Remove server hosts

host/bachtel.nix

@@ -1,92 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }: {
-
-  imports = [ ../defaults/base ../hardware/apu.nix ../hardware/wle900vx.nix ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/360a6bc9-fc4e-4803-bd53-69320ac32ac5";
-    fsType = "btrfs";
-    options = [ "defaults" "subvol=nixos" "noatime" ];
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/73f91e99-d856-4504-b6b2-d60f855d6d95"; }];
-
-  services.qois.wwan = {
-    enable = true;
-    apn = "gprs.swisscom.ch";
-    networkInterface = "wwp0s19u1u3i12";
-  };
-
-  services.qois.router = {
-    enable = true;
-    wanInterface = "wwp0s19u1u3i12";
-    wirelessInterfaces = [ "wlp5s0" ];
-    lanInterfaces = [ "enp1s0" "enp2s0" "enp3s0" "enp4s0" ];
-    internalRouterIP = "10.2.1.1";
-    dhcp = {
-      enable = true;
-      localDomain = "rappi.fh2.ch";
-      dhcpRange = "10.2.1.2,10.2.1.249";
-    };
-    recursiveDns = {
-      enable = true;
-      networkIdIp = "10.2.1.0";
-    };
-    wireless = {
-      enable = true;
-      #wleInterface24Ghz = "wlp4s0";
-      wleInterface5Ghz = "wlp5s0";
-      ssid = "hauser";
-      passphrase = "mifatielma";
-    };
-  };
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # boot.loader.grub.efiSupport = true;
-  # boot.loader.grub.efiInstallAsRemovable = true;
-  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  networking.hostName = "bachtel"; # Define your hostname.
-  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-  #networking.wireless.networks = {
-  #  yummi = {
-  #    psk = "cookies!";
-  #  };
-  #};
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # List services that you want to enable:
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.jane = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  # };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.09"; # Did you read the comment?
-
-}

host/calanda.nix

@@ -1,77 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ ../hardware/apu.nix ../hardware/wle200nx.nix ../defaults/base ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/16efc5db-0697-4f39-b64b-fc18ac318625";
-    fsType = "btrfs";
-    options = [ "defaults" "subvol=nixos" "noatime" ];
-  };
-
-  swapDevices =
-    [{ device = "/dev/disk/by-uuid/b5104a7c-4a4a-4048-a9f8-44ddb0082632"; }];
-
-  services.qois.router = {
-    enable = true;
-    wanInterface = "enp4s0";
-    wirelessInterfaces = [ "wlp5s0" ];
-    lanInterfaces = [ "enp2s0" ];
-    internalRouterIP = "10.2.1.1";
-    dhcp = {
-      enable = true;
-      localDomain = "ilanz.fh2.ch";
-      dhcpRange = "10.1.1.2,10.1.1.249";
-    };
-    recursiveDns = {
-      enable = true;
-      networkIdIp = "10.1.1.0";
-    };
-    wireless = {
-      enable = true;
-      wleInterface24Ghz = "wlp5s0";
-      #wleInterface5Ghz = "wlp5s0";
-      ssid = "hauser";
-      passphrase = "mifatielma";
-    };
-  };
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # boot.loader.grub.efiSupport = true;
-  # boot.loader.grub.efiInstallAsRemovable = true;
-  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  networking.hostName = "calanda";
-  networking.domain = "ilanz.fh2.ch";
-  networking.enableIPv6 = false; # TODO
-
-  # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # List services that you want to enable:
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.jane = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  # };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.03"; # Did you read the comment?
-
-}

host/etzel.nix

@@ -1,118 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ../hardware/apu1.nix
-    ../hardware/wle200nx.nix
-    ../hardware/wle600vx.nix
-    ../defaults/base
-  ];
-
-  nix.distributedBuilds = true;
-
-  nix.buildMachines = [{
-    hostName = "10.2.1.38";
-    system = "x86_64-linux";
-    sshUser = "fhauser";
-    sshKey = "/root/.ssh/id_ed25519";
-    # if the builder supports building for multiple architectures, 
-    # replace the previous line by, e.g.,
-    # systems = ["x86_64-linux" "aarch64-linux"];
-    maxJobs = 4;
-    speedFactor = 2;
-    supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
-    mandatoryFeatures = [ ];
-  }];
-
-  services.qois.router = {
-    enable = true;
-    wanInterface = "enp2s0";
-    #wirelessInterfaces = [ "wlp4s0" "wlp6s0" ];
-    lanInterfaces = [ "enp1s0" "enp3s0" ];
-    internalRouterIP = "10.2.2.1";
-    dhcp = {
-      enable = true;
-      localDomain = "test.rappi.fh2.ch";
-      dhcpRange = "10.2.2.2,10.2.2.200";
-    };
-    recursiveDns = {
-      enable = true;
-      networkIdIp = "10.2.2.0";
-    };
-    wireless = {
-      enable = true;
-      wleInterface24Ghz = "wlp4s0";
-      wleInterface5Ghz = "wlp6s0";
-      ssid = "testnet";
-      passphrase = "testnettestnet";
-    };
-  };
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # boot.loader.grub.efiSupport = true;
-  # boot.loader.grub.efiInstallAsRemovable = true;
-  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
-
-  boot.initrd.luks.devices = {
-    "root" = {
-      device = "/dev/disk/by-uuid/196202a2-ecb2-4c43-9a62-9e58f4d5de95";
-      keyFile = "/etc/luks.keyfile";
-    };
-    "swap" = {
-      device = "/dev/disk/by-uuid/a268e9e6-8636-42b1-84bc-0a432e493d0d";
-      keyFile = "/etc/luks.keyfile";
-    };
-  };
-  boot.initrd.secrets."/etc/luks.keyfile" = /boot/luks.keyfile;
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mapper/root";
-      fsType = "btrfs";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/14a4d9dc-2d3b-44e1-938e-1429f1639507";
-      fsType = "ext4";
-    };
-  };
-
-  swapDevices = [{ device = "/dev/mapper/swap"; }];
-
-  networking.hostName = "etzel"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
-  # Per-interface useDHCP will be mandatory in the future, so this generated config
-  # replicates the default behaviour.
-  networking.useDHCP = false;
-  networking.interfaces.enp1s0.useDHCP = true;
-  networking.interfaces.enp2s0.useDHCP = true;
-  networking.interfaces.enp3s0.useDHCP = true;
-  networking.interfaces.wlp4s0.useDHCP = true;
-  networking.interfaces.wlp6s0.useDHCP = true;
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.03"; # Did you read the comment?
-
-}
-

host/lindberg/default.nix

@@ -1,25 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    ./networking.nix
-    ./filesystems.nix
-
-    ../../hardware/asrock.nix
-
-    ../../defaults/base
-  ];
-
-  # Set your time zone.
-  time.timeZone = "Europe/Amsterdam";
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "20.09"; # Did you read the comment?
-
-}
-

host/lindberg/filesystems.nix

@@ -1,57 +0,0 @@
-{ config, pkgs, ... }: {
-
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
-  boot.initrd.luks.devices = {
-    "system".device = "/dev/disk/by-uuid/ba646016-2618-4d9b-acf2-41986ab76f7e";
-    "data".device = "/dev/disk/by-uuid/6cfe504d-992f-4b11-be3e-31d00c3e108d";
-    "backup".device = "/dev/disk/by-uuid/772017c5-f176-4473-9db6-4aa3769cf056";
-    "swap".device = "/dev/disk/by-uuid/c2f2bf21-51a8-4404-944c-ba83a9d7cf21";
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mapper/system";
-      fsType = "btrfs";
-    };
-    "/mnt/data" = {
-      device = "/dev/mapper/data";
-      fsType = "btrfs";
-    };
-    "/mnt/backup" = {
-      device = "/dev/mapper/backup";
-      fsType = "btrfs";
-    };
-    "/boot-primary" = {
-      device = "/dev/disk/by-uuid/7D11-F31D";
-      fsType = "vfat";
-    };
-    "/boot-secondary" = {
-      device = "/dev/disk/by-uuid/ED1A-59BF";
-      fsType = "vfat";
-    };
-  };
-
-  swapDevices = [{ device = "/dev/mapper/swap"; }];
-
-  # TODO: RAID Monitoring
-  # TODO: Set spin-down time of physical disks
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = true;
-    mirroredBoots = [
-      {
-        devices = [ "nodev" ];
-        path = "/boot-primary";
-        efiBootloaderId = "NixOS primary";
-      }
-      {
-        devices = [ "nodev" ];
-        path = "/boot-secondary";
-        efiBootloaderId = "NixOS secondary";
-      }
-    ];
-  };
-}

host/lindberg/networking.nix

@@ -1,15 +0,0 @@
-{ config, pkgs, ... }:
-
-let meta = import ../../meta;
-in {
-  networking.hostName = "lindberg"; # TODO: Extract into meta
-
-  networking.useDHCP = false;
-  networking.interfaces.enp5s0.useDHCP = true;
-
-  services.qois.luks-ssh = {
-    enable = true;
-    interface = "eth0";
-    sshPort = 2222;
-  };
-}

host/montalin/applications/cloud.nix

@@ -1,19 +0,0 @@
-{ config, pkgs, ... }:
-let host = "cloud.qo.is";
-in {
-
-  imports = [
-
-    ../../../defaults/nextcloud
-  ];
-
-  services.nextcloud = {
-    hostName = host;
-    package = pkgs.nextcloud20;
-  };
-  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
-  };
-
-}

host/montalin/applications/default.nix

@@ -1,12 +0,0 @@
-{ config, pkgs, ... }: {
-
-  imports = [
-    ./cloud.nix
-    ./feedreader.nix
-    #./dns.nix #TODO
-    #./wallabag.nix #TODO
-    #./id.nix #TODO
-    #./mx.nix #TODO
-    #./mail.nix #TODO
-  ];
-}

host/montalin/applications/feedreader.nix

@@ -1,18 +0,0 @@
-{ config, pkgs, ... }:
-let host = "feedreader.qo.is";
-in {
-
-  imports = [
-
-    ../../../defaults/tt-rss
-  ];
-
-  services.tt-rss = {
-    selfUrlPath = "https://${host}/";
-    virtualHost = host;
-  };
-  services.nginx.virtualHosts."${host}" = {
-    forceSSL = true;
-    enableACME = true;
-  };
-}

host/montalin/backup.nix

@@ -1,32 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  mountService = "var-backup-disk.mount";
-  backupDisk = "/var/backup/disk";
-  repo = "${backupDisk}/montalin";
-in {
-  services.borgbackup.jobs = {
-    data = {
-      exclude = [ backupDisk "/var/tmp" "/var/cache" ];
-      paths = [ "/etc" "/home" "/root" "/var" "/secrets" ];
-      preHook = "systemctl start ${mountService}";
-      postHook = "systemctl stop ${mountService}";
-      readWritePaths = [ backupDisk ];
-      prune.keep = {
-        within = "14d";
-        weekly = 4;
-        monthly = 6;
-        yearly = -1;
-
-      };
-      removableDevice = true;
-      encryption = {
-        mode = "authenticated";
-        passphrase = "";
-      };
-      repo = repo;
-      startAt = "07:00";
-      environment.BORG_BASE_DIR = "${repo}/borg-base-dir";
-    };
-  };
-}

host/montalin/database.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-
-  imports = [ ../../defaults/database ];
-  services.postgresql = {
-    ensureDatabases = [ "nextcloud" ];
-    ensureUsers = [{
-      name = "nextcloud";
-      ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
-    }];
-  };
-}

host/montalin/default.nix

@@ -1,25 +0,0 @@
-{ config, pkgs, ... }: {
-
-  imports = [
-    ./networking.nix
-    ./filesystems.nix
-    ./database.nix
-    ./backup.nix
-    ./applications
-
-    ../../hardware/nuc.nix
-
-    ../../defaults/base
-    ../../defaults/webserver
-  ];
-
-  # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "20.03"; # Did you read the comment?
-
-}

