diff --git a/flake.nix b/flake.nix
index 0d7f5fd1..37de9d59 100644
--- a/flake.nix
+++ b/flake.nix
@@ -31,11 +31,6 @@
system = "aarch64-linux";
};
- server7 = nixpkgs.lib.nixosSystem {
- modules = [ ./hosts/server7 hydra.nixosModules.hydra ];
- system = "x86_64-linux";
- };
-
};
nixosModules.c3d2 = import ./lib;
diff --git a/host-registry.nix b/host-registry.nix
index f26044ba..f8135a4f 100644
--- a/host-registry.nix
+++ b/host-registry.nix
@@ -59,8 +59,6 @@ rec {
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKQCZ7f7bqRC6B72oMu7BCItZxZnWsqx9Th/2iBRvtIFggr4YNi7Pbw3cc68NVbm0u7feUUgH5LDiXVpig3b7Gw=
'';
};
- server7.publicKey =
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
storage.publicKey = "storage.ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbjG4uY8A0IJHRKjiQwt9JbuLDNVaTcwNJN8J4z6mgX";
};
diff --git a/hosts/hydra/hydra.nix b/hosts/hydra/hydra.nix
index f00d958f..5864ec7e 100644
--- a/hosts/hydra/hydra.nix
+++ b/hosts/hydra/hydra.nix
@@ -3,26 +3,13 @@
{
nix = {
binaryCaches = [
- "https://cache.server7.hq.c3d2.de"
"https://cache.nixos.org"
- "https://cache.dhall-lang.org"
];
binaryCachePublicKeys = [
- "cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
- "cache.dhall-lang.org:I9/H18WHd60olG5GsIjolp7CtepSgJmM2CsO813VTmM="
];
extraOptions = ''
allowed-uris = http:// https://
'';
- buildMachines = [{
- hostName = "server7.hq";
- sshUser = "hydra";
- sshKey = "/var/lib/hydra/queue-runner/id_rsa";
- system = "x86_64-linux";
- speedFactor = 2;
- supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
- maxJobs = 8;
- }];
};
services.hydra = {
diff --git a/hosts/server7/borgbackup.nix b/hosts/server7/borgbackup.nix
deleted file mode 100644
index 0801a910..00000000
--- a/hosts/server7/borgbackup.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ config, ... }:
-
-{
- services.borgbackup.repos.emery = {
- allowSubRepos = true;
- authorizedKeys = config.users.users.emery.openssh.authorizedKeys.keys;
- path = "/srv/ceph/c3d2/backups/emery";
- quota = "200G";
- };
-}
diff --git a/hosts/server7/containers/README b/hosts/server7/containers/README
deleted file mode 100644
index 2930672f..00000000
--- a/hosts/server7/containers/README
+++ /dev/null
@@ -1,4 +0,0 @@
-Each directory containing a file "default.nix" is
-evulated as a container guest configuration.
-
-See ./default.nix for the implementation.
diff --git a/hosts/server7/containers/adc/default.nix b/hosts/server7/containers/adc/default.nix
deleted file mode 100644
index 365f3b37..00000000
--- a/hosts/server7/containers/adc/default.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
- config = { config, pkgs, lib, ... }: {
- imports = [ ../inner-defaults.nix ];
-
- c3d2.hq.yggdrasil.enableGateway = true;
-
- networking.firewall.allowedTCPPorts = [ config.services.uhub.port ];
-
- networking.interfaces.eth0.ipv6.addresses = [{
- address = "310:5217:69c0:9afc:0:576d:1184:c3d2";
- prefixLength = 64;
- }]; # Old address used by some clients
-
- services.uhub = {
- enable = true;
- enableTLS = false;
- hubConfig = ''
- hub_name=c3d2
- hub_description=<<>
- '';
- plugins.history.enable = true;
- plugins.welcome = {
- enable = true;
- motd = config.users.motd;
- };
- };
-
- };
-
-}
diff --git a/hosts/server7/containers/default.nix b/hosts/server7/containers/default.nix
deleted file mode 100644
index e26eb748..00000000
--- a/hosts/server7/containers/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ lib, ... }:
-
-let
- containerFunc = name:
- # Generate a container expression from the directory at `name`.
