From 067b632288a85d471b32a6bb0be864ab672d30e2 Mon Sep 17 00:00:00 2001 From: Markus Schmidl Date: Fri, 24 Nov 2023 16:00:45 +0100 Subject: [PATCH] remove data-hoarder-borken --- .sops.yaml | 11 --- flake.nix | 10 --- hosts/borken-data-hoarder/default.nix | 86 ------------------- secrets/data-hoarder-borken/secrets.yaml | 103 ----------------------- 4 files changed, 210 deletions(-) delete mode 100644 hosts/borken-data-hoarder/default.nix delete mode 100644 secrets/data-hoarder-borken/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index fa5aca8..9cb8b2e 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,6 @@ keys: - &data-hoarder age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2 - &data-hoarder-staging age1m4g4y5ga2m8xdvs7rarda3tyk4gtkyta6pfyq2n3xmy47z20kfxq73m8r8 - - &data-hoarder-borken age10wj28zkuy3ewmv6hmup7849667qmevgdv4gxa8vyljye7mpu7shsjt4jeh - ¬ice-me-senpai age1wxewmzwlzgtsmr29tnu76n30kv29ra5p0ptvr2e3f3ymkqh569kqm07fv4 - &tram-borzoi age10sedt7xftzu383y8g4pxsj0hazht8tnnxhcngedcsl93s4v9uvvsk99er4 - &uranus age1xnaw8ssrq2hpsntnt8kdu4dlqh4lz3dcq5lzwn490cskz886te6sreuale @@ -76,16 +75,6 @@ creation_rules: age: - *data-hoarder - *data-hoarder-staging - - path_regex: secrets/data-hoarder-borken/[^/]+\.yaml$ - key_groups: - - pgp: - - *admin_oxa - - *admin_revol-xut - - *admin_marenz-1 - - *admin_marenz-2 - age: - - *data-hoarder - - *data-hoarder-borken - path_regex: secrets/notice-me-senpai/[^/]+\.yaml$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index 18ab056..18a207d 100644 --- a/flake.nix +++ b/flake.nix @@ -236,7 +236,6 @@ packages = { staging-microvm = self.nixosConfigurations.staging-data-hoarder.config.microvm.declaredRunner; - borken-microvm = self.nixosConfigurations.borken-data-hoarder.config.microvm.declaredRunner; data-hoarder-microvm = self.nixosConfigurations.data-hoarder.config.microvm.declaredRunner; } // (import ./pkgs/deployment.nix { inherit self pkgs lib; }) @@ -269,15 +268,6 @@ ] ++ data-hoarder-modules; }; - borken-data-hoarder = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { inherit inputs self; }; - modules = [ - ./hosts/borken-data-hoarder - microvm.nixosModules.microvm - ] ++ data-hoarder-modules; - }; - notice-me-senpai = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs self; }; diff --git a/hosts/borken-data-hoarder/default.nix b/hosts/borken-data-hoarder/default.nix deleted file mode 100644 index