, lib, ... }: with lib;
-
-let
-  inherit (config.networking) domain;
-
-  fqdn = "mail1.${domain}";
-in systemConfiguration {
-  imports = [(self + /hosts/cube/acme)];
-
-  secrets.mailPassword.file = ./password.hash.age;
-
-  services.prometheus.exporters.postfix = enabled {
-    listenAddress = "[::]";
-  };
-
-  services.restic.backups = genAttrs config.resticHosts (const {
-    paths = [ config.mailserver.dkimKeyDirectory config.mailserver.mailDirectory ];
-  });
-
-  mailserver = enabled {
-    fqdn = mkDefault fqdn;
-
-    domains           = mkDefault [ domain ];
-    certificateScheme = "acme";
-
-    # We use systemd-resolved instead of Knot Resolver.
-    localDnsResolver = false;
-
-    hierarchySeparator = "/";
-    useFsLayout        = true;
-
-    dkimKeyDirectory = "/var/lib/dkim";
-    mailDirectory    = "/var/lib/mail";
-    sieveDirectory   = "/var/lib/sieve";
-
-    vmailUserName  = "mail";
-    vmailGroupName = "mail";
-
-    dmarcReporting = enabled {
-      domain = head config.mailserver.domains;
-
-      organizationName = "Doofemshmirtz Evil Inc.";
-    };
-
-    fullTextSearch = enabled {
-      indexAttachments = true;
-    };
-
-    loginAccounts."contact@${head config.mailserver.domains}" = {
-      aliases = [ "@${head config.mailserver.domains}" ];
-
-      hashedPasswordFile = config.secrets.mailPassword.path;
-    };
-  };
-}
--- a/hosts/disk/mail/password.hash.age
+++ b/hosts/disk/mail/password.hash.age
--- a/hosts/disk/mail/password.plain.age
+++ b/hosts/disk/mail/password.plain.age
@ -1,15 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 +rZ0Tw AZFDaJ2juVpQRex9baxUPiFC4xZyna2G6ysYA4aFQkU
-Cg1SJWa8PTiMDB5fOQYx7WcbfPri7nFsuCZuCRquD8c
-> ssh-ed25519 spFFQA vBOffcs6nE2VcGzkQBlhfy0GIWz+/7L09CJ5cQzRhQg
-b4ZWVCSDdiF+5zMNK1b+wvG2esRfU+otY5OnVCTvRBo
-> ssh-ed25519 CzqbPQ jPL7pBXMF4QIYkULJhlvinx1hnr+aJclp8jpuLIlp2g
-ud5StShENlRhlO+JJyaJciLKVUGW1XQPmPk1u9KXOKo
-> ssh-ed25519 dASlBQ LIRlKcAHsI3kf0MSuR7lpbTXCYRL1g2JjLZs4msYCAw
-7o3ESCqC3Jm/5NK52IDGkx0ZQkAZY8eyiBgf9y5mUCI
-> ssh-ed25519 f5VzMA FUHuEsI2aebZiTwODrXpKJnAV4EyaUGE/+gDxwsVixY
-XyEpcL1XXuoQU6erVRE2Sv9x8PisaXDBZHdWdelQPTE
-> ssh-ed25519 V6IHIQ IlarCBGBKJGagqo6cL5VhhnETwDdy/nJZ0EoBtfmrH0
-QE6Z9Dk5mFcLF0hb1oG53ZWwhf+v0Ena90ocXEk50a0
--- 7kXJ0xIQb1yooKiZ70qZz/5kJvnE7K6uvgFu63PXQC0
-6Ö›•<E280BA>g<EFBFBD>¸ù¿U}õçc;Då)ºex2<78>}†v±Æ`¶kíz#È±(
--- a/hosts/disk/password.floppy.age
+++ b/hosts/disk/password.floppy.age
@ -1,10 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 spFFQA GwQd6KJsc9NzOs7fVBTyeusvYtpD2KjOqsitNqmgxAg
-2U1KsgcT4cKNOjFCWlDfilSfe5+EIW/94nsMITcntSM
-> ssh-ed25519 CzqbPQ G7MWCZj/l2DaviWkph1NBxiMlxjxKO+/jcpPQ5rM+yU
-6Nzzd6X+SRkLcdMIm2CQdkimq6UqD/bsTYObgglq5Ns
-> ssh-ed25519 f5VzMA Yho8qwQjRfrjepTOYCvos0pEidzf4sRRkgcZFIx7Th0
-K6M3CmEGuZBk5kUFsv31AB8p/KgdcpjXU5uayFQr6ws
--- vzZtwqbz/MdrNaAQ3SYEoeGrHP+yYiI+kv451wRlkdw
-
-p˜~T³¦úå×ÅáÒÕó»õ¤Í<C2A4>¤(±EdÙÃ\ì$U¶{å"ì l5E[JæœÕõ<C395>;º.<2E>~°jõBÀ¿@§T¿u&b«-ÁpPRF¡ç<C2A1>zg"‹ˆÂËâ<r°B3ç¾ºîÛ°»…
--- a/hosts/disk/site6.nix
+++ b/hosts/disk/site6.nix
@ -1,9 +0,0 @@
-{ self, lib, ... }: with lib;
-
-systemConfiguration {
-  imports = [
-    (self + /hosts/cube/acme)
-    (self + /hosts/cube/nginx.nix)
-    (self + /hosts/cube/site.nix)
-  ];
-}