diff --git a/.sops.yaml b/.sops.yaml index 24f07321..a186a160 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,6 @@ keys: - &snvnarr_l age1mwhj6e0tjarsrh2trsdgtd7d34szqcakylqkw2dve2ps72yes9zqqq3ynu - &vn_l age1hqwmpc6eawher5rju0g0m0e507pnwn38pc89ml22znzc98gv05sshkny9z - &xn_l age1zfrv9esrwa3dlx2yamfxz33w2dn4rkc3m54x0xje2nve4fhrtfuqlqv3f4 - - &x390_l age1lummhsag5zpwn6yws4m8nvz56g2gwyrpdf4dpqvehjmp7rt4r9dszqfuru creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -20,4 +19,3 @@ creation_rules: - *snvnarr_l - *vn_l - *xn_l - - *x390_l diff --git a/.woodpecker/x86-linux.yaml b/.woodpecker/x86-linux.yaml index eaf42078..546ff3d4 100644 --- a/.woodpecker/x86-linux.yaml +++ b/.woodpecker/x86-linux.yaml @@ -233,24 +233,18 @@ }, { "commands": [ - "nix build '.#nixosConfigurations.xn.config.system.build.toplevel' -o 'result-x390'" ], "image": "bash", - "name": "Build x390" }, { "commands": [ - "nix path-info --closure-size -h $(readlink -f 'result-x390')" ], "image": "bash", - "name": "Show x390 info" }, { "commands": [ - "attic push lounge-rocks:nix-cache 'result-x390'" ], "image": "bash", - "name": "Push x390 to Attic" } ] } diff --git a/machines/x390/configuration.nix b/machines/x390/configuration.nix deleted file mode 100644 index 2cdfef03..00000000 --- a/machines/x390/configuration.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ self, ... }: -{ pkgs, lib, config, flake-self, home-manager, ... }: { - imports = [ - ./hardware-configuration.nix - home-manager.nixosModules.home-manager - # https://github.com/NixOS/nixos-hardware/blob/master/lenovo/thinkpad/x13/yoga/3th-gen/default.nix - flake-self.inputs.nixos-hardware.nixosModules.lenovo-thinkpad-x13-yoga-3th-gen - ]; - hardware.enableRedistributableFirmware = true; - home-manager.users.l = flake-self.homeConfigurations.laptop; - boot.initrd.systemd.enable = true; - systemd.extraConfig = "DefaultLimitNOFILE=2048"; - link = { - # sway.enable = true; - # fs.zfs.enable = true; - #printing.enable = true; - fs.ntfs.enable = true; - fs.luks.enable = true; - laptop.enable = true; - common.enable = true; - main.enable = true; - cpu-intel.enable = true; - systemd-boot.enable = true; - #secrets = "/home/l/.keys"; - #wireguard.enable = true; - #wg-deep.enable = true; - # wg-link.enable = true; - domain = "x390.local"; - service-ip = "127.0.0.1"; - # xrdp.enable = true; - eth = "wlp0s20f3"; - #docker.enable = true; - #services.restic-client = { - # enable = true; - # backup-paths-sn = [ - # "/home/l/.ssh" - # "/home/l/archive" - # "/home/l/Documents" - # "/home/l/obsidian" - # "/home/l/sec" - # "/home/l/w" - # ]; - # backup-paths-sciebo = [ - # "/home/l/.ssh" - # # "/home/l/archive" - # "/home/l/doc" - # # "/home/l/Documents" - # "/home/l/obsidian" - # "/home/l/sec" - # "/home/l/w" - # ]; - # backup-paths-pi4b = [ - # "/home/l/.ssh" - # "/home/l/archive" - # "/home/l/doc" - # "/home/l/Music" - # "/home/l/obsidian" - # "/home/l/plasma-vault" - # "/home/l/sec" - # "/home/l/w" - # "/home/l/Pictures" - # "/home/l/uni" - # ]; - #}; - }; - networking.hostId = "007f0200"; - environment.systemPackages = with pkgs; - [ plasma5Packages.plasma-thunderbolt ]; - #services.fprintd = { - # enable = true; - # tod.enable = true; - # tod.driver = pkgs.libfprint-2-tod1-vfs0090; - #}; - networking.firewall.allowedTCPPorts = [ 60955 ]; - networking.firewall.allowedUDPPorts = [ 60955 ]; - networking.hostName = "x390"; - networking.domain = "monitor-banfish.ts.net"; - services.throttled.enable = lib.mkForce true; - #powerManagement.scsiLinkPolicy = "med_power_with_dipm"; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - lollypops.deployment = { - local-evaluation = true; - # ssh = { user = "l"; }; - # sudo.enable = true; - }; - #environment.systemPackages = with pkgs; [ ]; -} diff --git a/machines/x390/disk-config.nix b/machines/x390/disk-config.nix deleted file mode 100644 index 43cb9733..00000000 --- a/machines/x390/disk-config.