stonehenge: remove host

hosts/stonehenge/default.nix

@@ -1,155 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, ... }:
-
-{
-  imports = [
-    # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-    ./gitlab-runner.nix
-    ./nebula-vpn.nix
-    ./vagrant.nix
-
-    ./gitlab-marge-bot.nix
-    ./renovate-bot.nix
-
-    ../../system/sops.nix
-    ../../system/nix.nix
-  ];
-
-  # Bootloader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  networking.hostName = "stonehenge"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
-
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-
-  # Enable networking
-  networking.networkmanager.enable = true;
-
-  # Set your time zone.
-  time.timeZone = "America/Sao_Paulo";
-
-  # Select internationalisation properties.
-  i18n.defaultLocale = "pt_BR.UTF-8";
-
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "pt_BR.UTF-8";
-    LC_IDENTIFICATION = "pt_BR.UTF-8";
-    LC_MEASUREMENT = "pt_BR.UTF-8";
-    LC_MONETARY = "pt_BR.UTF-8";
-    LC_NAME = "pt_BR.UTF-8";
-    LC_NUMERIC = "pt_BR.UTF-8";
-    LC_PAPER = "pt_BR.UTF-8";
-    LC_TELEPHONE = "pt_BR.UTF-8";
-    LC_TIME = "pt_BR.UTF-8";
-  };
-
-  # Enable the X11 windowing system.
-  # You can disable this if you're only using the Wayland session.
-  # services.xserver.enable = true;
-
-  # Enable the KDE Plasma Desktop Environment.
-  services.displayManager.sddm.enable = true;
-  services.desktopManager.plasma6.enable = true;
-
-  # Configure keymap in X11
-  services.xserver.xkb = {
-    layout = "us";
-    variant = "colemak";
-  };
-
-  # Enable CUPS to print documents.
-  services.printing.enable = true;
-
-  # Enable sound with pipewire.
-  services.pulseaudio.enable = false;
-  security.rtkit.enable = true;
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    alsa.support32Bit = true;
-    pulse.enable = true;
-    # If you want to use JACK applications, uncomment this
-    #jack.enable = true;
-
-    # use the example session manager (no others are packaged yet so this is enabled by default,
-    # no need to redefine it in your config for now)
-    #media-session.enable = true;
-  };
-
-  # Enable touchpad support (enabled default in most desktopManager).
-  # services.xserver.libinput.enable = true;
-
-  # Define a user account. Don't forget to set a password with ‘passwd’.
-  users.users.user = {
-    isNormalUser = true;
-    description = "user";
-    extraGroups = [
-      "networkmanager"
-      "wheel"
-      "libvirtd"
-      "kvm"
-    ];
-    packages = with pkgs; [
-      # kdePackages.kate
-      #  thunderbird
-    ];
-  };
-
-  security.sudo.wheelNeedsPassword = false;
-
-  virtualisation.virtualbox.host.enable = true;
-
-  virtualisation.libvirtd.enable = true;
-
-  # Install firefox.
-  programs.firefox.enable = true;
-
-  # # Allow unfree packages
-  # nixpkgs.config.allowUnfree = true;
-
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  environment.systemPackages = with pkgs; [
-    #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    #  wget
-    dnsmasq
-  ];
-
-  networking.firewall.trustedInterfaces = [ "virbr0" ];
-
-  # Some programs need SUID wrappers, can be configured further or are
-  # started in user sessions.
-  # programs.mtr.enable = true;
-  # programs.gnupg.agent = {
-  #   enable = true;
-  #   enableSSHSupport = true;
-  # };
-
-  # List services that you want to enable:
-
-  # Enable the OpenSSH daemon.
-  services.openssh.enable = true;
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It‘s perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "25.11"; # Did you read the comment?
-
-}

hosts/stonehenge/gitlab-marge-bot.nix

@@ -1,41 +0,0 @@
-{
-  config,
-  self,
-  pkgs,
-  ...
-}:
-
-let
-  s = config.sops.secrets;
-  cfg = config.services.marge-bot;
-
-  secretConfig = {
-    owner = cfg.user;
-    group = cfg.group;
-    sopsFile = ../../secrets/stonehenge/default.yaml;
-  };
-in
-{
-  services.marge-bot = {
-    enable = true;
-    package = self.packages.${pkgs.system}.marge-bot;
-    gitlabUrl = "https://gitlab.wopus.dev";
-    authTokenFile = s."gitlab-marge-bot/token".path;
-    sshKeyFile = s."gitlab-marge-bot/ssh-secret-key".path;
-    settings = {
-      ci-timeout = "60min";
-      add-part-of = true;
-      add-reviewers = true;
-      keep-reviewers = true;
-      keep-commits = true;
-      impersonate-approvers = true;
-
-      batch = true;
-      use-no-ff-batches = true;
-      skip-ci-batches = true;
-    };
-  };
-
-  sops.secrets."gitlab-marge-bot/token" = secretConfig;
-  sops.secrets."gitlab-marge-bot/ssh-secret-key" = secretConfig;
-}

hosts/stonehenge/gitlab-runner.nix

@@ -1,36 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}:
-let
-  inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
-in
-{
-  boot.kernel.sysctl."net.ipv4.ip_forward" = true;
-  virtualisation.docker.enable = true;
-  services.gitlab-runner = {
-    enable = true;
-    settings.concurrent = 1;
-    services = {
-      wopus-gitlab-nix = mkNixRunnerFull {
-        authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
-        # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
-        # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
-      };
-    };
-  };
-  systemd.services.gitlab-runner.serviceConfig.Nice = 10;
-
-  sops.secrets = {
-    "gitlab-runners/wopus-gitlab-nix" = {
-      sopsFile = ../../secrets/stonehenge/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pk" = {
-      sopsFile = ../../secrets/stonehenge/default.yaml;
-    };
-    "gitlab-runners/wopus-ssh-nix-cache-pub" = {
-      sopsFile = ../../secrets/stonehenge/default.yaml;
-    };
-  };
-}

