diff --git a/flake-parts/iso.nix b/flake-parts/iso.nix deleted file mode 100644 index 92cf348..0000000 --- a/flake-parts/iso.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ inputs, self, ... }: -{ - perSystem = - { system, lib, ... }: - { - packages.iso = - (inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - inherit (self) allHosts; - }; - - modules = lib.singleton ( - { - config, - inputs, - pkgs, - allHosts, - ... - }: - { - nixpkgs.hostPlatform = system; - - nix.settings.experimental-features = [ "pipe-operators" ]; - - networking = { - hostName = "installer"; - wireless.enable = false; - networkmanager.enable = true; - }; - - console.keyMap = "de-latin1-nodeadkeys"; - - boot.supportedFilesystems = { - zfs = false; - bcachefs = true; - }; - - environment.systemPackages = [ inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.default ]; - - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - users.users.root.openssh.authorizedKeys.keyFiles = - allHosts - |> lib.attrValues - |> lib.filter (host: host.config.networking.hostName != config.networking.hostName) - |> lib.filter (host: host.config |> lib.hasAttr "home-manager") - |> lib.map (host: host.config.home-manager.users.seb.custom.programs.ssh) - |> lib.filter (ssh: ssh.enable) - |> lib.map (ssh: ssh.publicKeyFile); - } - ); - }).config.system.build.images.iso-installer; - }; -} diff --git a/hosts/nas/default.nix b/hosts/nas/default.nix deleted file mode 100644 index 1649383..0000000 --- a/hosts/nas/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ self, ... }: -{ - imports = [ self.nixosModules.server-profile ]; - - system.stateVersion = "25.11"; - - custom = { - boot.loader.grub.enable = true; - - networking = { - overlay = { - address = "10.254.250.6"; - isLighthouse = true; - }; - underlay = { - interface = "enp2s0"; - cidr = "192.168.0.64/24"; - isPublic = true; - gateway = "192.168.0.1"; - }; - }; - - services.dns.enable = true; - }; -} diff --git a/hosts/nas/disko.nix b/hosts/nas/disko.nix deleted file mode 100644 index b1c4d38..0000000 --- a/hosts/nas/disko.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ - disko.devices = { - nodev."/" = { - fsType = "tmpfs"; - mountOptions = [ - "defaults" - "mode=755" - ]; - }; - disk = { - nvme0n1 = { - type = "disk"; - device = "/dev/disk/by-id/nvme-eui.002538b581b34925"; - content = { - type = "gpt"; - partitions = { - swap = { - size = "8G"; - content.type = "swap"; - }; - root = { - size = "100%"; - content = { - type = "bcachefs"; - filesystem = "rootfs"; - label = "nvme.nvme0n1"; - extraFormatArgs = [ - "--discard" - "--durability=0" - ]; - }; - }; - }; - }; - }; - sda = { - type = "disk"; - device = "/dev/disk/by-id/ata-CT1000BX500SSD1_2527E9C5CD54"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot1"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "bcachefs"; - filesystem = "rootfs"; - label = "sata.sda"; - extraFormatArgs = [ - "--discard" - "--durability=1" - ]; - }; - }; - }; - }; - }; - sdb = { - type = "disk"; - device = "/dev/disk/by-id/ata-Samsung_SSD_860_QVO_1TB_S4CZNF1N102994T"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot2"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - content = { - type = "bcachefs"; - filesystem = "rootfs"; - label = "sata.sdb"; - extraFormatArgs = [ - "--discard" - "--durability=1" - ]; - }; - }; - }; - }; - }; - }; - bcachefs_filesystems.rootfs = { - type = "bcachefs_filesystem"; - extraFormatArgs = [ - "--replicas=2" - "--compression=lz4" - ]; - subvolumes = { - nix.mountpoint = "/nix"; - persist.mountpoint = "/persist"; - }; - }; - }; -} diff --git a/hosts/nas/hardware.nix b/hosts/nas/hardware.nix deleted file mode 100644 index ac0e37c..0000000 --- a/hosts/nas/hardware.nix +++ /dev/null @@ -1,33 +0,0 @@ -_: { - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - kernelModules = [ "kvm-intel" ]; - initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "sd_mod" - "sdhci_pci" - ]; - - supportedFilesystems = [ "bcachefs" ]; - - loader = { - efi.canTouchEfiVariables = true; - grub = { - efiSupport = true; - mirroredBoots = [ - { - devices = [ "nodev" ]; - path = "/boot1"; - } - { - devices = [ "nodev" ]; - path = "/boot2"; - } - ]; - }; - }; - }; -} diff --git a/hosts/nas/keys/age.pub b/hosts/nas/keys/age.pub deleted file mode 100644 index aafc50b..0000000 --- a/hosts/nas/keys/age.pub +++ /dev/null @@ -1 +0,0 @@ -age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq diff --git a/hosts/nas/keys/nebula.crt b/hosts/nas/keys/nebula.crt deleted file mode 100644 index 19c8c8c..0000000 --- a/hosts/nas/keys/nebula.crt +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN NEBULA CERTIFICATE V2----- -MIGsoEaAA25hc6EHBAUK/voGGKMIDAZzZXJ2ZXKFBGmfZhaGBGsoffSHIBVD/hlb -qt7XLMVqDE4DhIQzJRBaXtQIwm5gRTI7c0VogiAZe96epRDtw/rMTdFK2zGNir1I -wMaj+yBQZk7+5zkMdYNAq9DkNJ5a+W5M27gkxC4iNpi5+HhQksJpuQyRJthGmoUK -+cBkIymP7vlwF1rWRIUAwFiuhSlKvKg9H6RrM5mGBw== ------END NEBULA CERTIFICATE V2----- diff --git a/hosts/nas/keys/nebula.pub b/hosts/nas/keys/nebula.pub deleted file mode 100644 index 606460d..0000000 --- a/hosts/nas/keys/nebula.pub +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN NEBULA X25519 PUBLIC KEY----- -GXvenqUQ7cP6zE3RStsxjYq9SMDGo/sgUGZO/uc5DHU= ------END NEBULA X25519 PUBLIC KEY----- diff --git a/hosts/nas/secrets.json b/hosts/nas/secrets.json deleted file mode 100644 index 966595f..0000000 --- a/hosts/nas/secrets.