burnham: remove host

2025-12-01 23:22:05 +01:00
parent 1af2ea3552
commit f7ce8585b5
10 changed files with 2 additions and 181 deletions
--- a/README.md
+++ b/README.md
@@ -37,8 +37,9 @@ Other installed packages and tools are described in the config files (like ./hos
 ## Networking
 - I use *nginx* as a web server and reverse proxy. The configuration is mostly distributed throughout the services that use it ([example](https://git.feal.no/felixalb/nixos-config/src/commit/3a05681d10a6999f73cbef59c3999742b81947a6/hosts/defiant/services/hedgedoc.nix#L98)).
- I recently switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix) and [here](./hosts/burnham/services/wireguard.nix).
+- A long time ago, I switched from Tailscale(actually [headscale](https://github.com/juanfont/headscale)) to *WireGuard*, configured [here](./hosts/defiant/services/wireguard.nix).
 - PiHole ([source](./hosts/defiant/services/pihole.nix)) run my internal DNS (\*.home.feal.no) and ad blocking.
 - A simple custom DynDNS thing is defined [here](./common/domeneshop-dyndns.nix) and used [here](./hosts/defiant/services/dyndns.nix).
 ## Monitoring
--- a/flake.nix
+++ b/flake.nix
@@ -79,13 +79,6 @@
        };
      in {
        # Networking / VPN Gateway
        burnham = normalSys "burnham" {
          modules = [
            ./common/domeneshop-dyndns.nix
          ];
        };
        # Media / storage server
        challenger = normalSys "challenger" {
          modules = [
--- a/hosts/burnham/configuration.nix
+++ b/hosts/burnham/configuration.nix
@@ -1,40 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  imports =
    [
      ../../base.nix
      ../../common/metrics-exporters.nix
      ./hardware-configuration.nix
      # Infrastructure
      ./services/wireguard.nix
      # Other
      ./services/dyndns.nix
      ./services/nginx.nix
      ./services/thelounge.nix
  ];
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
  networking = {
    hostName = "burnham";
    defaultGateway = "192.168.11.1";
    interfaces.ens18.ipv4 = {
      addresses = [
        { address = "192.168.11.109"; prefixLength = 24; }
      ];
    };
    hostId = "8e24f235";
  };
  sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
  environment.variables = { EDITOR = "vim"; };
  system.stateVersion = "23.11";
 }
--- a/hosts/burnham/hardware-configuration.nix
+++ b/hosts/burnham/hardware-configuration.nix
@@ -1,30 +0,0 @@
 { config, lib, pkgs, modulesPath, ... }:
 {
  imports =
    [ (modulesPath + "/profiles/qemu-guest.nix")
    ];
  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ ];
  boot.extraModulePackages = [ ];
  fileSystems."/" =
    { device = "/dev/disk/by-uuid/31ff6d37-52d6-43c3-a214-5d38a6c38b0e";
      fsType = "ext4";
    };
  swapDevices =
    [ { device = "/dev/disk/by-uuid/cce59ee7-7c83-4165-a9b0-f950cd2e3273"; }
    ];
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
  #networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.ens18.useDHCP = lib.mkDefault true;
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/burnham/home.nix
+++ b/hosts/burnham/home.nix
@@ -1,12 +0,0 @@
 { pkgs, lib, ... }:
 {
  imports = [
    ./../../home/base.nix
  ];
  programs = {
    zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
  };
  home.stateVersion = "23.05";
 }
--- a/hosts/burnham/services/dyndns.nix
+++ b/hosts/burnham/services/dyndns.nix
@@ -1,11 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  sops.secrets."domeneshop/netrc" = { };
  services.domeneshop-dyndns = {
    enable = true;
    domain = "site2.feal.no";
    netrcFile = config.sops.secrets."domeneshop/netrc".path;
  };
 }
--- a/hosts/burnham/services/nginx.nix
+++ b/hosts/burnham/services/nginx.nix
@@ -1,19 +0,0 @@
 { config, values, ... }:
 {
  services.nginx = {
    enable = true;
    enableReload = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  security.acme = {
    acceptTerms = true;
    defaults.email = "felix@albrigtsen.it";
  };
 }
--- a/hosts/burnham/services/thelounge.nix
+++ b/hosts/burnham/services/thelounge.nix
@@ -1,21 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.services.thelounge.extraConfig;
  domain = "irc.home.feal.no";
 in {
  services.thelounge = {
    enable = true;
    extraConfig = {
      public = false;
      host = "127.0.1.2";
      port = 9000;
      reverseProxy = true;
    };
  };
  services.nginx.virtualHosts.${domain} = {
    locations."/".proxyPass = "http://${cfg.host}:${toString cfg.port}";
  };
 }
--- a/hosts/burnham/services/wireguard.nix
+++ b/hosts/burnham/services/wireguard.nix
@@ -1,38 +0,0 @@
 { config, pkgs, lib, ... }:
 let
  cfg = config.networking.wireguard.interfaces."wg0";
 in {
  networking = {
    nat = {
      enable = true;
      externalInterface = "ens18";
      internalInterfaces = [ "wg0" ];
    };
    firewall.allowedUDPPorts = [ cfg.listenPort ];
    wireguard.interfaces."wg0" = {
      ips = [ "10.100.0.2/24" ];
      listenPort = 51820;
      privateKeyFile = "/etc/wireguard/burnham.private";
      postSetup = ''
        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE
      '';
      postShutdown = ''
        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -d 192.168.11.0/24 -o eth0 -j MASQUERADE
      '';
      peers = [
        { # Defiant
          publicKey = "8/711GhmN9+NcduHF4JPkfoZPE0qsDLuwhABcPyjNxI=";
          persistentKeepalive = 120;
          allowedIPs = [
            "10.100.0.1/32"
            "192.168.10.0/24"
          ];
          endpoint = "site3.feal.no:51902";
        }
      ] ++ (import ../../../common/wireguard-peers.nix);
    };
  };
 }
--- a/hosts/defiant/services/monitoring/prometheus.nix
+++ b/hosts/defiant/services/monitoring/prometheus.nix
@@ -17,14 +17,12 @@ in {
        static_configs = [
          {
            targets = [
              "burnham.home.feal.no:9100"
              "challenger.home.feal.no:9100"
              "defiant.home.feal.no:9100"
              "leonard.home.feal.no:9100"
              "morn.home.feal.no:9100"
              "scotty.home.feal.no:9100"
              "sisko.home.feal.no:9100"
              "sulu.home.feal.no:9100"
            ];
          }
        ];