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - disko.devices = { - disk = { - nvme0n1 = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - boot = { - priority = 1; - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "512M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "defaults" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - # disable settings.keyFile if you want to use interactive password entry - # passwordFile = "/tmp/luks.key"; # Interactive - settings = { - allowDiscards = true; - #keyFile = "/tmp/secret.key"; - }; - # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "16G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/machines/x390/hardware-configuration-x390.nix b/machines/x390/hardware-configuration-x390.nix deleted file mode 100644 index fee131ef..00000000 --- a/machines/x390/hardware-configuration-x390.nix +++ /dev/null @@ -1,55 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - #./disk-config.nix - ]; - #swapDevices = [{ device = "/.swapvol/swapfile"; }]; - boot = { - extraModulePackages = [ ]; - kernelModules = [ "kvm-intel" "usbnet" ]; - kernelParams = [ "intel_pstate=active" "resume_offset=533760" ]; - #resumeDevice = "/dev/disk/by-uuid/854c679d-ad2a-450b-830c-fd49633cbd31"; - initrd = { - availableKernelModules = - [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; - # secrets = { - # "/crypto_keyfile.bin" = null; - # }; - luks.devices = { - "root" = { - device = "/dev/nvme0n1p2"; - #keyFile="/crypto_keyfile.bin"; - #preLVM = true; - #allowDiscards = true; - }; - "swap" = { - device = "/dev/nvme0n1p3"; - #keyFile="/crypto_keyfile.bin"; - }; - }; - }; - }; - fileSystems."/" = { - device = "/dev/mapper/root"; - fsType = "ext4"; - }; - fileSystems."/boot" = { - device = "/dev/nvme0n1p1"; - fsType = "vfat"; - }; - swapDevices = [{ device = "/dev/mapper/swap"; }]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s13f0u1u4c2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = true; -} diff --git a/machines/x390/hardware-configuration.nix b/machines/x390/hardware-configuration.nix deleted file mode 100644 index f185839f..00000000 --- a/machines/x390/hardware-configuration.nix +++ /dev/null @@ -1,56 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") ./disk-config.nix ]; - #swapDevices = [{ device = "/.swapvol/swapfile"; }]; - boot = { - extraModulePackages = [ ]; - kernelModules = [ "kvm-intel" "usbnet" ]; - kernelParams = [ "intel_pstate=active" "resume_offset=533760" ]; - #resumeDevice = "/dev/disk/by-uuid/854c679d-ad2a-450b-830c-fd49633cbd31"; - initrd = { - availableKernelModules = - [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; - # secrets = { - # "/crypto_keyfile.bin" = null; - # }; - # luks.devices = { - # "luks-1e4c0964-e0dc-482c-a999-64ee1cc3725d" = { - # device = "/dev/disk/by-uuid/854c679d-ad2a-450b-830c-fd49633cbd31"; - # #keyFile="/crypto_keyfile.bin"; - # #preLVM = true; - # #allowDiscards = true; - # }; - # "luks-b6df9624-aab6-4d59-ac03-817bbb806b6c" = { - # device = "/dev/disk/by-uuid/4473a751-a85a-448f-bacf-e821bb543be4"; - # #keyFile="/crypto_keyfile.bin"; - # }; - # }; - }; - }; - # fileSystems."/" = - # { - # device = "/dev/disk/by-uuid/854c679d-ad2a-450b-830c-fd49633cbd31"; - # fsType = "ext4"; - # }; - # fileSystems."/boot" = - # { - # device = "/dev/disk/by-uuid/6F02-2160"; - # fsType = "vfat"; - # }; - # swapDevices = - # [{ device = "/dev/disk/by-uuid/4473a751-a85a-448f-bacf-e821bb543be4"; }]; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s13f0u1u4c2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; - hardware.cpu.intel.updateMicrocode = true; -} diff --git a/modules/users/l.nix b/modules/users/l.nix index bc2b715a..ed9f89d9 100644 --- a/modules/users/l.nix +++ b/modules/users/l.nix @@ -28,7 +28,6 @@ in { shell = "${pkgs.zsh}/bin/zsh"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOaLOyxsr6wgj0JoG/OrDywND2hG2nblOGUuZBPFG1U l@xn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0skthdvhy0oNOD/nbZ4H6tcMOffiNiRlquVTtdZIy/ l@x390" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI74luZ3xJcgaZYHzn5DtSpYufml+SbhZQV12gWGShS l@dn" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIj1OASl4OePBngiPlI4hixiD1GBlPOSoVNeoEcD23d+ l@fn" ]; diff --git a/modules/users/root.nix b/modules/users/root.nix index cd07d717..6adc94d8 100644 --- a/modules/users/root.nix +++ b/modules/users/root.nix @@ -7,7 +7,6 @@ in { users.users.root = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIOaLOyxsr6wgj0JoG/OrDywND2hG2nblOGUuZBPFG1U l@xn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0skthdvhy0oNOD/nbZ4H6tcMOffiNiRlquVTtdZIy/ l@x390" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINI74luZ3xJcgaZYHzn5DtSpYufml+SbhZQV12gWGShS l@dn" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIj1OASl4OePBngiPlI4hixiD1GBlPOSoVNeoEcD23d+ l@fn" ];