diff --git a/.sops.yaml b/.sops.yaml index d72a625..b93a6e2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,7 +4,6 @@ keys: - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw - &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y - - &stonehenge-ssh age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini|gpg)$ @@ -36,10 +35,3 @@ creation_rules: age: - *lelgenio-ssh - *phantom-ssh - - path_regex: secrets/stonehenge/[^/]+\.(yaml|json|env|ini|gpg)$ - key_groups: - - pgp: - - *lelgenio-gpg - age: - - *lelgenio-ssh - - *stonehenge-ssh diff --git a/flake.nix b/flake.nix index 250b02b..8fc0636 100644 --- a/flake.nix +++ b/flake.nix @@ -187,14 +187,6 @@ ./hosts/phantom ]; }; - stonehenge = lib.nixosSystem { - inherit system specialArgs; - modules = [ - { nixpkgs.pkgs = pkgs; } - ./hosts/stonehenge - inputs.sops-nix.nixosModules.default - ]; - }; }; homeConfigurations.lelgenio = inputs.home-manager.lib.homeManagerConfiguration { diff --git a/hosts/stonehenge/default.nix b/hosts/stonehenge/default.nix deleted file mode 100644 index 3c80bd4..0000000 --- a/hosts/stonehenge/default.nix +++ /dev/null @@ -1,138 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, ... }: - -{ - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./gitlab-runner.nix - ]; - - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "stonehenge"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Enable networking - networking.networkmanager.enable = true; - - # Set your time zone. - time.timeZone = "America/Sao_Paulo"; - - # Select internationalisation properties. - i18n.defaultLocale = "pt_BR.UTF-8"; - - i18n.extraLocaleSettings = { - LC_ADDRESS = "pt_BR.UTF-8"; - LC_IDENTIFICATION = "pt_BR.UTF-8"; - LC_MEASUREMENT = "pt_BR.UTF-8"; - LC_MONETARY = "pt_BR.UTF-8"; - LC_NAME = "pt_BR.UTF-8"; - LC_NUMERIC = "pt_BR.UTF-8"; - LC_PAPER = "pt_BR.UTF-8"; - LC_TELEPHONE = "pt_BR.UTF-8"; - LC_TIME = "pt_BR.UTF-8"; - }; - - # Enable the X11 windowing system. - # You can disable this if you're only using the Wayland session. - # services.xserver.enable = true; - - # Enable the KDE Plasma Desktop Environment. - services.displayManager.sddm.enable = true; - services.desktopManager.plasma6.enable = true; - - # Configure keymap in X11 - services.xserver.xkb = { - layout = "us"; - variant = "colemak"; - }; - - # Enable CUPS to print documents. - services.printing.enable = true; - - # Enable sound with pipewire. - services.pulseaudio.enable = false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - - # use the example session manager (no others are packaged yet so this is enabled by default, - # no need to redefine it in your config for now) - #media-session.enable = true; - }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.user = { - isNormalUser = true; - description = "user"; - extraGroups = [ - "networkmanager" - "wheel" - ]; - packages = with pkgs; [ - # kdePackages.kate - # thunderbird - ]; - }; - - security.sudo.wheelNeedsPassword = false; - - # Install firefox. - programs.firefox.enable = true; - - # # Allow unfree packages - # nixpkgs.config.allowUnfree = true; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "25.11"; # Did you read the comment? - -} diff --git a/hosts/stonehenge/gitlab-runner.nix b/hosts/stonehenge/gitlab-runner.nix deleted file mode 100644 index 65498fc..0000000 --- a/hosts/stonehenge/gitlab-runner.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull; -in -{ - boot.kernel.sysctl."net.ipv4.ip_forward" = true; - virtualisation.docker.enable = true; - services.gitlab-runner = { - enable = true; - settings.concurrent = 4; - services = { - wopus-gitlab-nix = mkNixRunnerFull { - authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path; - # nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path; - # nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path; - }; - }; - }; - systemd.services.gitlab-runner.serviceConfig.Nice = 10; - - sops.secrets = { - "gitlab-runners/wopus-gitlab-nix" = { - sopsFile = ../../secrets/stonehenge/default.yaml; - }; - "gitlab-runners/wopus-ssh-nix-cache-pk" = { - sopsFile = ../../secrets/stonehenge/default.yaml; - }; - "gitlab-runners/wopus-ssh-nix-cache-pub" = { - sopsFile = ../../secrets/stonehenge/default.yaml; - }; - }; -} diff --git a/hosts/stonehenge/hardware-configuration.nix b/hosts/stonehenge/hardware-configuration.nix deleted file mode 100644 index 192dd20..0000000 --- a/hosts/stonehenge/hardware-configuration.nix +++ /dev/null @@ -1,48 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/d22f00a1-af56-4468-a041-96523befe151"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/FE31-5AA5"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/533ceee7-721c-4bdc-9212-6043bf05b205"; } - ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/secrets/stonehenge/default.yaml b/secrets/stonehenge/default.yaml deleted file mode 100644 index b8310ab..0000000 --- a/secrets/stonehenge/default.yaml +++ /dev/null @@ -1,44 +0,0 @@ -gitlab-runners: - wopus-gitlab-nix: ENC[AES256_GCM,data:u+FYWx3yluA+zFk8VV7RB4TW1AP81K8Ntgd7QDHwb2w0bzQH7URmfF1PrQgZGu/r5Q4zOFgmyUkL6EML9KFFu+3QpilIOTXitiEoi/McOn0DnAOTLhW1Fbg42jKd3gTU9OyLDijlQs3ktyRRSg+1TIEsYNc=,iv:LjRyav0YVKtG79roC8KRS99cVVfu8IJRpAQ9w79PFa0=,tag:K2rjIn823sER+zHezFyAZw==,type:str] - wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:hAAMdGvTduLQe+e6g0BVrvDATsVuRX5LxLQA2LqFPrdeNVPNzlWt5dNY4PjDuGKKeOyIjfTP2a4R2tLhjzQzSmoUZZVCEijohIsoDLbTfXgDDSOwXiTTr2nj3Hw4+TiuMH/VRgpIzZVjJSweuDK2UmwhbJ3wtahE7iNYD0gZet9Ibnu3iHVW4NdZs0K9joVxJoAaY8ZQi95QC0NYV/8RZ3GQFm2sQK/I1XKEAZGZ9GK5TbRUxGh3HihX68xsxBv5avpXwURp4K/CXW6VCyhAiU21+kpTPxV1x6ZiUfmPqDUmqqV57HL6+z1g6bLb+XGBNU15L0xqItmGpc3ENV2MpTP79MXA8C2eXgkBr0ylnsoFjlrkff+oJbDtHUkWaRHEQvkQtD3JKPgi97PtuBt0qWlpXRsCXnKwH565pfgKu6SGZHZ+VHpAGI3fjtroLhnoCeV6tBpibHk/ADr826IicVJWAVzxTSRfiMA7o4wji7MJxLYf2p3PRixSpQ9oXCsUPykQ1a2jfDs+J0ov+p0u,iv:AXNYaZS6fGz/Jr2zNhvmKOYKj010wtwcatItB8hRs+c=,tag:DixvP6ZaqX9l8Z8KegkvUw==,type:str] - wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:5G+qIs/J8mwZxGyWkK0nts9E+iqbCe8Or4C4+HHuSr3dyJTmKxmA3a+DpxmbyQ0IKjKQgiz+uJbbRGR7ptzmJr7JvpNhaJO2/CR3MKvsoCpmgynenO2QIqsEidU1h1gqMV6OEDI3pDY3OE6K2M8D2jdYLqMXo5RRa7emEQhXhdQZ98OFgVrLFtrB72Fi/rTJE/tP,iv:JAopM5dwItYl68GDAQublg+C1S0Md3S3G/7GJ11azxQ=,tag:WAqEju2azXgerpIBrk+krw==,type:str] -sops: - age: - - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWXZkSWUwZ0t0ekhBckxS - M0lIQ1FpWkY2dXhTVmZuYjJxeXhQSW85Ulg0Cm9GV1BqS29wU2FkaEVzazcwbCs1 - Zy9tV0ZxcFBwbFFaMzRwUWFHWUZadDAKLS0tIFdoMkVkZitjNmJhTUVMUjBQdjdi - TjFMZnZDelY2NWtwd1dETFUrUE44eGsKdRVF1QWlhO3obls8Fm+PSs/yzJOUbQ80 - GoWMqeD8qPVhO99Cy9DT0GWOk3DJQNQ55I7w6ctrhJ3XuZHzTyAqlg== - -----END AGE ENCRYPTED FILE----- - - recipient: age13y65zemwlfnf5pszspeh87utv5jrfm35varxjdsh78xhfhs7la3scm9l9g - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5TEIyU1dtK0ZWQmJLY0Z0 - cThwbTdmUkF5ZGgraFBSMjZRUmpiSkxZUFdJCnhBTDd2THlmczk1SE1qZ2VnRk5a - ejZGY2U1L1IxZ3BrdURNTURwRUJCaWsKLS0tIFdEUW5Kcmw5eGE5cFJYejRXTDYr - dC9MaDUvcG96djVFU1Fpb1NKZThNaUEKkxPikf5+veTmrXHU4sxtJO/LsQ3YB4j+ - vkIWWw4qV8zRrh+XxFXrFUURhDp11m/nlpzPERxjNzRs13VS2tXTrw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-01T21:41:02Z" - mac: ENC[AES256_GCM,data:VItjDJ1zVRc8qGty9651o1ZlHjPne98JrKeUT/2WAElK+A29IY+UVIlUtooOwwvSPC7kphoGfFSYK5+4emd4EyVbWovPyeYp04tV5/JGdj/3cVaSiXCD3HPM/v2BeiDy3aDAkaqeIg54PueddiSVU0snobCWB2/+DXU8Xly/+sM=,iv:x/3nXue1HkeZt9hKqk2Y9ciU2GK0Bbcp5zcJQdAiO58=,tag:OCKaxQQfTgfVvzYgqaqvsA==,type:str] - pgp: - - created_at: "2026-01-01T21:36:47Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQEMAzy6JxafzLr5AQf+I8mDQ00zcPxP4GJh5ldaVJSZ95OF7Pk0TmNmtQLaBHqE - Gj8MPa3CE8MyZBtFrWjt52yKcg0wIznd1Uo0HGteW2cMxGezCqioTIqNgXSQ+h/V - T751kH0MBOVscJUoEx3D7sdCsvk70WwnN2FdkFpA1NIDqsoHCT4MXGzcAMVTv/+K - Y630VFguV0Fcmy16Kry1EFVDSorio6BxwBnK2PG/uAQOEjTA8fLTVutc+h7glqjU - iiNPsv6MtB5gTp/Q+IPHgGmPpyCP2vN7i0ArVNFRQ2tf9tIeo/5FfgmWCH8CTcr5 - deK/UPwJ3u2o4OsVLQryx9TBVnBcFG31f+/kwIG4CNJcAZxl1w0DbS+zHtIu1Bo5 - oRAxj00EeM8Vp7FFA70Z38HSzFyvawomSrtzRNhRPoLOPemG59WH4621BL1HC9Rz - 8lhSEVRdw/BjmtNRRcLsw9NrAjGsHkkhkEluY1U= - =bhCO - -----END PGP MESSAGE----- - fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B - unencrypted_suffix: _unencrypted - version: 3.11.0