- {
- inherit name;
- value = import (./. + "/${name}") name;
- };
-
- containerDir = builtins.readDir ../containers;
- containerSubdirs =
- lib.filterAttrs (_: kind: kind == "directory") containerDir;
- containerNames = builtins.attrNames containerSubdirs;
-
- containers = builtins.listToAttrs (map containerFunc containerNames);
-
-in {
- boot.enableContainers = true;
- inherit containers;
-
- imports = [ ../../../lib/lxc ];
- lxc.containers = {
- trivial = {
- nixos-config = "/tmp/trivial.nix";
- lxc = { };
- };
- };
-}
diff --git a/hosts/server7/containers/hydra7/default.nix b/hosts/server7/containers/hydra7/default.nix
deleted file mode 100644
index 5ad2522b..00000000
--- a/hosts/server7/containers/hydra7/default.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- ephemeral = true;
-
- config = { config, pkgs, lib, ... }: {
- imports = [ ../inner-defaults.nix ];
- c3d2.hq.yggdrasil.enableGateway = true;
- networking.firewall.enable = false;
- networking.interfaces.eth0.useDHCP = true;
- security.acme = {
- acceptTerms = true;
- email = "mail@c3d2.de";
- };
- services.nginx = {
- enable = true;
- recommendedGzipSettings = true;
- recommendedProxySettings = true;
- virtualHosts = {
- "hydra7.hq.c3d2.de" = {
- forceSSL = true;
- enableACME = true;
- locations."/".proxyPass = "http://172.22.99.245:3000";
- };
- "hydra7.y.c3d2.de" = {
- default = true;
- addSSL = false;
- locations."/".proxyPass = "http://172.22.99.245:3000";
- };
- };
- };
- };
-
-}
diff --git a/hosts/server7/containers/inner-defaults.nix b/hosts/server7/containers/inner-defaults.nix
deleted file mode 100644
index 1f333307..00000000
--- a/hosts/server7/containers/inner-defaults.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ ... }: {
- imports = [ ../../../lib ];
- c3d2 = {
- isInHq = true;
- mapHqHosts = true;
- hq.interface = "eth0";
- };
-}
diff --git a/hosts/server7/containers/mpd-index/default.nix b/hosts/server7/containers/mpd-index/default.nix
deleted file mode 100644
index c84d0b54..00000000
--- a/hosts/server7/containers/mpd-index/default.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- bindMounts."/mnt/music" = {
- hostPath = "/srv/ceph/c3d2/rpool/Music";
- isReadOnly = true;
- };
-
- config = { config, pkgs, lib, ... }:
-
- {
- imports = [ ../inner-defaults.nix ];
-
- services.mpd = {
- enable = true;
- network.listenAddress = "any";
- musicDirectory = "/mnt/music";
- extraConfig = ''
- default_permissions "read,add,control,admin"
-
- audio_output {
- type "null"
- name "My Null Output"
- }
-
- filesystem_charset "UTF-8"
- '';
- };
-
- };
-
-}
diff --git a/hosts/server7/containers/ncdc/default.nix b/hosts/server7/containers/ncdc/default.nix
deleted file mode 100644
index 4fdd3bdf..00000000
--- a/hosts/server7/containers/ncdc/default.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- bindMounts."/srv/ceph/c3d2" = {
- hostPath = "/srv/ceph/c3d2";
- isReadOnly = true;
- };
-
