Cleanup

2025-10-15 22:24:37 -07:00 · 2025-10-15 22:24:37 -07:00 · e9cdacbfc8
commit e9cdacbfc8
parent 70f0c6118e
20 changed files with 142 additions and 310 deletions
--- a/linux/nebula/conduit.nix
+++ b/linux/nebula/conduit.nix
@ -4,15 +4,6 @@
    settings.global = {
      address = wildcard;
      port = port.conduit;
-      # TODO: Use secret file when possible
-      turn_secret = "84EoJSEVnlH@eiqqV7K!2vmAr^G";
-      turn_uris = let
-        coturn-realm = "turn.${domain}";
-      in [
-        "turn:${coturn-realm}:${toString port.coturn-tls}?transport=udp"
-        "turn:${coturn-realm}:${toString port.coturn-tls}?transport=tcp"
-      ];
-      turn_user_lifetime = "1h";
      server_name = domain;
    };
  };
--- a/linux/nebula/configuration.nix
+++ b/linux/nebula/configuration.nix
@ -1,16 +1,17 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).
-{...}: {
+{pkgs, ...}: {
  # Configure boot loader
-  boot.loader = {
-    efi.canTouchEfiVariables = true;
-    systemd-boot.enable = true;
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+    tmp.cleanOnBoot = true;
  };

-  # Set your time zone.
-  time.timeZone = "America/Los_Angeles";
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
--- a/linux/nebula/hardware-configuration.nix
+++ b/linux/nebula/hardware-configuration.nix
@ -4,7 +4,6 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
--- a/linux/nebula/zfs.nix
+++ b/linux/nebula/zfs.nix
@ -1,5 +1,8 @@
-{...}: {
-  boot.loader.grub.zfsSupport = true;
+{pkgs, ...}: {
+  boot = {
+    loader.grub.zfsSupport = true;
+    zfs.package = pkgs.zfs_unstable;
+  };

  services.zfs = {
    autoScrub.enable = true;
--- a/linux/protostar/configuration.nix
+++ b/linux/protostar/configuration.nix
@ -3,9 +3,13 @@
 # and in the NixOS manual (accessible by running `nixos-help`).
 {...}: {
  # Configuration boot
-  boot.loader = {
-    efi.canTouchEfiVariables = true;
-    systemd-boot.enable = true;
+  boot = {
+    loader = {
+      efi.canTouchEfiVariables = true;
+      systemd-boot.enable = true;
+    };
+
+    tmp.cleanOnBoot = true;
  };

  # Change secrets file
@ -14,9 +18,6 @@
  # Disable sudo password
  security.sudo.wheelNeedsPassword = false;

-  # Set timezone automatically
-  services.automatic-timezoned.enable = true;
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
--- a/linux/protostar/hardware-configuration.nix
+++ b/linux/protostar/hardware-configuration.nix
@ -4,7 +4,6 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
@ -13,9 +12,7 @@
  ];

  boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
-  boot.initrd.kernelModules = [];
  boot.kernelModules = ["kvm-amd"];
-  boot.extraModulePackages = [];

  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
--- a/linux/quasar/configuration.nix
+++ b/linux/quasar/configuration.nix
@ -4,6 +4,7 @@
 {pkgs, ...}: {
  # Configure boot
  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
    initrd.systemd.enable = true;
    loader = {
      efi.canTouchEfiVariables = true;
@ -23,6 +24,7 @@
      theme = "target_2";
      themePackages = [pkgs.adi1090x-plymouth-themes];
    };
+    tmp.cleanOnBoot = true;
  };

