machines: name: Remove obsolete machine/configuration

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2023-10-26 21:05:34 +02:00 · 2023-10-26 21:05:34 +02:00 · 0079f6a4c1
parent dc9e47b523
commit 0079f6a4c1
5 changed files with 0 additions and 85 deletions
--- a/default.nix
+++ b/default.nix
@ -15,7 +15,6 @@ let

  machines = {
    fort = { deployment.tags = [ "external" "vm" ]; };
-    name = { deployment.tags = [ "homelab" "lxc" ]; };
    serv = { deployment.tags = [ "homelab" "lxc" ]; };
    trek = { deployment.tags = [ "desktop" ]; };
    zero = { deployment.tags = [ "desktop" ]; };
--- a/machines/name.nix
+++ b/machines/name.nix
@ -1,36 +0,0 @@
-{ lib, my, pkgs, ... }:
-
-{
-  imports =
-    [ ../services/blocky.nix ../services/unbound.nix ../system/lxc.nix ];
-
-  system = {
-    nssModules = lib.mkForce [ ];
-    stateVersion = "23.05";
-  };
-
-  networking = my.homelab.networking // {
-    interfaces.eth0 = my.machines.name.eth0;
-    firewall = {
-      allowedTCPPorts = [ 53 ];
-      allowedUDPPorts = [ 53 ];
-    };
-  };
-
-  # Disable all system DNS services
-  services.nscd.enable = false;
-  services.resolved.enable = false;
-
-  services.unbound.settings.server.port = 5353;
-  services.blocky.settings = {
-    bootstrapDns = "127.0.0.1:5353";
-    customDNS.mapping = my.homelab.dns.mapping;
-    upstreams.groups.default = [ "127.0.0.1:5353" ];
-  };
-
-  systemd.services.blocky = {
-    requires = [ "unbound.service" ];
-    after = [ "unbound.service" ];
-    preStart = "${pkgs.coreutils-full}/bin/sleep 10";
-  };
-}
--- a/secrets/my.nix
+++ b/secrets/my.nix
--- a/services/blocky.nix
+++ b/services/blocky.nix
@ -1,18 +0,0 @@
-{
-  services.blocky = {
-    enable = true;
-    settings = {
-      blocking = {
-        blackLists.default = [
-          "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
-          "https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/light.txt"
-        ];
-        clientGroupsBlock.default = [ "default" ];
-      };
-      customDNS.filterUnmappedTypes = true;
-      queryLog.type = "none";
-      upstreams.timeout = "1s";
-      startVerifyUpstream = true;
-    };
-  };
-}
--- a/services/unbound.nix
+++ b/services/unbound.nix
@ -1,30 +0,0 @@
-{ config, ... }:
-
-{
-  services.unbound = {
-    enable = true;
-    localControlSocketPath = "/run/unbound/unbound.socket";
-    settings.server = {
-      so-rcvbuf = "1m";
-      prefetch = true;
-      access-control = "10.0.0.0/8 allow";
-      interface = [ "127.0.0.1" ];
-      private-address = [
-        "192.168.0.0/16"
-        "169.254.0.0/16"
-        "172.16.0.0/16"
-        "10.0.0.0/8"
-        "fd00::/8"
-        "fe80::/10"
-      ];
-    };
-  };
-
-  services.prometheus.exporters.unbound = {
-    inherit (config.services.unbound) group;
-    enable = true;
-    openFirewall = true;
-    port = 9090;
-    controlInterface = config.services.unbound.localControlSocketPath;
-  };
-}