tidy a bit

author: andromeda <andromeda@lenovo> 2026-04-03 21:26:04 +0200
committer: andromeda <andromeda@lenovo> 2026-04-03 21:26:04 +0200
commit: 2ef56f1479e8b64fc656b29e89fbdec3969c8078 (patch)
tree: a858066f1122bc436c84ca63ed37f01761289bba /modules
parent: de1879b9a0b9a412068785d81cc17bbf947d0eef (diff)
9 files changed, 35 insertions, 192 deletions
diff --git a/modules/nixos/boot/109-199-104-83.nix b/modules/nixos/boot/109-199-104-83.nix
deleted file mode 100644
index 4854826..0000000
--- a/modules/nixos/boot/109-199-104-83.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-  boot.loader.grub = {
-    efiSupport = true;
-    efiInstallAsRemovable = true;
-  };
-  age.identityPaths = [
-    "/persist/etc/ssh/ssh_host_ed25519_key"
-  ];
-}
diff --git a/modules/nixos/disko/remote.nix b/modules/nixos/disko/remote.nix
deleted file mode 100644
index 0b2e726..0000000
--- a/modules/nixos/disko/remote.nix
+++ /dev/null
@@ -1,64 +0,0 @@
-{
-  disko.devices = {
-    disk = {
-      disk1 = {
-        device = "/dev/sda";
-        type = "disk";
-        content = {
-          type = "gpt";
-          partitions = {
-            # legacy boot
-            boot = {
-              name = "boot";
-              size = "1M";
-              type = "EF02";
-            };
-
-            # efi boot
-            esp = {
-              name = "ESP";
-              size = "512M";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-              };
-            };
-
-            # btrfs
-            # root is on nodev
-            root = {
-              size = "100%";
-              content = {
-                extraArgs = ["-f"]; # internet told me to, works
-                type = "btrfs";
-                subvolumes = {
-                  # nix store
-                  "/nix" = {
-                    mountpoint = "/nix";
-                  };
-
-                  # persistant directory
-                  "/persist" = {
-                    mountpoint = "/persist";
-                  };
-                };
-              };
-            };
-          };
-        };
-      };
-    };
-    nodev = {
-      # root
-      "/" = {
-        fsType = "tmpfs";
-        mountOptions = [
-          "defaults"
-          "mode=755" # stops security complaints
-        ];
-      };
-    };
-  };
-}
diff --git a/modules/nixos/machines/109-199-104-83.nix b/modules/nixos/machines/109-199-104-83.nix
index 998001c..e870690 100644
--- a/modules/nixos/machines/109-199-104-83.nix
+++ b/modules/nixos/machines/109-199-104-83.nix
@@ -1,25 +1,39 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+{modulesPath, ...}: {
+  system.stateVersion = "25.11";
+  nix.settings.experimental-features = "flakes nix-command";
 
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
+  # Hardware
+  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+  fileSystems."/" = {
+    device = "/dev/sda1";
+    fsType = "ext4";
+  };
+  boot.loader.grub.device = "/dev/sda";
+  boot.loader.timeout = 30;
+  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
+  boot.initrd.kernelModules = ["nvme"];
+  boot.tmp.cleanOnBoot = true;
 
-  swapDevices = [];
+  zramSwap.enable = true;
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-
-  system.stateVersion = "26.05";
+  # Networking
+  networking = {
+    useNetworkd = true;
+    usePredictableInterfaceNames = true;
+  };
+  systemd.network = {
+    enable = true;
+    networks."40-wan" = {
+      matchConfig.Name = "enx0050565f4fff";
+      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
+      routes = [
+        {
+          Gateway = "109.199.96.1";
+          GatewayOnLink = true;
+        }
+        {Gateway = "fe80::1";}
+      ];
+      dns = ["2020:fe::10" "9.9.9.10"];
+    };
+  };
 }
diff --git a/modules/nixos/mailserver.nix b/modules/nixos/mailserver.nix
index 500fea3..eb4d45d 100644
--- a/modules/nixos/mailserver.nix
+++ b/modules/nixos/mailserver.nix
@@ -51,15 +51,4 @@
     acceptTerms = true;
     defaults.email = "mtgmonket@gmail.com";
   };
-
-  # persist directories per the backup guidelines
-  environment.persistence."/persist" = {
-    directories = [
-      # not needed bc the dkim dir is declared
-      # "/var/dkim"
-      "/var/vmail"
-      "/var/lib/redis-rspamd"
-      "/var/lib/acme"
-    ];
-  };
 }
diff --git a/modules/nixos/matrix-continuwuity.nix b/modules/nixos/matrix-continuwuity.nix
deleted file mode 100644
index 2b9a785..0000000
--- a/modules/nixos/matrix-continuwuity.nix
+++ /dev/null
@@ -1,26 +0,0 @@
-{config, ...}: {
-  services = {
-    matrix-continuwuity = {
-      enable = true;
-      settings = {
-        global = {
-          server_name = "${config.networking.domain}";
-          address = ["127.0.0.1"];
-          port = [6167];
-          well_known = {
-            server = "matrix.${config.networking.domain}";
-            client = "https://matrix.${config.networking.domain}";
-          };
-        };
-      };
-    };
-
-    nginx = {
-      upstreams.matrix.servers."127.0.0.1:6167" = {};
-      virtualHosts = {
-        "matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
-        "${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
-      };
-    };
-  };
-}
diff --git a/modules/nixos/networking/hard-ssh.nix b/modules/nixos/networking/hard-ssh.nix
index 849af9b..11a9ea0 100644
--- a/modules/nixos/networking/hard-ssh.nix
+++ b/modules/nixos/networking/hard-ssh.nix
@@ -4,7 +4,6 @@
     allowSFTP = false;
     ports = [5522];
     settings = {
-      PermitRootLogin = "no";
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = true;
     };
diff --git a/modules/nixos/networking/networks/109-199-104-83.nix b/modules/nixos/networking/networks/109-199-104-83.nix
deleted file mode 100644
index 9064e2f..0000000
--- a/modules/nixos/networking/networks/109-199-104-83.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{
-  networking = {
-    useNetworkd = true;
-    hostName = "109-199-104-83";
-    firewall = {
-      enable = true;
-      allowedTCPPorts = [80 443];
-      allowedUDPPorts = [80 443];
-    };
-  };
-
-  # the following is from nixos-bite
-
-  # netif=$(ip -6 route show default | sed -r 's|.*default.+?dev ([a-z0-9]+).*|\1|' | head -n1)
-  # netifx=enx$(ip link show dev "$netif" | grep link/ether | sed -r 's|.*link/ether ([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}):([a-f0-9]{2}).*|\1\2\3\4\5\6|')
-  # netip6=$(ip -6 address show dev "$netif" scope global | sed -z -r 's|.*inet6 ([0-9a-f:]+)/([0-9]+).*|"\1/\2"|')
-  # netgw6=$(ip -6 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9a-f:]+).*|"\1"|' | head -n1)
-  # netip4=$(ip -4 address show dev "$netif" scope global | sed -z -r 's|.*inet ([0-9.]+)/([0-9]+).*|"\1/\2"|')
-  # netgw4=$(ip -4 route show dev "$netif" default | sed -r 's|.*default.+?via ([0-9.]+).*|"\1"|' | head -n1)
-
-  # route=""
-  # [[ -n "${netgw4}" ]] && route="$route { Gateway = $netgw4; GatewayOnLink = true; }"
-  # [[ -n "${netgw6}" ]] && route="$route { Gateway = $netgw6; }"
-
-  # dns='"2620:fe::fe" "9.9.9.9"'
-
-  #  systemd.network = {
-  #    enable = true;
-  #    networks."40-wan" = {
-  #      matchConfig.name = "enx0050565f4fff";
-  #      address = ["2a02:c207:2299:8419::1/64" "109.199.104.83/20"];
-  #      routes = [
-  #        {
-  #          Gateway = ["109.199.96.1" "fe80::1"];
-  #          GatewayOnLink = true;
-  #        }
-  #      ];
-  #      dns = ["9.9.9.9" "2620:fe::fe"];
-  #    };
-  #  };
-  services.cloud-init = {
-    enable = true;
-    network.enable = true;
-  };
-}
diff --git a/modules/nixos/openvpn-client.nix b/modules/nixos/openvpn-client.nix
deleted file mode 100644
index c68130f..0000000
--- a/modules/nixos/openvpn-client.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{
-  services.openvpn.servers = {
-    "173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
-  };
-  environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
-
-  # turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
-  #  networking.enableIPv6 = lib.mkForce false;
-  # workaround; NetworkManager reenables ipv6 without the following
-  #  boot.kernelParams = ["ipv6.disable=1"];
-}
diff --git a/modules/nixos/roundcube.nix b/modules/nixos/roundcube.nix
index f076ece..0749af5 100644
--- a/modules/nixos/roundcube.nix
+++ b/modules/nixos/roundcube.nix
@@ -9,8 +9,4 @@
       $config['smtp_pass'] = "%p";
     '';
   };
-  environment.persistence."/persist".directories = [
-    "/var/lib/roundcube"
-    "/var/lib/postgresql"
-  ];
 }
author	andromeda <andromeda@lenovo>	2026-04-03 21:26:04 +0200
committer	andromeda <andromeda@lenovo>	2026-04-03 21:26:04 +0200
commit	2ef56f1479e8b64fc656b29e89fbdec3969c8078 (patch)
tree	a858066f1122bc436c84ca63ed37f01761289bba /modules
parent	de1879b9a0b9a412068785d81cc17bbf947d0eef (diff)