  # This option defines the first version of NixOS you have installed on this particular machine,
--- a/linux/quasar/device.nix
+++ b/linux/quasar/device.nix
@ -5,9 +5,6 @@
 }: let
  userName = config.constants.userName;
 in {
-  # TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
-  boot.kernelModules = ["xpad"];
-
  hardware = {
    bluetooth.enable = true;
    graphics = {
@ -28,7 +25,6 @@ in {
  security.rtkit.enable = true;

  services = {
-    automatic-timezoned.enable = true;
    avahi = {
      enable = true;
      nssmdns4 = true;
@ -45,13 +41,7 @@ in {
      pulse.enable = true;
    };
    printing.enable = true;
-    udev = {
-      packages = [pkgs.via];
-      # TODO: Remove this when apex 5 works out of the box: https://github.com/paroj/xpad/pull/328
-      extraRules = ''
-        ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="37d7", ATTRS{idProduct}=="2501", RUN+="${pkgs.bash}/bin/bash -c 'echo 37d7 2501 > /sys/bus/usb/drivers/xpad/new_id'"
-      '';
-    };
+    udev.packages = [pkgs.via];
  };

  users.users.${userName}.extraGroups = ["adbusers" "cdrom" "docker"];
--- a/linux/quasar/hardware-configuration.nix
+++ b/linux/quasar/hardware-configuration.nix
@ -4,7 +4,6 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
--- a/linux/quasar/zfs.nix
+++ b/linux/quasar/zfs.nix
@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  ...
 }: {
  boot = {
@ -8,6 +9,7 @@
    zfs = {
      extraPools = ["zarchive"];
      requestEncryptionCredentials = ["zactive/main"];
+      package = pkgs.zfs_unstable;
    };
  };

--- a/linux/singularity/caddy.nix
+++ b/linux/singularity/caddy.nix
@ -69,10 +69,7 @@ with config.constants; {
          }
        '';
      }
-      // (acme [
-        config.mailserver.fqdn
-        config.services.coturn.realm
-      ]);
+      // (acme [config.mailserver.fqdn]);
  };

  security.acme = {
--- a/linux/singularity/configuration.nix
+++ b/linux/singularity/configuration.nix
@ -1,7 +1,8 @@
-{...}: {
+{pkgs, ...}: {
  boot = {
-    tmp.cleanOnBoot = true;
+    kernelPackages = pkgs.linuxPackages_latest;
    loader.grub.device = "/dev/sda";
+    tmp.cleanOnBoot = true;
  };

  constants.sopsFile = ../../common/auths.yaml;
--- a/linux/singularity/coturn.nix
+++ b/linux/singularity/coturn.nix
@ -1,20 +0,0 @@
-{config, ...}:
-with config.constants; let
-  acmeDir = config.security.acme.certs.${coturn-realm}.directory;
-  coturn-realm = "turn.${domain}";
-in {
-  services.coturn = {
-    enable = true;
-    cert = "${acmeDir}/fullchain.pem";
-    listening-port = port.coturn;
-    min-port = port.coturn-relay-udp-min;
-    max-port = port.coturn-relay-udp-max;
-    pkey = "${acmeDir}/key.pem";
-    realm = coturn-realm;
-    static-auth-secret-file = config.sops.secrets.coturn.path;
-    tls-listening-port = port.coturn-tls;
-    use-auth-secret = true;
-  };
-
-  sops.secrets.coturn.owner = "turnserver";
-}
--- a/linux/singularity/default.nix
+++ b/linux/singularity/default.nix
@ -4,7 +4,6 @@
    ../../common
    ./caddy.nix
    ./configuration.nix
-    ./coturn.nix
    ./hardware-configuration.nix
    ./headscale.nix
    ./mailserver.nix
--- a/linux/singularity/hardware-configuration.nix
+++ b/linux/singularity/hardware-configuration.nix
@ -4,23 +4,11 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
  imports = [(modulesPath + "/profiles/qemu-guest.nix")];

-  # boot.initrd.availableKernelModules =
-  #   [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
-  # boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-
-  # fileSystems."/" = {
-  #   device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
-  #   fsType = "ext4";
-  # };
-
  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
  boot.initrd.kernelModules = ["nvme"];
  fileSystems."/" = {
@ -28,8 +16,6 @@
    fsType = "ext4";
  };

-  swapDevices = [];
-
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction