dynamic nodes

author: Jasper Ras <jaspert.ras@gmail.com> 2025-03-29 12:54:20 +0100
committer: Jasper Ras <jaspert.ras@gmail.com> 2025-03-29 12:54:20 +0100
commit: 5bf105b94f3c63bc738b788b2b651985eed96c11 (patch)
tree: c8b98b552fede2854fdc9ebf59f8a030ebd7e3cd /modules/work
parent: 5b41ca762c6a44fa7a77e5f5324bcecf8a47f4c7 (diff)
5 files changed, 0 insertions, 272 deletions
diff --git a/modules/work/default.nix b/modules/work/default.nix
deleted file mode 100644
index af28423..0000000
--- a/modules/work/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  imports = [
-    ../core
-    ../hyprland.nix
-
-    ./hardware-configuration.nix
-    ./home-manager.nix
-    ./networking.nix
-    ./secrets.nix
-  ];
-
-  system.stateVersion = "24.05"; # Do NOT change before reading configuration.nix
-
-  users.users.jras.extraGroups = [ "networkmanager" "docker" ];
-  security.sudo.wheelNeedsPassword = lib.mkForce true;
-
-  time.timeZone = "Europe/Amsterdam";
-
-  virtualisation.docker = {
-    enable = true;
-    enableOnBoot = true;
-  };
-
-  virtualisation.virtualbox = {
-    host.enable = true;
-    host.enableKvm = false;
-  };
-
-  users.extraGroups.vboxusers.members = [ "jras" ];
-
-
-  hardware.bluetooth.enable = true;
-  hardware.bluetooth.powerOnBoot = true;
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  services.libinput.mouse.accelProfile = "flat";
-  services.libinput.mouse.accelSpeed = "-5";
-  services.upower.enable = true;
-
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "";
-  };
-
-  programs.gnupg.agent.enable = true;
-  programs.gnupg.agent.pinentryPackage = pkgs.pinentry-gnome3;
-}
diff --git a/modules/work/hardware-configuration.nix b/modules/work/hardware-configuration.nix
deleted file mode 100644
index 9c8c4b1..0000000
--- a/modules/work/hardware-configuration.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/df469cf1-1acc-4bf4-86e1-ec368e5a96a1";
-      fsType = "ext4";
-    };
-
-  boot.initrd.luks.devices."luks-0f6e3603-084c-4438-9749-36b31b6f226a".device = "/dev/disk/by-uuid/0f6e3603-084c-4438-9749-36b31b6f226a";
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/F0E6-4DF3";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0f0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/modules/work/home-manager.nix b/modules/work/home-manager.nix
deleted file mode 100644
index c3ee4d9..0000000
--- a/modules/work/home-manager.nix
+++ /dev/null
@@ -1,81 +0,0 @@
-{ lib, pkgs, inputs, ... }:
-{
-  home-manager.useGlobalPkgs = true;
-  home-manager.useUserPackages = true;
-  home-manager.extraSpecialArgs = { inherit inputs; };
-  home-manager.users.jras = {
-    imports = [
-      ../home-manager/core
-
-      ../home-manager/hyprland.nix
-      ../home-manager/hostnet.nix
-      ../home-manager/php.nix
-      ../home-manager/ansible.nix
-      ../home-manager/python.nix
-    ];
-
-    home.username = "jras";
-    home.homeDirectory = "/home/jras";
-    home.stateVersion = "22.11";
-    home.sessionPath = [ "$HOME/.local/bin" ];
-
-    home.packages = with pkgs; [
-      slack
-      moonlight-qt
-      brightnessctl
-      google-chrome
-    ];
-
-    programs.git = {
-      userName = "Jasper Ras";
-      userEmail = lib.mkForce "jras@hostnet.nl";
-      extraConfig = { gitreview.username = "jrasper"; };
-      ignores = [
-        ".direnv"
-        ".envrc"
-        ".project"
-        ".settings/"
-        ".buildpath"
-        "tags"
-        ".hhconfig"
-        ".DS_Store"
-        ".idea/"
-        ".vagrant/"
-        "*.swp"
-        "clover.xml"
-        "yarn-error.log"
-        "gsuite-auth.json"
-        "venv/"
-        "shell.nix"
-
-        ".devenv*"
-        "devenv*"
-        ".pre-commit-config.yaml"
-      ];
-    };
-
-    programs.zsh.initExtra = ''
-      eval "$(dircolors)"
-    '';
-    programs.zsh.shellAliases = {
-      ssh = "TERM=xterm-256color ssh";
-    };
-
-    programs.pyenv.enable = true;
-    programs.pyenv.enableZshIntegration = true;
-    programs.ssh = {
-      controlMaster = "auto";
-      controlPersist = "12h";