hosts/stonehenge/hardware-configuration.nix

@@ -1,48 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  pkgs,
-  modulesPath,
-  ...
-}:
-
-{
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "usb_storage"
-    "usbhid"
-    "sd_mod"
-  ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-uuid/d22f00a1-af56-4468-a041-96523befe151";
-    fsType = "ext4";
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/FE31-5AA5";
-    fsType = "vfat";
-    options = [
-      "fmask=0077"
-      "dmask=0077"
-    ];
-  };
-
-  swapDevices = [
-    { device = "/dev/disk/by-uuid/533ceee7-721c-4bdc-9212-6043bf05b205"; }
-  ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}

hosts/stonehenge/nebula-vpn.nix

@@ -1,61 +0,0 @@
-{ pkgs, config, ... }:
-let
-  s = config.sops.secrets;
-
-  secretConfig = {
-    owner = "nebula-wopus";
-    group = "nebula-wopus";
-    restartUnits = [ "nebula@wopus.service" ];
-    sopsFile = ../../secrets/stonehenge/default.yaml;
-  };
-in
-{
-  environment.systemPackages = with pkgs; [ nebula ];
-
-  services.nebula.networks.wopus = {
-    enable = true;
-    isLighthouse = false;
-    lighthouses = [
-      "192.168.88.1"
-      "192.168.88.2"
-      "192.168.88.3"
-    ];
-    settings = {
-      cipher = "aes";
-    };
-    cert = s."nebula-wopus-vpn/stonehenge-crt".path;
-    key = s."nebula-wopus-vpn/stonehenge-key".path;
-    ca = s."nebula-wopus-vpn/ca-crt".path;
-    staticHostMap = {
-      "192.168.88.1" = [
-        "neubla-vpn.wopus.dev:4242"
-      ];
-      "192.168.88.2" = [
-        "82.25.77.78:4242"
-      ];
-      "192.168.88.3" = [
-        "72.60.60.221:4242"
-      ];
-    };
-    firewall.outbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-    firewall.inbound = [
-      {
-        host = "any";
-        port = "any";
-        proto = "any";
-      }
-    ];
-  };
-
-  sops.secrets = {
-    "nebula-wopus-vpn/ca-crt" = secretConfig;
-    "nebula-wopus-vpn/stonehenge-crt" = secretConfig;
-    "nebula-wopus-vpn/stonehenge-key" = secretConfig;
-  };
-}

hosts/stonehenge/renovate-bot.nix

@@ -1,49 +0,0 @@
-{ config, pkgs, ... }:
-let
-  cfg = config.services.renovate-bot;
-  s = config.sops.secrets;
-in
-{
-  services.renovate-bot = {
-    enable = true;
-    schedule = "*-*-* *:00:00";
-    logLevel = "info";
-
-    platform = "gitlab";
-    endpoint = "https://gitlab.wopus.dev/api/v4";
-    tokenFile = s."renovate-bot/token".path;
-    envFile = s."renovate-bot/env".path;
-
-    extraPackages = with pkgs; [
-      nodejs
-      rustc
-      cargo
-      php
-      phpPackages.composer
-    ];
-
-    settings = {
-      autodiscover = true;
-      labels = [ "renovate" ];
-      rebaseWhen = "conflicted";
-
-      cacheDir = "/var/lib/renovate-bot/cache";
-      persistRepoData = true;
-      prConcurrentLimit = 2;
-      branchConcurrentLimit = 2;
-    };
-  };
-
-  sops.secrets."renovate-bot/token" = {
-    owner = cfg.user;
-    group = cfg.group;
-    mode = "0400";
-    sopsFile = ../../secrets/stonehenge/default.yaml;
-  };
-  sops.secrets."renovate-bot/env" = {
-    owner = cfg.user;
-    group = cfg.group;
-    mode = "0400";
-    sopsFile = ../../secrets/stonehenge/default.yaml;
-  };
-}

hosts/stonehenge/vagrant.nix

@@ -1,57 +0,0 @@
-{ pkgs, ... }:
-let
-  vagrantScript = pkgs.writeScriptBin "vagrant-vnode-05" ''
-    #!${pkgs.bash}/bin/bash
-    set -euo pipefail
-
-    export PATH="${
-      pkgs.lib.makeBinPath (
-        with pkgs;
-        [
-          vagrant
-          curl
-          openssh
-          virtualbox
-        ]
-      )
-    }:$PATH"
-    export VNODE_NAME=vnode-05
-
-    cd /home/user/kubernetes-cluster/vnodes
-    exec ${pkgs.vagrant}/bin/vagrant up
-  '';
-in
-{
-  environment.systemPackages = with pkgs; [
-    vagrant
-    curl
-    openssh
-  ];
-
-  users.users.user.extraGroups = [ "vboxusers" ];
-
-  systemd.services.vagrant-vnode-05 = {
-    description = "Vagrant vnode-05 service";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-      ExecStart = "${vagrantScript}/bin/vagrant-vnode-05";
-      User = "user";
-      WorkingDirectory = "/home/user/kubernetes-cluster/vnodes";
-      Environment = "PATH=${
-        pkgs.lib.makeBinPath (
-          with pkgs;
-          [
-            vagrant
-            curl
-            openssh
-            virtualbox
-          ]
-        )
-      }:$PATH";
-    };
-    wantedBy = [ "multi-user.target" ];
-  };
-}