cd76f30..0000000 --- a/hosts/borken-data-hoarder/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, self, ... }: -let - mac_addr = "00:de:5b:f9:e2:3e"; -in -{ - microvm = { - vcpu = 4; - mem = 4096; - hypervisor = "qemu"; - socket = "${config.networking.hostName}.socket"; - - interfaces = [{ - type = "tap"; - id = "serv-dvb-bork"; - mac = mac_addr; - }]; - - shares = [{ - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "store"; - proto = "virtiofs"; - socket = "store.socket"; - } - { - source = "/var/lib/microvms/borken-data-hoarder/etc"; - mountPoint = "/etc"; - tag = "etc"; - proto = "virtiofs"; - socket = "etc.socket"; - } - { - source = "/var/lib/microvms/borken-data-hoarder/var"; - mountPoint = "/var"; - tag = "var"; - proto = "virtiofs"; - socket = "var.socket"; - }]; - }; - - networking.hostName = "borken-data-hoarder"; - - time.timeZone = "Europe/Berlin"; - - networking.useNetworkd = true; - - - sops.defaultSopsFile = self + /secrets/data-hoarder-borken/secrets.yaml; - deployment-TLMS.net = { - iface.uplink = { - name = "ens3"; - mac = mac_addr; - matchOn = "mac"; - useDHCP = false; - addr4 = "172.20.73.39/25"; - dns = [ "172.20.73.8" "9.9.9.9" ]; - routes = [ - { - routeConfig = { - Gateway = "172.20.73.1"; - GatewayOnLink = true; - Destination = "0.0.0.0/0"; - }; - } - ]; - }; - - wg = { - addr4 = "10.13.37.7"; - prefix4 = 24; - privateKeyFile = config.sops.secrets.wg-seckey.path; - publicKey = "jUQxEav0M5pmkcdCri7R4mryB5Q3ksnn276FYeGCHQ0="; - }; - - }; - - deployment-TLMS.domain = "borken.tlm.solutions"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "22.11"; # Did you read the comment? -} diff --git a/secrets/data-hoarder-borken/secrets.yaml b/secrets/data-hoarder-borken/secrets.yaml deleted file mode 100644 index 5ba3b65..0000000 --- a/secrets/data-hoarder-borken/secrets.yaml +++ /dev/null @@ -1,103 +0,0 @@ -wg-seckey: ENC[AES256_GCM,data:b0QcY/9TKPG8lyxUrIHU3Re8r4X9PM+hewPTEvVteKQq2t71zrR49OlYoO4=,iv:ufxvGhjk01FcgERZtp8C2U351LOoSrIiH8LmiQLdFuU=,tag:XnOHL2um0C14OmNL32di7A==,type:str] -postgres_password: ENC[AES256_GCM,data:7lEBJLa1BQ7Y,iv:keUinQS68xGcKb10jjQDSDcbVsagoVJhJ9//AC8enBI=,tag:+h8ltz+PMZMhl6O0SxFlhw==,type:str] -postgres_password_grafana: ENC[AES256_GCM,data:7UmDdje0/guR,iv:bvAt/6mnPS4q663teBzJn7+TLxZVbKmHIJKK4TX7BGY=,tag:+GSZy4OWMHp5WqATle5VEQ==,type:str] -postgres_password_hash_salt: ENC[AES256_GCM,data:WALvYBu6UwaP3kk=,iv:m5G08JoBy3IPzJzZL/OxE3nmDlVuCP755Am2nojTl4Q=,tag:TvQDSDafcHgSwtQPyEZEMg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1djp5hk6vpm5glzqy9h2e2cgam5xydx888glgs85kvs57spaf8v0sfm0pa2 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dFRYQVBJaWFMSkdRN1h5 - QjZXajQwdEpWcDhnUzhNbFhwSzgycmttZWtnCjhBNko1WUZuZm8rRVV4ai9sWHRT - aE5pN1Q5U2llZEhzV082OUs4WEIxblUKLS0tIEhuQkFjSDNEb0psVHB4NVVUZjUv - eVZQNyswY1diOS9CN2R0bTUvajhIYVkKA+7ffa20N/IW3wIiQpX6WsfV17OVXEE/ - XUvkn/7wuHrGASosuIXNzUtoqnFgBDdhWHa3MSUURMQ3W4NEYrRmIA== - -----END AGE ENCRYPTED FILE----- - - recipient: age10wj28zkuy3ewmv6hmup7849667qmevgdv4gxa8vyljye7mpu7shsjt4jeh - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDNjJiSXNXeDlhc3V4bllW - QUFJbXZLb2RCQjA1Y1R4bnpWWktXbFUzQnhvCmhHQjB6eDV3bVJ0U3dWM082cVdk - cGY2QnU1TUZFVWJkR3J5cUJIUjJZOHcKLS0tIEJSczNidnVINUZtM1IxbE5RV0tl - Nzk0SnJzNmlaRmVlTDRjckZrdkdXQjQK1Qow+N3XCITfUeFbLunUVxgcAwWI9UUq - Tc29hy4VzIppR5KqrQ7vbOQPut9/JPovGINyl1wrqbo0z1P4RVJAcg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-01T02:15:23Z" - mac: ENC[AES256_GCM,data:z7/83Sch5rrtdy/b1gTxhRFLnZtNsJYtAOGjPVxbk07btKnwz24gflkoYcyDYzNLsAfxBI8ht4S7ZBTHbi/6PkF7QCvWFR8WuHDc9pKYLf4UmkKA+98sGsoIe0y9oDamb7Bh1a3J4SW4/7wPiCzMQHqeohDTzwQ5OxX14GSKQoU=,iv:+ujuMkU1pzP3oop6JlCkLbpWSUr7HK7oEw4/4+PIw04=,tag:DOcGlEV2qFgFjMWS/5ACoQ==,type:str] - pgp: - - created_at: "2023-05-01T04:55:48Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMA7zUOKwzpAE7ARAAhakYMsv72V4qZs6ulA3dFlteJhAS3T3p13rooTpYNAiQ - BWhqZR36REaauKtuA7TxhM+QHHEf4sYQ1Oks664kp1e7N1IwSe3TkmrJzhBpfJ3/ - f0s80jBTdIx3ZUVivV9E6G8ly3L/PoQyKvER/p/D82fHpbCWcRLidph4DOKpXCcR - eW1FMXAw5vgxSvvOwTeS0WRUD4djjjnjBp1ikgZAjb74hXB5p/hS/lmIYZ45CtTR - FONmwJOSWL0ssXe558yJ3AeL9Ut7gK0UvR6ccR+Xi6Yb5YrvkM3mzJyZZEgb4/IK - tQKAmpWXD3YYMcjpmDlzVHcQArfoXr0rM1KFUBfycRkAxl8E0OvkJRh8pzCZTHbk - 4hglDs+fTd2qTrTCcrYwSQ1TlX9EmzUna7QIdPhpO17uXCvLWfr5bk6Y1DbpZA7a - xExTPcrIVwXr8cR77LIC5/onKylKK94zNlpDWG9bXS7iGc7fnm8pT9VM45yNFdS3 - 2A3NTbKPniou5Lu+kCd4IKf4jBDu87OqoMidYI7iviS7Ya0E/8uowFFWVBdlty++ - p1oKghOUIDgnxEGGdN+0nDJ1+K51CqGtk3a5F2RdJ5F8PRVGHbaS0HSqftT0TBnY - LSXTaIYxjv3S4adsYLcy54sLTRuPrHHsVPEB0bHK1EhMxLV2BFGXTMELFHc+31PS - UQFoCL64dI+aD8XhQTNJq4ZeaZmEK08lWdGpZWf+6k1uVi4n/j/HTm9S+nYOvv5l - mIM4f5Lt+OVpXwTVoEc338wEGOKNsRTVKp8GgRrWayS4Dw== - =eSbT - -----END PGP MESSAGE----- - fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C - - created_at: "2023-05-01T04:55:48Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQIMA/YLzOYaRIJJAQ/+P9VQnRpo7qEfb8ONxAJ3SMQOv0KsIO/O6Jt+C0ad5W4h - cy5kN0YzfLg+fnBLhwnsQuVuhpt8YJkl6LQl7TysMUsc8B2opfJMhrXkG6sapY9z - v4DF+D0sPO1gnu1VJ4a+q66CpEdkHuS3vDss25xT9RomtRc5yM2B29+qZSCmitj/ - VkufiDOOndBYByVzJ6BXiIHpTdQxDZfrL40k8cY09+fHW+O5550+6TX8pvpwKB0p - SdtDcQAENosYjCgTgZk0Nf6X28ssWs1vwzsq/IssjEluOnRqOjlvwC3YcfvYhizN - kO2lFAxTdgbPwnqcRW5/oSC8uHs2MgWa2axAG841xr1Szlyk0SRM3gjUSMq8AscT - GSdVwWIPH9lky7ZFWiLxizZzfIOHad+Xwt78gAHBQEpggNqThoiXs081q7s7wzHE - DHThYkOJKWEi2xvOaSUKA6cTZSm8epWVBT+MWtibp+Qqzpruqj3qIsCNYw5D0Zl2 - HaAU7I7Al+tIuItB6laWXXPp9QMwmCn28PbU9rGpYVtJEJ5n8oZKzg1xAmmkkOSD - UUA0e5++DfZAZHsgCaiGDvwQM/5vKJixGDNP2+JOEu+NFL/0fmGuDI2ISC07GUe+ - 7HAAT7CH7cBweO3P9K4+aO7+GGBnBIGIeYrW+027wdy11GhL+ODBw9ZynhFHQC3S - XgEwR96tHyGiIPhGKT9PxcK+2asuDTxSgw2YV8DdOaVskL/xhuG6jG7/19f/h+AD - iiMjm+OL1kzHrS/PktmOgxmwg0Hu9Q0j5A7PPqMrd/xY61Cnaj7HcKdNWD3pYwA= - =Lmii - -----END PGP MESSAGE----- - fp: 91EBE87016391323642A6803B966009D57E69CC6 - - created_at: "2023-05-01T04:55:48Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQEMA1N/l9+zlMQzAQgAp5lpYqMolYFOJtiIPxHdMbkUXZf9X9OMP2Bm/90TO25o - J52eYn4NagTbGBpl4nqndMtZKAs2AmJeeX2eR3c7Q51eE+D9LijonA0T3x7q9HN+ - OXXDTGyX/RvIroWhzCCiftXvzZHhHYXCqcpcQ2CzSCOflMbSTh21ZUVEt97u29HL - V7LRILU3BaQ4Z/i1S8abFoBF/qBjVljoiKvWb5mySulrH33D1L/v6mwqYN1VKMiD - TbYPOuD7ou5i74wwwjGn3Y+Klq/oGZorskVHH/rfEQExXHeeC4zCzYBLhohvmJxW - 7azPF28DXLra/FjdtWy97Bh++9gf7BX0PC3OEuM7adJeAU7t0bJaKc4Ww7xFCHj2 - YcYrXcCctHMfDtpMs4sgZ8j4Quxk9/+9JJn6jD5q1p5DFP9Pbm8OJuEgBraxFLZH - SM1US3+TA+5ZzxJTPuHVONNaRy94rtJJRRZpgZlKfw== - =GP7Z - -----END PGP MESSAGE----- - fp: 069836A578F7939612DB4934F77D0F7E247A1EE4 - - created_at: "2023-05-01T04:55:48Z" - enc: | - -----BEGIN PGP MESSAGE----- - - hQEMA1N/l9+zlMQzAQf+O12zDC/pFf1H5kie/Uyty712QZxlWmnWRkoiAVk/J3j9 - Pq5VBnlmNzaNDtD5UOQEUPf2669QrzkAVs4NjnQrRwImX9q3/Z6fS2TPZ2LTbZp3 - 1dS1H/jhWfdTAFc9C2GEU/5hrVZ46TwsrGbo47dg8vofcG0vCWg6IxfF1RFhDdtI - C2ZqCF+/IyNigvL8nNejIz9fRqi3BWHWIOV9H8XXzL+E1OBcO90mkcRZg6NPRy/u - o1J8D+PK22chskDwfoNkN5DKl6pd6nlE4iyYGaIRUz4ftcCC8iqZLhzJ8evTd6KN - tB2VX20VaZRcYBaq/VOmKYpDpHkXMKgHM2Fmuq5ZSdJeAd3n6xfulH5m8rw1gwCQ - wL5nYALACdvHZglQ6yiIZZ++qWLXT86FZqyOXWOXhjIG/+mUkoKTCZg6ZDGJMfbf - oNTYVdIKdgyIAlLubGW4SgoComjHiBBxbH2KZQouYA== - =T06/ - -----END PGP MESSAGE----- - fp: ED06986DFAAE6A61B751DC2F537F97DFB394C433 - unencrypted_suffix: _unencrypted - version: 3.7.3