-      serverAliveInterval = 11;
-      matchBlocks = {
-        "*.g1i.one".user = "jasras";
-        "*.os1.openstack.group.one".user = "jasras";
-        "*.one.com".user = "jasras";
-        "91.184.16.185".port = 12345;
-        "*.compute.prv.vps1-testpod-cph3.one.com".forwardAgent = true;
-        "access.*.one.com".forwardAgent = true;
-        "access.*.g1i.one".forwardAgent = true;
-      };
-    };
-  };
-}
diff --git a/modules/work/networking.nix b/modules/work/networking.nix
deleted file mode 100644
index 99ba8d7..0000000
--- a/modules/work/networking.nix
+++ /dev/null
@@ -1,87 +0,0 @@
-{ pkgs, config, ... }:
-{
-	environment.systemPackages = with pkgs; [
-    networkmanager-openvpn
-  ];
-
-  networking.hostName = "work";
-  networking.networkmanager.enable = true;
-  networking.networkmanager.dns = "systemd-resolved";
-  networking.nameservers = [ "1.1.1.1" ];
-
-  services.openvpn.servers = {
-    ghostnet = {
-      config = ''
-        client
-        remote 185.57.9.6 1194
-        cert ${config.age.secrets.ghostnet-cert.path}
-        key ${config.age.secrets.ghostnet-key.path}
-        ca ${config.age.secrets.ghostnet-ca.path}
-        auth-user-pass ${config.age.secrets.ghostnet-auth-user-pass.path}
-        reneg-sec 0
-        cipher AES-256-CBC
-        comp-lzo adaptive
-        dev tun
-        proto udp
-        remote-cert-tls server
-        tls-auth ${config.age.secrets.ghostnet-tls-auth.path} 1
-        nobind
-        auth-nocache
-        script-security 2
-        persist-key
-        persist-tun
-        user nm-openvpn
-        group nm-openvpn
-      '';
-      updateResolvConf = false;
-      autoStart = false;
-    };
-    systems = {
-      config = ''
-        client
-        remote 'vpn-v2.one.com'
-        cert '${config.age.secrets.systems-cert.path}'
-        key '${config.age.secrets.systems-key.path}'
-        ca '${config.age.secrets.systems-ca.path}'
-        cipher AES-128-CBC
-        comp-lzo adaptive
-        dev tun
-        proto udp
-        port 1200
-        remote-cert-tls server
-        tls-auth '${config.age.secrets.systems-tls-auth.path}' 1
-        nobind
-        auth-nocache
-        script-security 2
-        persist-key
-        persist-tun
-        user nm-openvpn
-        group nm-openvpn
-      '';
-      updateResolvConf = false;
-      autoStart = false;
-    };
-  };
-
-  programs.update-systemd-resolved.servers = {
-    ghostnet = {
-      includeAutomatically = true;
-      settings = {
-        routeOnlyDomains = [ "hostnetbv.nl." ];
-        defaultRoute = false;
-        multicastDNS = "no";
-        dnsOverTLS = "opportunistic";
-        dnssec = "no";
-      };
-    };
-  };
-
-  services.resolved = {
-    enable = true;
-    dnssec = "true";
-    domains = [ "~." ];
-    fallbackDns = [ "1.1.1.1" ];
-    dnsovertls = "opportunistic";
-    llmnr = "true";
-  };
-}
diff --git a/modules/work/secrets.nix b/modules/work/secrets.nix
deleted file mode 100644
index d13599d..0000000
--- a/modules/work/secrets.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }:
-{
-  age.secrets.ghostnet-cert.file = ../../secrets/ghostnet-cert.age;
-  age.secrets.ghostnet-key.file = ../../secrets/ghostnet-key.age;
-  age.secrets.ghostnet-ca.file = ../../secrets/ghostnet-ca.age;
-  age.secrets.ghostnet-tls-auth.file = ../../secrets/ghostnet-tls-auth.age;
-  age.secrets.ghostnet-auth-user-pass.file = ../../secrets/ghostnet-auth-user-pass.age;
-
-  age.secrets.systems-cert.file = ../../secrets/systems-cert.age;
-  age.secrets.systems-key.file = ../../secrets/systems-key.age;
-  age.secrets.systems-ca.file = ../../secrets/systems-ca.age;
-  age.secrets.systems-tls-auth.file = ../../secrets/systems-tls-auth.age;
-}
author	Jasper Ras <jaspert.ras@gmail.com>	2025-03-29 12:54:20 +0100
committer	Jasper Ras <jaspert.ras@gmail.com>	2025-03-29 12:54:20 +0100
commit	5bf105b94f3c63bc738b788b2b651985eed96c11 (patch)
tree	c8b98b552fede2854fdc9ebf59f8a030ebd7e3cd /modules/work
parent	5b41ca762c6a44fa7a77e5f5324bcecf8a47f4c7 (diff)