- config = { config, pkgs, lib, ... }:
- let ncdcPort = 1512;
- in {
- imports = [ ../inner-defaults.nix ];
-
- c3d2 = {
- users.k-ot = true;
- hq.statistics.enable = true;
- hq.yggdrasil.enableGateway = true;
- };
-
- services.openssh.enable = true;
- programs.mosh.enable = true;
-
- environment.systemPackages = with pkgs; [ tmux ncdc ];
-
- networking.firewall.enable = false;
- };
-
-}
diff --git a/hosts/server7/containers/nfs/default.nix b/hosts/server7/containers/nfs/default.nix
deleted file mode 100644
index f4047864..00000000
--- a/hosts/server7/containers/nfs/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- bindMounts."/srv/nfs" = {
- hostPath = "/srv/ceph/c3d2/nfs";
- isReadOnly = true;
- };
-
- config = { config, pkgs, lib, ... }: {
- imports = [ ../inner-defaults.nix ];
-
- c3d2.hq.statistics.enable = true;
-
- services.nfs.server = {
- enable = true;
- exports = "/srv/nfs *(rw)";
- };
-
- networking.firewall.enable = false;
- };
-
-}
diff --git a/hosts/server7/containers/outer-defaults.nix b/hosts/server7/containers/outer-defaults.nix
deleted file mode 100644
index f168c4f4..00000000
--- a/hosts/server7/containers/outer-defaults.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-name:
-
-let yggaddr = import ../../../lib/server7-yggaddr.nix;
-in {
- # These the container defaults from the perspective of the host.
-
- autoStart = true;
- privateNetwork = true;
- hostBridge = "br0";
-}
diff --git a/hosts/server7/containers/samba/default.nix b/hosts/server7/containers/samba/default.nix
deleted file mode 100644
index 9e1f9093..00000000
--- a/hosts/server7/containers/samba/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- bindMounts."/srv/files" = {
- hostPath = "/srv/ceph/c3d2/files";
- isReadOnly = true;
- };
-
- config = { config, pkgs, lib, ... }: {
- imports = [ ../inner-defaults.nix ];
-
- c3d2.hq.statistics.enable = true;
-
- networking = {
- useDHCP = false;
- interfaces.eth0.useDHCP = true;
- };
-
- services.samba = {
- enable = true;
- enableNmbd = true;
- extraConfig = ''
- workgroup = HQ
- server string = storage
- netbios name = storage
- hosts allow = 172.20.0.0/14 127.0.0.0/8
- hosts deny = 0.0.0.0/0
- guest account = nobody
- map to guest = Bad user
- '';
- shares = {
- c3d2 = {
- path = "/srv/files";
- browseable = "yes";
- "read only" = "yes";
- "guest ok" = "yes";
- };
- };
- };
-
- networking.firewall.enable = false;
- };
-
-}
diff --git a/hosts/server7/containers/storage/default.nix b/hosts/server7/containers/storage/default.nix
deleted file mode 100644
index fbdb2a90..00000000
--- a/hosts/server7/containers/storage/default.nix
+++ /dev/null
@@ -1,75 +0,0 @@
-name:
-
-(import ../outer-defaults.nix name) // {
-
- bindMounts."/srv/c3d2" = {
- hostPath = "/srv/ceph/c3d2";
- isReadOnly = false;
- };
-
- config = { config, pkgs, lib, ... }: {
- imports = [ ../inner-defaults.nix ];
-
- c3d2 = {
- users.k-ot = true;
- hq.statistics.enable = true;
- hq.yggdrasil.enableGateway = true;
