Cleanup

2025-10-15 22:24:37 -07:00 · 2025-10-15 22:24:37 -07:00 · e9cdacbfc8
commit e9cdacbfc8
parent 70f0c6118e
20 changed files with 142 additions and 310 deletions
--- a/linux/singularity/caddy.nix
+++ b/linux/singularity/caddy.nix
@ -69,10 +69,7 @@ with config.constants; {
          }
        '';
      }
-      // (acme [
-        config.mailserver.fqdn
-        config.services.coturn.realm
-      ]);
+      // (acme [config.mailserver.fqdn]);
  };

  security.acme = {
--- a/linux/singularity/configuration.nix
+++ b/linux/singularity/configuration.nix
@ -1,7 +1,8 @@
-{...}: {
+{pkgs, ...}: {
  boot = {
-    tmp.cleanOnBoot = true;
+    kernelPackages = pkgs.linuxPackages_latest;
    loader.grub.device = "/dev/sda";
+    tmp.cleanOnBoot = true;
  };

  constants.sopsFile = ../../common/auths.yaml;
--- a/linux/singularity/coturn.nix
+++ b/linux/singularity/coturn.nix
@ -1,20 +0,0 @@
-{config, ...}:
-with config.constants; let
-  acmeDir = config.security.acme.certs.${coturn-realm}.directory;
-  coturn-realm = "turn.${domain}";
-in {
-  services.coturn = {
-    enable = true;
-    cert = "${acmeDir}/fullchain.pem";
-    listening-port = port.coturn;
-    min-port = port.coturn-relay-udp-min;
-    max-port = port.coturn-relay-udp-max;
-    pkey = "${acmeDir}/key.pem";
-    realm = coturn-realm;
-    static-auth-secret-file = config.sops.secrets.coturn.path;
-    tls-listening-port = port.coturn-tls;
-    use-auth-secret = true;
-  };
-
-  sops.secrets.coturn.owner = "turnserver";
-}
--- a/linux/singularity/default.nix
+++ b/linux/singularity/default.nix
@ -4,7 +4,6 @@
    ../../common
    ./caddy.nix
    ./configuration.nix
-    ./coturn.nix
    ./hardware-configuration.nix
    ./headscale.nix
    ./mailserver.nix
--- a/linux/singularity/hardware-configuration.nix
+++ b/linux/singularity/hardware-configuration.nix
@ -4,23 +4,11 @@
 {
  config,
  lib,
-  pkgs,
  modulesPath,
  ...
 }: {
  imports = [(modulesPath + "/profiles/qemu-guest.nix")];

-  # boot.initrd.availableKernelModules =
-  #   [ "ata_piix" "virtio_pci" "virtio_scsi" "sd_mod" ];
-  # boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-
-  # fileSystems."/" = {
-  #   device = "/dev/disk/by-uuid/6d3bf8cd-1996-45fb-";
-  #   fsType = "ext4";
-  # };
-
  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
  boot.initrd.kernelModules = ["nvme"];
  fileSystems."/" = {
@ -28,8 +16,6 @@
    fsType = "ext4";
  };

-  swapDevices = [];
-
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction