about summary refs log tree commit diff
path: root/configurations
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--configurations/manwe/default.nix75
-rw-r--r--configurations/melian/default.nix116
-rw-r--r--configurations/varda/default.nix9
-rw-r--r--configurations/yavanna/default.nix34
4 files changed, 7 insertions, 227 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix
index 656667e..2599d78 100644
--- a/configurations/manwe/default.nix
+++ b/configurations/manwe/default.nix
@@ -1,6 +1,5 @@
 {
   config,
-  inputs,
   lib,
   this,
   ...
@@ -11,8 +10,6 @@ with lib; {
     ./webserver.nix
   ];
 
-  secrets.wireguard-private-key-manwe.file = "${inputs.self}/secrets/wireguard-private-key-manwe";
-
   nixfiles.modules = {
     nsd = {
       enable = true;
@@ -20,10 +17,7 @@ with lib; {
     };
     unbound.enable = true;
 
-    wireguard = {
-      privateKeyFile = config.secrets.wireguard-private-key-manwe.path;
-      server.enable = true;
-    };
+    wireguard.server.enable = true;
 
     acme.enable = true;
 
@@ -44,73 +38,6 @@ with lib; {
     vaultwarden.enable = true;
   };
 
-  services.prometheus = {
-    # TODO Make this generic.
-    scrapeConfigs = with my.configurations;
-    with config.services.prometheus.exporters; [
-      {
-        job_name = "endlessh-go";
-        static_configs = [
-          {
-            targets = with config.services.endlessh-go.prometheus; [
-              "${manwe.hostname}:${toString port}"
-              "${varda.hostname}:${toString port}"
-              "${yavanna.hostname}:${toString port}"
-            ];
-          }
-        ];
-      }
-      {
-        job_name = "nginx";
-        static_configs = [
-          {
-            targets = with nginx; [
-              "${manwe.hostname}:${toString port}"
-              "${varda.hostname}:${toString port}"
-              "${yavanna.hostname}:${toString port}"
-            ];
-          }
-        ];
-      }
-      {
-        job_name = "node";
-        static_configs = [
-          {
-            targets = with node; [
-              "${manwe.hostname}:${toString port}"
-              "${varda.hostname}:${toString port}"
-              "${yavanna.hostname}:${toString port}"
-            ];
-          }
-        ];
-      }
-      {
-        job_name = "postgres";
-        static_configs = [
-          {
-            targets = with postgres; ["${manwe.hostname}:${toString port}"];
-          }
-        ];
-      }
-      {
-        job_name = "unbound";
-        static_configs = [
-          {
-            targets = with unbound; ["${manwe.hostname}:${toString port}"];
-          }
-        ];
-      }
-      {
-        job_name = "wireguard";
-        static_configs = [
-          {
-            targets = with wireguard; ["${manwe.hostname}:${toString port}"];
-          }
-        ];
-      }
-    ];
-  };
-
   networking = let
     interface = "eth0";
   in {
diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix
index 8540c24..a3dbe35 100644
--- a/configurations/melian/default.nix
+++ b/configurations/melian/default.nix
@@ -1,27 +1,9 @@
 {
-  config,
-  inputs,
   lib,
   pkgs,
   ...
 }:
 with lib; {
-  secrets = {
-    wireguard-private-key-melian.file = "${inputs.self}/secrets/wireguard-private-key-melian";
-
-    syncthing-cert-melian = with config.services.syncthing; {
-      file = "${inputs.self}/secrets/syncthing-cert-melian";
-      owner = user;
-      inherit group;
-    };
-
-    syncthing-key-melian = with config.services.syncthing; {
-      file = "${inputs.self}/secrets/syncthing-key-melian";
-      owner = user;
-      inherit group;
-    };
-  };
-
   nixfiles.modules = {
     profiles.dev = {
       containers.enable = true;
@@ -34,16 +16,9 @@ with lib; {
       steam.enable = true;
     };
 
-    wireguard = {
-      privateKeyFile = config.secrets.wireguard-private-key-melian.path;
-      client.enable = true;
-    };
+    wireguard.client.enable = true;
 
-    syncthing = with config.secrets; {
-      enable = true;
-      key = syncthing-key-melian.path;
-      cert = syncthing-cert-melian.path;
-    };
+    syncthing.enable = true;
 
     beets.enable = true;
     bluetooth.enable = true;
@@ -54,93 +29,6 @@ with lib; {
     throttled.enable = true;
   };
 
-  # TODO Move to a separate module so that it could be reused on other desktops
-  # in the future.
-  hm = {
-    home.packages = with pkgs; [
-      (aspellWithDicts (p: with p; [en ru]))
-      calibre
-      kotatogram-desktop
-      nheko
-      tor-browser
-    ];
-
-    accounts.email = {
-      maildirBasePath = "${config.my.home}/mail";
-
-      accounts = let
-        mkAccount = attrs:
-          mkMerge [
-            {
-              mbsync = {
-                enable = true;
-                create = "both";
-                expunge = "both";
-                patterns = ["*"];
-              };
-              msmtp.enable = true;
-              mu.enable = true;
-            }
-            attrs
-          ];
-
-        pass = path: "${pkgs.pass}/bin/pass show ${path}";
-      in {
-        shire = mkAccount {
-          address = my.email;
-          gpg = {
-            inherit (my.pgp) key;
-            signByDefault = true;
-            encryptByDefault = false;
-          };
-
-          primary = true;
-
-          imap.host = "shire.me";
-          smtp.host = "shire.me";
-          userName = "azahi@shire.me";
-          passwordCommand = pass "email/shire.me/azahi";
-        };
-
-        yahoo = mkAccount {
-          address = "a.gondor@yahoo.com";
-
-          imap.host = "imap.yahoo.com";
-          smtp.host = "smtp.yahoo.com";
-          userName = "a.gondor@yahoo.com";
-          passwordCommand = pass "email/yahoo.com/a.gondor";
-        };
-      };
-    };
-
-    programs = {
-      mbsync.enable = true;
-      msmtp.enable = true;
-      mu.enable = true;
-
-      ssh.matchBlocks = let
-        mkBlock = {
-          hostname,
-          port ? 22022,
-          user ? "azahi",
-        }: {
-          inherit hostname port user;
-          identityFile = "${config.my.home}/.ssh/id_ed25519";
-        };
-        mkInternalHostname = hostname: "${hostname}.${my.domain.shire}";
-      in
-        with my.configurations; {
-          # TODO Wrap this.
-          manwe = mkBlock {hostname = mkInternalHostname "manwe";};
-          manwe-init = mkBlock {hostname = manwe.ipv4.address;};
-          varda = mkBlock {hostname = mkInternalHostname "varda";};
-          varda-init = mkBlock {hostname = varda.ipv4.address;};
-          yavanna = mkBlock {hostname = mkInternalHostname "yavanna";};
-          yavanna-init = mkBlock {hostname = yavanna.ipv4.address;};
-        };
-    };
-  };
-
   networking = {
     interfaces = {
       eth0.useDHCP = true;
diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix
index 313d2fb..7efeb61 100644
--- a/configurations/varda/default.nix
+++ b/configurations/varda/default.nix
@@ -1,18 +1,11 @@
 {
-  config,
-  inputs,
   lib,
   this,
   ...
 }:
 with lib; {
-  secrets.wireguard-private-key-varda.file = "${inputs.self}/secrets/wireguard-private-key-varda";
-
   nixfiles.modules = {
-    wireguard = {
-      privateKeyFile = config.secrets.wireguard-private-key-varda.path;
-      client.enable = true;
-    };
+    wireguard.client.enable = true;
 
     games.minecraft.server = {
       enable = true;
diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix
index 3ed114e..d390e40 100644
--- a/configurations/yavanna/default.nix
+++ b/configurations/yavanna/default.nix
@@ -1,45 +1,17 @@
 {
-  config,
-  inputs,
   lib,
   this,
   ...
 }:
 with lib; {
-  secrets = {
-    wireguard-private-key-yavanna.file = "${inputs.self}/secrets/wireguard-private-key-yavanna";
-
-    syncthing-cert-yavanna = with config.services.syncthing; {
-      file = "${inputs.self}/secrets/syncthing-cert-yavanna";
-      owner = user;
-      inherit group;
-    };
-
-    syncthing-key-yavanna = with config.services.syncthing; {
-      file = "${inputs.self}/secrets/syncthing-key-yavanna";
-      owner = user;
-      inherit group;
-    };
-  };
-
   nixfiles.modules = {
-    wireguard = {
-      privateKeyFile = config.secrets.wireguard-private-key-yavanna.path;
-      client.enable = true;
-    };
+    wireguard.client.enable = true;
 
-    syncthing = with config.secrets; {
-      enable = true;
-      key = syncthing-key-yavanna.path;
-      cert = syncthing-cert-yavanna.path;
-    };
+    syncthing.enable = true;
 
     acme.enable = true;
 
-    rtorrent = {
-      enable = true;
-      flood.enable = true;
-    };
+    rtorrent.enable = true;
   };
 
   networking = let

Consider giving Nix/NixOS a try! <3