- };
-
- services.openssh = {
- enable = true;
- allowSFTP = true;
- };
-
- environment.systemPackages = with pkgs; [ git borgbackup ];
-
- services.nginx = {
- enable = true;
- package = pkgs.nginx.override {
- modules = with pkgs.nginxModules; [ fancyindex ];
- };
- virtualHosts = {
- "storage-ng.hq.c3d2.de".extraConfig = ''
- server_name storage-ng.hq.c3d2.de;
- return 301 $scheme://storage.hq.c3d2.de$request_uri;
- '';
-
- "storage.hq.c3d2.de" = {
- default = true;
- http2 = true;
- # addSSL = true;
- locations = {
- "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
- in {
- alias = "/srv/c3d2/files/";
- extraConfig = ''
- auth_basic "Chaos";
- auth_basic_user_file ${authFile};
- fancyindex on;
- # autoindex on;
- dav_access all:r;
- '';
- };
- };
- };
- };
- };
-
- networking.interfaces.eth0 = {
- ipv4 = {
- addresses = [{
- address = "172.22.99.20";
- prefixLength = 24;
- }];
- routes = [{
- address = "0.0.0.0";
- prefixLength = 0;
- via = "172.22.99.1";
- }];
- };
- };
-
- networking.firewall.enable = false;
- };
-
-}
diff --git a/hosts/server7/default.nix b/hosts/server7/default.nix
deleted file mode 100644
index 3c6ba082..00000000
--- a/hosts/server7/default.nix
+++ /dev/null
@@ -1,210 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let yggaddr = import ../../lib/server7-yggaddr.nix;
-in {
- imports = [
- ../../lib
- ../../lib/default-gateway.nix
- ./borgbackup.nix
- ./containers
- ./hardware-configuration.nix
- ./hydra.nix
- ./nix-serve.nix
- ];
-
- boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
- security.acme = {
- email = "mail@c3d2.de";
- acceptTerms = true;
- };
-
- c3d2 = {
- users = {
- emery = true;
- windsleep = true;
- };
- isInHq = true;
- mapHqHosts = true;
- hq = {
- interface = "br0";
- statistics.enable = true;
- };
- };
-
- fileSystems."/srv/ceph" = {
- #device = "172.22.99.13:6789:/";
- device = "172.20.72.55:6789,172.20.72.56:6789,172.20.72.53:6789:/";
- fsType = "ceph";
- options = [
- "name=storage2"
- "secret=AQAvRhxcaCK0IxAAnoe00oiopcpQeKZgL02RWw=="
- "noatime,_netdev"
- "noauto"
- "x-systemd.automount"
- "x-systemd.device-timeout=175"
- "users"
- ];
- };
-
- fileSystems."/var/lib/ceph/osd/ceph-7" = { fsType = "tmpfs"; };
-
- # Route IPv6
- boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
- # Obtain global IPv6 despite being a router myself
- boot.kernel.sysctl."net.ipv6.conf.br0.accept_ra" = 2;
-
- services.yggdrasil = {
- enable = true;
- configFile = "/var/lib/yggdrasil/keys";
- config = {
- Peers = [
-
- # Deutschland
- "tcp://45.11.19.26:5001"
- "tcp://82.165.69.111:61216"
- "tcp://[2001:8d8:1800:8224::1]:61216"
-
- # Czechia
- "tcp://195.123.245.146:7743"
- "tcp://37.205.14.171:46370"
- "tcp://[2a03:3b40:fe:ab::1]:46370"
- "tcp://[2a05:9403::8b]:7743"
-
- # Poland
- "tcp://176.223.130.120:22632"
- "tcp://51.75.44.73:50001"
- "tcp://54.37.137.221:37145"
- "tcp://[2001:41d0:601:1100::cf2]:37145"
- "tcp://n2o.ddns.net:22632"