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "seb-password": "ENC[AES256_GCM,data:sCMOhgNrWyGVRUlL0bFTjaXXd8/tQJI43yPfAHzzWu1M5KYzPu0G7GhzjsGUNIwYeP8CO01Zh6zqkBy1h4dNbuX8NvuVJDWZjA==,iv:ClzISC4OJ/EFHQI420D+JkdC18ZdB9I7bwnZDWa0pHs=,tag:oMfHJgyhb4tPoTg9OsB7BA==,type:str]", - "nebula": { - "host-key": "ENC[AES256_GCM,data:lFOyE+dn5Gg5qfOywA673g6x120unVNMiYG/bmkXAdGMCwUi4vknSIY4vDJsKNR5YAZJ26x6Ezboj9aM2pRzXwZC7duaGpkCNwMQS5+j+T/ClZOptFLaLnxnWNcLfVkupRr4uyAb2DlyTPI2uUGJFVWCKRric04fyOTd8T0TzQ==,iv:2se7H9YWtPIScMq5hCZyirM6KS9cVnlv/HPnlh2swfE=,tag:/N+Ewdl1tH9o6LVuoTSTcA==,type:str]" - }, - "porkbun": { - "api-key": "ENC[AES256_GCM,data:eWZXxOfCQ7fXqwUAtsD968EjOeibkFbBeClNmazPk7uEtSR+WnpteB2pY0VFSEQhTKN7zCunKcfkKiSiG0C9r0TXxYM=,iv:FHmy/gR1Zzpro2Vm2e13nfTkHGEGwyw+81CDgkVlbYM=,tag:e4nBvSgw3wJU8viSp23Fjw==,type:str]", - "secret-api-key": "ENC[AES256_GCM,data:6Ss1wkeNMlnkwFtoytwtSHsIbpZN+CmPVshGu7GZfAH8FsHpc/Xyj8D1TRaUGpOI4gz/II4P/LZnmPR5bZ521MxbL+o=,iv:ycpfMGtis8l8TYj2sMO1plSNPKnFzBDF6i6xhxDabx4=,tag:WZCj0CDaPJ1vL6cap2rGvA==,type:str]" - }, - "sops": { - "age": [ - { - "recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQ0w4S1lHL21ld0Z1bDho\nMUV6UnpUYTdZZGZmSHRaK3MycVUvcitXU0M4CjdESGdwb2pnaXRkdnhIVGlvNW51\nRG4yVnFsUGIzSU16aUtuaFkxQlhGZjAKLS0tIGlFTUs4blhvYjFnS2lKcHp1MElu\neW5OV2FOYXEyUHhrQ3JlRnQ5MlRCNDgKo1abZY7O16Tqd+qMeeQtS+3aLB3bsi3g\nlSvatQ9R8D9Ogk8J7D1crrD8KMEX6Ob3Wov9OhY4tPSGfkRq61TLkw==\n-----END AGE ENCRYPTED FILE-----\n" - }, - { - "recipient": "age1p582v7x0k36csmtp66a0j28j5u5slruqqkfh6kkqutkmsquwdups3xd2lq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXOVRQU1R4VlBhdEFUdnR6\nZFNuNldaSkxJL3ptOVVscjRBNkQ4dFBmQUVBCmZrQmFMV0hWbTBQcm1FS3JrR0ZC\nbktvT04xczd6VkdCUWk2NnVVZHNFWkUKLS0tIGUwOHJSMHVsNTEyZEU2VWJFNGVy\nMVFDVThrRGQwZEtPeFYzZUVQYi80ZjAKUd/XzyzqMkMowvyeCnQDbOGJDKbuAUQb\nFClQuiH5iSQQrVPw7SHBNgdqbcdtC+hZ4tpPaV/wWtlpcqpr5mBJSA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2026-02-25T19:43:39Z", - "mac": "ENC[AES256_GCM,data:2pIwmbnsgL5DmZqeZQrnHHNXU1tNdGayytKFD0/g8GM1RQGDL2vGf8J/LX2JkpOeqeG/7q0t0Aa9ABeIGMNjAFSm0RIM6CIHVugPUx+mD7eziof6MRZ2LIzhlI49htxngToHBgOLnmWQt+7AueoLIowqkrP5d2ocbwmb8ObXaoo=,iv:IoLdmrRzmSN+3rr1ogeAOz8fVBoyH+ttZnco6rtmvR4=,tag:Bjco8HoAaplUuyxNMxjEIg==,type:str]", - "unencrypted_suffix": "_unencrypted", - "version": "3.11.0" - } -} diff --git a/modules/system/services/nebula/default.nix b/modules/system/services/nebula/default.nix index edc86ee..bce4a75 100644 --- a/modules/system/services/nebula/default.nix +++ b/modules/system/services/nebula/default.nix @@ -122,18 +122,11 @@ in networking.firewall.trustedInterfaces = [ netCfg.overlay.interface ]; - systemd = { - services."nebula@mesh" = { - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - }; - - network.networks."40-nebula" = { - matchConfig.Name = netCfg.overlay.interface; - address = [ netCfg.overlay.cidr ]; - dns = netCfg.overlay.dnsServers; - domains = [ netCfg.overlay.domain ]; - }; + systemd.network.networks."40-nebula" = { + matchConfig.Name = netCfg.overlay.interface; + address = [ netCfg.overlay.cidr ]; + dns = netCfg.overlay.dnsServers; + domains = [ netCfg.overlay.domain ]; }; }; }