host/montalin/filesystems.nix

@@ -1,38 +0,0 @@
-{ config, pkgs, ... }: {
-  boot.initrd.luks.devices = {
-    "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1";
-    "swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49";
-    "backup".device = "/dev/disk/by-uuid/a965933d-516c-46cf-8384-006b1770e46b";
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mapper/root";
-      fsType = "btrfs";
-      options = [ "defaults" "noatime" ];
-    };
-    "/var/backup/disk" = {
-      device = "/dev/mapper/backup";
-      fsType = "ext4";
-      options = [ "defaults" "noauto" "noatime" ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/0065-E4EA";
-      fsType = "vfat";
-      options = [ "defaults" "noatime" ];
-    };
-  };
-
-  swapDevices = [{ device = "/dev/mapper/swap"; }];
-
-  # Set Spin-Down times of HDDs
-  # To get the disk identifier with `udevadm info -n /dev/sdX | grep ID_SERIAL_SHORT`
-  services.udev.extraRules = ''
-    ACTION=="add", KERNEL=="sd[a-z]", ENV{ID_SERIAL_SHORT}=="WD-WXH1A89L54LA", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k"
-  '';
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-}

host/montalin/networking.nix

@@ -1,48 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  meta = import ../../meta;
-  plessur-net = meta.network.physical-networks.plessur;
-  montalin-net = plessur-net.dmz.hosts.montalin;
-in {
-  networking.hostName = "montalin"; # Define your hostname.
-
-  networking.useDHCP = false;
-  networking.interfaces.eno1 = {
-    ipv4.addresses = [{
-      address = montalin-net.v4.ip;
-      prefixLength = plessur-net.dmz.v4.bitmask;
-    }];
-  };
-  networking.interfaces.wlp1s0.useDHCP = true;
-
-  networking.defaultGateway = plessur-net.dmz.v4.gateway;
-  networking.nameservers = plessur-net.dmz.v4.nameservers;
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  networking.firewall.allowedUDPPorts =
-    [ meta.network.virtual.mgmt.server.port ];
-
-  services.qois.luks-ssh = {
-    enable = true;
-    interface = "eno1";
-    ip = montalin-net.v4.ip;
-    netmask = "255.255.255.0";
-    gateway = plessur-net.dmz.v4.gateway;
-    sshPort = 2222;
-  };
-
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces = let
-    network = meta.network.virtual;
-    networkName = "mgmt";
-  in {
-    "wg-${networkName}" =
-      pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
-      networkName network.${networkName};
-  };
-}

host/stompert.nix

@@ -1,88 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [ ../hardware/apu.nix ../defaults/base ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/ab5a598b-6609-465f-8ab8-b894b8a5e32a";
-    fsType = "btrfs";
-    options = [ "defaults" "noatime" ];
-  };
-
-  # Use the GRUB 2 boot loader.
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  # boot.loader.grub.efiSupport = true;
-  # boot.loader.grub.efiInstallAsRemovable = true;
-  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  # Define on which hard drive you want to install Grub.
-  boot.loader.grub.device = "/dev/mmcblk0"; # or "nodev" for efi only
-
-  networking.hostName = "stompert"; # Define your hostname.
-
-  networking.wireguard.interfaces = {
-    # "wg0" is the network interface name. You can name the interface arbitrarily.
-    wg0 = {
-      # Determines the IP address and subnet of the client's end of the tunnel interface.
-      ips = [ "192.168.2.7/24" ];
-
-      # Path to the private key file.
-      #
-      # Note: The private key can also be included inline via the privateKey option,
-      # but this makes the private key world-readable; thus, using privateKeyFile is
-      # recommended.
-      privateKeyFile = "/etc/wireguard/privkey";
-
-      peers = [
-        # For a client configuration, one peer entry for the server will suffice.
-        {
-          # Public key of the server (not a file path).
-          publicKey = "EQEle/TXlS3ZE2wPxXhdAdo45dzK+DXi5nglgK6KDXs=";
-
-          # Forward all the traffic via VPN.
-          # allowedIPs = [ "0.0.0.0/0" ];
-          # Or forward only particular subnets
-          allowedIPs = [ "192.168.2.0/24" ];
-
-          # Set this to the server IP and port.
-          endpoint = "root.mgmt.vpn.qo.is:51820";
-
-          # Send keepalives every 25 seconds. Important to keep NAT tables alive.
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Set your time zone.
-  # time.timeZone = "Europe/Amsterdam";
-
-  # List services that you want to enable:
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  # users.users.jane = {
-  #   isNormalUser = true;
-  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
-  # };
-
-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.03"; # Did you read the comment?
-
-}