- "tls://54.37.137.221:14987"
- "tls://[2001:41d0:601:1100::cf2]:14987"
-
- ];
- NodeInfo = {
- location = "Dresden";
- name = "server7.y.c3d2.de";
- admin =
- "toxid:DF0AC9107E0A30E7201C6832B017AC836FBD1EDAC390EE99B68625D73C3FD929FB47F1872CA4";
- };
- };
- };
-
- security.sudo.wheelNeedsPassword = false;
- services.openssh = {
- enable = true;
- passwordAuthentication = false;
- # DO NOT CHANGE, KINDERGARTEN IS OVER
- };
-
- programs.mosh.enable = true;
-
- nix = {
- package = pkgs.nixFlakes;
- gc.automatic = true;
- optimise.automatic = true;
- extraOptions = ''
- experimental-features = nix-command flakes ca-references
- post-build-hook = ${
- pkgs.writeScript "post-build-sign-paths" ''
- #!${pkgs.runtimeShell}
- nix sign-paths --key-file /var/lib/nix-serve.key $OUT_PATHS
- ''
- }
- '';
- };
- nixpkgs.overlays = [
- (self: super: {
- nix = super.nix // { meta.platforms = lib.platforms.linux; };
- })
- ];
-
- virtualisation.docker.enable = true;
-
- docker-containers.ceph-osd-7 = {
- cmd = [ "ceph-osd" "-i" "7" "--setuser" "ceph" "--setgroup" "ceph" "-d" ];
- environment = { OSD_DEVICE = "/dev/sdb"; };
- image = "ceph/ceph:v14.2.9";
- log-driver = "journald";
- extraDockerOptions =
- [ "--rm" "--net=host" "--ipc=host" "--privileged=true" ];
- volumes =
- [ "/dev:/dev" "/etc/ceph:/etc/ceph" "/var/lib/ceph/:/var/lib/ceph" ];
- };
- systemd.services.docker-ceph-osd-7.preStart =
- "-${pkgs.docker}/bin/docker run --rm --net=host --ipc=host --privileged=true -v /dev:/dev -v /etc/ceph:/etc/ceph -v /var/lib/ceph/:/var/lib/ceph -e OSD_DEVICE=/dev/sdb -it ceph/ceph:v14.2.9 ceph-volume lvm activate --all --no-systemd";
-
- networking = {
- firewall.enable = false;
- firewall.trustedInterfaces = [ "br0" ];
- hostName = "server7";
- hostId = "454fe12c";
- useDHCP = false;
- bridges.br0.interfaces = [ "enp2s0f0" ];
- interfaces = {
- br0 = {
- useDHCP = true;
- tempAddress = "disabled";
- ipv4.addresses = [{
- address = "172.22.99.245";
- prefixLength = 24;
- }];
- ipv6.addresses = [{
- address = yggaddr.prefix64 + "::1";
- prefixLength = 64;
- }];
- };
- enp2s0f1.useDHCP = false;
- };
- };
-
- boot.kernel.sysctl."net.bridge.bridge-nf-call-arptables" = 0;
- boot.kernel.sysctl."net.bridge.bridge-nf-call-iptables" = 0;
- boot.kernel.sysctl."net.bridge.bridge-nf-call-ip6tables" = 0;
-
- environment.systemPackages = with pkgs; [
- tmux
- htop
- vim
- gitMinimal
- nixfmt
- zfsStable
- ];
-
- services.collectd.extraConfig = ''
- LoadPlugin memory
- LoadPlugin processes
- LoadPlugin disk
- LoadPlugin df
- LoadPlugin cpu
- LoadPlugin entropy
- LoadPlugin load
- LoadPlugin swap
- LoadPlugin cgroups
- LoadPlugin vmem
- LoadPlugin interface
- '';
-
- boot.tmpOnTmpfs = true;
-
- # Use the systemd-boot EFI boot loader.
- boot.loader = {
- systemd-boot.enable = true;
- efi.canTouchEfiVariables = true;
- };
-
- time.timeZone = "Europe/Berlin";
-
- system.stateVersion = "19.09"; # Did you read the comment?
