flake.nix

@@ -121,25 +121,6 @@
             }
           ];
         };
-
-        malcolm = nixpkgs.lib.nixosSystem {
-          system = "x86_64-linux";
-          specialArgs = {
-            inherit inputs;
-          };
-          modules = [
-            # Overlays-module makes "pkgs.unstable" available in configuration.nix
-            ({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
-
-            ./hosts/malcolm/configuration.nix
-            sops-nix.nixosModules.sops
-            home-manager.nixosModules.home-manager {
-              home-manager.useGlobalPkgs = true;
-              home-manager.useUserPackages = true;
-              home-manager.users."felixalb" = import ./hosts/malcolm/home.nix;
-            }
-          ];
-        };
       };
 
       darwinConfigurations.worf = nix-darwin.lib.darwinSystem {

hosts/malcolm/configuration.nix

@@ -1,47 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  imports = [
-    ./hardware-configuration.nix
-
-    ../../base.nix
-    ../../common/metrics-exporters.nix
-
-    ./services/mysql.nix
-    ./services/nginx.nix
-    ./services/www-kinealbrigtsen-no.nix
-  ];
-
-  networking = {
-    hostName = "malcolm";
-    bridges.br0.interfaces = [ "ens18" ];
-    interfaces.br0.useDHCP = false;
-    interfaces.br0.ipv4.addresses = [
-      { address = "192.168.11.106"; prefixLength = 24; }
-    ];
-
-    hostId = "620c42d0";
-    defaultGateway = "192.168.11.1";
-
-    # Prepend the following output rules to disallow talking to other devices on LAN
-    firewall.extraCommands = lib.strings.concatLines ([
-      "iptables -F OUTPUT"
-    ] ++ (map (addr: "iptables -A OUTPUT -p udp --dport 53 -d ${addr} -j nixos-fw-accept") config.networking.nameservers) ++ [ # Exception for DNS
-      "iptables -A OUTPUT -p tcp --dport 3100 -d 192.168.10.175 -j nixos-fw-accept" # Exception for loki logging
-      "iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"
-      "iptables -A OUTPUT -d 192.168.10.0/24 -j nixos-fw-refuse"
-      "iptables -A OUTPUT -d 192.168.11.0/24 -j nixos-fw-refuse"
-    ]);
-  };
-
-  # virtualisation.oci-containers.backend = "docker";
-  # systemd.services.docker.postStart = lib.concatMapStringsSep "\n" (rule: "${pkgs.iptables}/bin/iptables ${rule}") ([
-  #   "-F DOCKER-USER"
-  # ] ++ (map (addr: "-A DOCKER-USER -p udp --dport 53 -d ${addr} -j RETURN") config.networking.nameservers) ++ [
-  #   "-A DOCKER-USER -d 192.168.10.0/24 -j REJECT"
-  #   "-A DOCKER-USER -d 192.168.11.0/24 -j REJECT"
-  #   "-A DOCKER-USER -j RETURN"
-  # ]);
-
-  system.stateVersion = "24.05";
-}

hosts/malcolm/hardware-configuration.nix

@@ -1,30 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/7240554f-d9d9-457a-91d5-c70c09d96595";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/88C2-BAC8";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}

hosts/malcolm/home.nix

@@ -1,12 +0,0 @@
-{ pkgs, lib, ... }:
-{
-  imports = [
-    ./../../home/base.nix
-  ];
-
-  programs = {
-    zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
-  };
-
-  home.stateVersion = "24.05";
-}

hosts/malcolm/services/mysql.nix

@@ -1,10 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  services.mysql = {
-    enable = true;
-    package = pkgs.mariadb;
-  };
-
-  # TODO: services.mysqlBackup
-}

hosts/malcolm/services/nginx.nix

@@ -1,15 +0,0 @@
-{ config, values, ... }:
-{
-  services.nginx = {
-    enable = true;
-
-    clientMaxBodySize = "100m";
-
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-}

hosts/malcolm/services/www-kinealbrigtsen-no.nix

@@ -1,96 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  users.users.www-kinealbrigtsen-no = {
-    isSystemUser = true;
-    group = "www-kinealbrigtsen-no";
-  };
-
-  users.groups.www-kinealbrigtsen-no = { };
-
-  services.mysql.ensureDatabases = [
-    "www_kinealbrigtsen_no"
-  ];
-  services.mysql.ensureUsers = [
-    {
-      name = "www-kinealbrigtsen-no";
-      ensurePermissions = {
-        # "www_kinealbrigtsen_no.*" = "ALL PRIVILEGES"; # For upgrades and special procedures
-        "www_kinealbrigtsen_no.*" = "SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER, INDEX";
-      };
-    }
-  ];
-
-  services.phpfpm.pools.www-kinealbrigtsen-no = {
-    user = "www-kinealbrigtsen-no";
-    group = "www-kinealbrigtsen-no";
-    phpOptions = lib.generators.toKeyValue {} {
-      upload_max_filesize = "1000M";
-      post_max_size = "1000M";
-      memory_limit = "1000M";
-    };
-
-    settings = {
-      "listen.owner" = config.services.nginx.user;
-      "listen.group" = config.services.nginx.group;
-      "pm" = "dynamic";
-      "pm.max_children" = 32;
-      "pm.start_servers" = 2;
-      "pm.min_spare_servers" = 2;
-      "pm.max_spare_servers" = 4;
-      "pm.process_idle_timeout" = "10s";
-      "pm.max_requests" = 1000;
-    };
-  };
-
-  services.nginx.virtualHosts."kinealbrigtsen.no" = {
-    serverAliases = [ "www.kinealbrigtsen.no" ];
-    root = "/var/www/www-kinealbrigtsen-no";
-    locations = {
-      "/".extraConfig = ''
-        try_files $uri $uri/ /index.php?$args;
-      '';
-
-      "~ \\.php$".extraConfig = ''
-        include ${config.services.nginx.package}/conf/fastcgi_params;
-
-        fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_pass unix:${config.services.phpfpm.pools.www-kinealbrigtsen-no.socket};
-      '';
-
-      "~ /\\.ht".extraConfig = ''
-        deny all;
-      '';
-
-      "/favicon.ico".extraConfig = ''
-        log_not_found off;
-        access_log off;
-      '';
-
-      "/robots.txt".extraConfig = ''
-        allow all;
-        log_not_found off;
-        access_log off;
-      '';
-
-      "~* \\.(js|css|png|jpg|jpeg|gif|ico)$".extraConfig =  ''
-        expires max;
-        log_not_found off;
-      '';
-    };
-    extraConfig = ''
-      index index.php index.html;
-      set_real_ip_from 192.168.11.0/24;
-      real_ip_header X-Forwarded-For;
-
-      add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-      add_header X-Frame-Options DENY;
-      add_header X-Content-Type-Options nosniff;
-    '';
-  };
-
-  # TODO:
-  # - Configure a mailer so wp_mail() works
-  # - Enable periodic backups
-}