all: remove peerix

2024-05-15 06:45:04 -06:00 · 2024-05-15 06:45:04 -06:00 · a7966dfd24
commit a7966dfd24
parent aa4e1d264a
7 changed files with 1 additions and 165 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@ -13,7 +13,6 @@
    ./neovim.nix
    ./net-overlay.nix
    ./nix.nix
-    ./peerix.nix
    ./polybar.nix
    ./tmux.nix
    ./update.nix
--- a/configs/peerix.nix
+++ b/configs/peerix.nix
@ -1,67 +0,0 @@
-{ config
-, lib
-, pkgs
-, ...
-}:
-with lib; {
-  options = {
-    tsPeerix = {
-      enable = mkOption {
-        description = "Enable peerix";
-        default = false;
-        example = true;
-        type = lib.types.bool;
-      };
-      privateKeyFile = mkOption {
-        description = "Private key file for signing";
-        default = "";
-        example = "./private_key";
-        type = lib.types.path;
-      };
-      interfaces = mkOption {
-        description = "Interfaces to allow peerix to listen on.";
-        type = types.listOf types.str;
-        default = [ "tailscale0" ];
-      };
-    };
-  };
-
-  config = mkIf config.tsPeerix.enable {
-    users.groups.peerix = { name = "peerix"; };
-    users.users.peerix = {
-      name = "peerix";
-      group = "peerix";
-      isSystemUser = true;
-    };
-
-    nix.settings.allowed-users = [ "peerix" ];
-
-    services = {
-      zerotierone = {
-        enable = true;
-        joinNetworks = [ "db64858fedd3b256" ];
-      };
-
-      peerix = {
-        enable = true;
-        openFirewall = false;
-        user = "peerix";
-        group = "peerix";
-        privateKeyFile = "${config.tsPeerix.privateKeyFile}";
-        publicKeyFile = ./peerix.pubs;
-      };
-    };
-
-    environment.systemPackages = [ pkgs.zerotierone ];
-
-    networking.firewall.interfaces = listToAttrs (flatten (map
-      (i: {
-        name = i;
-        value = {
-          allowedUDPPorts = [ 12304 ];
-          allowedTCPPorts = [ 12304 ];
-        };
-      })
-      config.tsPeerix.interfaces));
-  };
-}
--- a/configs/peerix.pubs
+++ b/configs/peerix.pubs
@ -1 +0,0 @@
-peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs= peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=
--- a/flake.lock
+++ b/flake.lock
@ -82,22 +82,6 @@
      }
    },
    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1627913399,
-        "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_2": {
      "flake": false,
      "locked": {
        "lastModified": 1668681692,
@ -131,21 +115,6 @@
        "type": "github"
      }
    },
-    "flake-utils_2": {
-      "locked": {
-        "lastModified": 1634851050,
-        "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "gostart": {
      "inputs": {
        "nixpkgs": [
@ -294,28 +263,6 @@
        "type": "indirect"
      }
    },
-    "peerix": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils_2",
-        "nixpkgs": [
-          "stable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1661429880,
-        "narHash": "sha256-7/m468XZW82O7KhDtRdQ7RnPsh83+tA8N4U0FncFo1U=",
-        "owner": "cid-chan",
-        "repo": "peerix",
-        "rev": "32cd1b098b83c90726848bd6726f74e72c557abb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cid-chan",
-        "repo": "peerix",
-        "type": "github"
-      }
-    },
    "po": {
      "inputs": {
        "nixpkgs": [
@ -387,7 +334,6 @@
        "mcchunkie": "mcchunkie",
        "microca": "microca",
        "nixos-hardware": "nixos-hardware",
-        "peerix": "peerix",
        "po": "po",
        "pots": "pots",
        "pr-status": "pr-status",
@ -406,7 +352,7 @@
    "simple-nixos-mailserver": {
      "inputs": {
        "blobs": "blobs",
-        "flake-compat": "flake-compat_2",
+        "flake-compat": "flake-compat",
        "nixpkgs": [
          "stable"
        ],
--- a/flake.nix
+++ b/flake.nix
@ -100,11 +100,6 @@
      url = "github:qbit/gqrss";
      flake = false;
    };
-
-    peerix = {
-      url = "github:cid-chan/peerix";
-      inputs.nixpkgs.follows = "stable";
-    };
  };

  outputs =
@ -113,7 +108,6 @@
    , gostart
    , mcchunkie
    , kogs
-    , peerix
    , po
    , pots
    , pr-status
@ -152,8 +146,6 @@

          xin-secrets.nixosModules.sops
          xin-secrets.nixosModules.xin-secrets
-
-          peerix.nixosModules.peerix
        ];
      };

@ -163,7 +155,6 @@
        inputs.mcchunkie.overlay
        inputs.kogs.overlay
        inputs.microca.overlay
-        inputs.peerix.overlay
        inputs.pots.overlay
        inputs.pr-status.overlay
        inputs.tsRevProx.overlay
--- a/hosts/europa/default.nix
+++ b/hosts/europa/default.nix
@ -8,10 +8,6 @@
 let
  inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp beets;
  inherit (xinlib) jobToUserService prIsOpen;
-  peerixUser =
-    if builtins.hasAttr "peerix" config.users.users
-    then config.users.users.peerix.name
-    else "root";
  jobs = [
    {
      name = "brain";
@ -69,12 +65,6 @@ in
      group = "wheel";
      mode = "400";
    };
-    peerix_private_key = {
-      sopsFile = config.xin-secrets.europa.secrets.peerix;
-      owner = "${peerixUser}";
-      group = "wheel";
-      mode = "400";
-    };
    restic_password_file = {
      sopsFile = config.xin-secrets.europa.secrets.services;
      owner = "root";
@ -159,12 +149,6 @@ in
    };
  };

-  tsPeerix = {
-    enable = false;
-    privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
-    interfaces = [ "wlp170s0" "ztksevmpn3" ];
-  };
-
  programs = {
    steam.enable = true;
    _1password.enable = true;
--- a/hosts/stan/default.nix
+++ b/hosts/stan/default.nix
@ -16,10 +16,6 @@ let
    openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys;
    shell = pkgs.zsh;
  };
-  peerixUser =
-    if builtins.hasAttr "peerix" config.users.users
-    then config.users.users.peerix.name
-    else "root";
 in
 {
  _module.args.isUnstable = true;
@ -132,12 +128,6 @@ in
      group = "wheel";
      mode = "400";
    };
-    peerix_private_key = {
-      sopsFile = config.xin-secrets.stan.secrets.peerix;
-      owner = "${peerixUser}";
-      group = "wheel";
-      mode = "400";
-    };
    restic_password_file = {
      sopsFile = config.xin-secrets.stan.secrets.main;
      owner = "root";
@ -277,12 +267,6 @@ in
    };
  };

-  tsPeerix = {
-    enable = false;
-    privateKeyFile = "${config.sops.secrets.peerix_private_key.path}";
-    interfaces = [ "wlp170s0" "ztksevmpn3" ];
-  };
-
  services = {
    rkvm.client = {
      enable = true;
				`@ -1 +0,0 @@`
				`peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs= peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=`