-
- users.extraUsers.hydra.openssh.authorizedKeys.keys = [
- # allow the old hydra to build here
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7HuDlyTlPC4rCjwhklY8kiYIxdgPhiu6wxs29ksnpKZmJa2R7qoD02N3ACm9cTb1GVkIWukAXI3KvU9h08+WLQJqUH0cHVBj3V1sDYmkN2QecE59gz3e1gfN3zPtwmQEUe6xvHWK3X3qdH45pGPUtxk1eDTZl45037C0NClWF7RXI4m6UXng4bL9wnPvoVqCI+ySsNWaTkHDLE/D9s/VrqGxJ1w2KiJb1F73g9/x/zjL8Ixb16wkPmLE0e50MQAQa7EMFTyPZoEskFnEviLYXM9pDexABAjJfbfZ39lLyMgVYGwnzEDbjDlm68dE6wQWUY1OV6wbt8uYreB2IRrlb root@hydra"
- ];
-
- services.dhcpd4 = {
- enable = false;
- interfaces = [ "br0" ];
- extraConfig = "not authoritative;";
- };
-}
diff --git a/hosts/server7/hardware-configuration.nix b/hosts/server7/hardware-configuration.nix
deleted file mode 100644
index 0f87d7fa..00000000
--- a/hosts/server7/hardware-configuration.nix
+++ /dev/null
@@ -1,179 +0,0 @@
-# Do not modify this file! It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations. Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
- boot.initrd.availableKernelModules =
- [ "ehci_pci" "ahci" "nvme" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ "dm-snapshot" ];
- boot.kernelModules = [ "kvm-intel" ];
- boot.extraModulePackages = [ ];
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/f14628ce-0f13-4544-9197-0ddda291f48f";
- fsType = "ext4";
- };
-
- fileSystems."/var/lib/ceph/osd/ceph-7" = {
- device = "tmpfs";
- fsType = "tmpfs";
- };
-
- fileSystems."/boot" = {
- device = "/dev/disk/by-uuid/9812-00B2";
- fsType = "vfat";
- };
-
- fileSystems."/nvme0n1" = {
- device = "nvme0n1";
- fsType = "zfs";
- };
-
- fileSystems."/zones/b090f14b-0a60-4451-e82a-c5291e5951de/cores" = {
- device = "nvme0n1/cores/b090f14b-0a60-4451-e82a-c5291e5951de";
- fsType = "zfs";
- };
-
- fileSystems."/zones/9a9880d3-82db-c500-fcaa-d4e5a5cc617d/cores" = {
- device = "nvme0n1/cores/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
- fsType = "zfs";
- };
-
- fileSystems."/zones/archive" = {
- device = "nvme0n1/archive";
- fsType = "zfs";
- };
-
- fileSystems."/zones/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5/cores" = {
- device = "nvme0n1/cores/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
- fsType = "zfs";
- };
-
- fileSystems."/zones/9f467f1e-000b-e771-e117-b32261e48220/cores" = {
- device = "nvme0n1/cores/9f467f1e-000b-e771-e117-b32261e48220";
- fsType = "zfs";
- };
-
- fileSystems."/zones/e71d4460-8eef-6623-a875-dd5ec20b650f/cores" = {
- device = "nvme0n1/cores/e71d4460-8eef-6623-a875-dd5ec20b650f";
- fsType = "zfs";
- };
-
- fileSystems."/zones/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3/cores" = {
- device = "nvme0n1/cores/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
- fsType = "zfs";
- };
-
- fileSystems."/zones/3516ab22-69b0-e327-95ec-f9be8852ee44/cores" = {
- device = "nvme0n1/cores/3516ab22-69b0-e327-95ec-f9be8852ee44";
- fsType = "zfs";
- };
-
- fileSystems."/zones/global/cores" = {
- device = "nvme0n1/cores/global";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/c3d2.de" = {
- device = "nvme0n1/c3d2.de";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3" = {
- device = "nvme0n1/9c31e6c7-97ee-e757-b5e8-d4f07a25bdc3";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317" = {
- device = "nvme0n1/b28b36ed-1824-3a6c-cdbb-258c7dd63317";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de" = {
- device = "nvme0n1/b090f14b-0a60-4451-e82a-c5291e5951de";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f" = {
- device = "nvme0n1/55bcd862-bb70-11e9-9991-7b9a40d4e95f";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4" = {
- device = "nvme0n1/a9786e8b-fce2-7567-6467-2a95086a51d4";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d" = {
- device = "nvme0n1/9a9880d3-82db-c500-fcaa-d4e5a5cc617d";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5" = {
- device = "nvme0n1/eec98403-5f4f-cadf-f4ff-aa9a99b4cdb5";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/9f467f1e-000b-e771-e117-b32261e48220" = {
- device = "nvme0n1/9f467f1e-000b-e771-e117-b32261e48220";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3" = {
- device = "nvme0n1/9651893f-4b85-293a-2d72-60ea3b541bc3";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89" = {
- device = "nvme0n1/d5a8bfc2-6d01-6d5e-ad3f-edf032eedd89";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43" = {
- device = "nvme0n1/7644820f-5ce5-f9f1-94b7-4537ee598f43";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9" = {
- device = "nvme0n1/0cc567e5-5e4c-1868-eca3-4426508cbfb9";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d" = {
- device = "nvme0n1/63d6e664-3f1f-11e8-aef6-a3120cf8dd9d";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/c3d2.de/admin" = {
- device = "nvme0n1/c3d2.de/admin";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75" = {
- device = "nvme0n1/3e65fa50-2f41-8792-df46-8c826bddab75";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/c3d2.de/templates" = {
- device = "nvme0n1/c3d2.de/templates";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f" = {
- device = "nvme0n1/e71d4460-8eef-6623-a875-dd5ec20b650f";
- fsType = "zfs";
- };
-
- fileSystems."/nvme0n1/c3d2.de/iso" = {
- device = "nvme0n1/c3d2.de/iso";
- fsType = "zfs";
- };
-
- swapDevices = [ ];
-
- nix.maxJobs = lib.mkDefault 40;
- powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
-}
diff --git a/hosts/server7/hydra.nix b/hosts/server7/hydra.nix
deleted file mode 100644
index 52692b0e..00000000
--- a/hosts/server7/hydra.nix
+++ /dev/null
@@ -1,49 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
- services.hydra-dev = {
- enable = true;
- debugServer = true;
- extraEnv.HYDRA_DEBUG = "1";
- hydraURL = "https://server7.hq.c3d2.de";
- logo = ./hydra.svg;
- notificationSender = "hydra@spam.works";
- # package = pkgs.hydra-unstable;
- listenHost = "172.22.99.245";
- # listenHost = "*";
- useSubstitutes = true;
- minimumDiskFree = 2;
- minimumDiskFreeEvaluator = 2;
- extraConfig = ''
-
- authfile = /var/lib/hydra/sotest.auth
-
- '';
- };
-
- nix.trustedUsers = [ "hydra" ];
-
- nix.buildMachines = [{
- hostName = "localhost";
- system = "x86_64-linux";
- supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
- maxJobs = 8;
- }];
-
- nix.binaryCachePublicKeys =
- [ "nix-serve.hq.c3d2.de-2:elqZouiiQP4XNfmEekwXH/YRPL1pXlN5JgVSzT1Ctoc=" ];
- nix.binaryCaches = [ "http://nix-serve.hq.c3d2.de" ];
-
- services.nginx = {
- enable = true;
- virtualHosts = {
- "server7.hq.c3d2.de" = {
- addSSL = true;
- enableACME = true;
- globalRedirect = "hydra7.hq.c3d2.de";
- };
- };
- };
-
-
-}
diff --git a/hosts/server7/hydra.svg b/hosts/server7/hydra.svg
deleted file mode 100644
index d0b05e02..00000000
--- a/hosts/server7/hydra.svg
+++ /dev/null
@@ -1,163 +0,0 @@
-
-
-
-
diff --git a/hosts/server7/nix-serve.nix b/hosts/server7/nix-serve.nix
deleted file mode 100644
index 13a3739a..00000000
--- a/hosts/server7/nix-serve.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ config, ... }:
-
-{
- nix.sshServe.enable = true;
-
- services.nix-serve = {
- enable = true;
- secretKeyFile = "/var/lib/nix-serve.key";
- };
-
- services.nginx = {
- enable = true;
- virtualHosts = let
- vhost.locations."/".proxyPass =
- "http://${config.services.nix-serve.bindAddress}:${
- toString config.services.nix-serve.port
- }";
- in {
- "cache.server7.hq.c3d2.de" = vhost // {
- addSSL = true;
- enableACME = true;
- };
- "nix-serve.y.c3d2.de" = vhost;
- };
- };
-
-}
-
diff --git a/hosts/server7/yggdrasil-prefix.nix b/hosts/server7/yggdrasil-prefix.nix
deleted file mode 100644
index 9d1e0415..00000000
--- a/hosts/server7/yggdrasil-prefix.nix
+++ /dev/null
@@ -1,27 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let yggaddr = import ../../lib/server7-yggaddr.nix;
-in {
- boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
-
- networking.interfaces.br0.ipv6.addresses = [{
- address = yggaddr.prefix + ":1";
- prefixLength = 24;
- }];
-
- services.radvd = {
- enable = true;
- config = ''
- interface enp2s0f1
- {
- AdvSendAdvert on;
- AdvRouteLifetime 0;
- prefix ${yggaddr.prefix}:/64 {
- AdvOnLink on;
- AdvAutonomous on;
- };
- route 200::/7 {};
- };
- '';
- };
-}
diff --git a/lib/default.nix b/lib/default.nix
index 9724d75a..79583612 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -8,8 +8,6 @@ let
hqPrefix64 = "fd23:42:c3d2:523";
# TODO: Is this stable? Is there a better place to specifiy this?
- server7Ygg = import ./server7-yggaddr.nix;
-
# Generate a deterministic IPv6 address for a 64 bit prefix
# and seed string. Prefix must not contain trailing ':'.
toIpv6Address = prefix64: seed:
@@ -23,8 +21,6 @@ let
# for the HQ networking using a seed string.
toHqPrivateAddress = toIpv6Address hqPrefix64;
- toServer7Address = toIpv6Address server7Ygg.prefix64;
-
# toHqPublicAddress = toIpv6Address publicPrefix64;
cfg = config.c3d2;
@@ -171,10 +167,6 @@ in {
name = ip6;
value = [ "${hostName}.hq" hostName ];
}
- {
- name = toServer7Address hostName;
- value = [ "${hostName}.y.c3d2.de" "${hostName}.y" ];
- }
] ++ lib.optional (hasAttr "ip4" host) {
name = host.ip4;
value = [ "${hostName}.hq" hostName ];
@@ -202,16 +194,7 @@ in {
ipv6.addresses = [{
address = toHqPrivateAddress config.networking.hostName;
prefixLength = 64;
- }] ++ lib.optional (cfg.hq.yggdrasil.enableGateway) {
- address = toServer7Address config.networking.hostName;
- prefixLength = 64;
- };
- ipv6.routes = lib.optional (cfg.hq.yggdrasil.enableGateway) {
- address = "200::";
- options.pref = "low";
- prefixLength = 7;
- via = server7Ygg.prefix64 + "::1";
- };
+ }];
};
});
@@ -282,14 +265,6 @@ in {
# Only builds > 19.09
};
- nix = lib.mkIf
- (cfg.hq.enableBinaryCache && config.networking.hostName != "server7") {
- binaryCaches = [ "https://cache.server7.hq.c3d2.de" ];
- binaryCachePublicKeys = [
- "cache.server7.hq.c3d2.de:x8JLRG26zRZ8ysYZLEkPxuAYuK1VSJi/aMAEIs2Lv+U="
- ];
- };
-
services.mpd.extraConfig = lib.mkIf cfg.hq.enableMpdProxy ''
database {
plugin "proxy"