Todo aus readme verschieben

.gitea/workflows/eval-hydra-jobs.yml

@@ -1,15 +0,0 @@
-name: "Evaluate Hydra Jobs"
-on:
-  pull_request:
-  push:
-jobs:
-  eval-hydra-jobs:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Install dependencies for Nix setup action
-      run: |
-        apt update -y
-        apt install sudo -y        
-    - uses: cachix/install-nix-action@v27
-    - run: nix eval --no-update-lock-file --accept-flake-config .\#hydraJobs

doc/.gitignore

@@ -1 +0,0 @@
-book

doc/src/anleitung/microvm.md

@@ -1,39 +0,0 @@
-### Declaring a MicroVM
-
-The hosts nixosSystems modules should be declared using the ```makeMicroVM``` helper function.
-Use durruti as orientation:
-``` nix
-    modules = makeMicroVM "durruti" "10.0.0.5" [
-      ./durruti/configuration.nix
-    ];
-```
-
-"durruti" is the hostname.  
-"10.0.0.5" is the IP assigned to its tap interface.  
-
-### Testing MicroVMs locally
-MicroVMs can be built and run easily on your local host.
-For durruti this is done by:
-``` bash
-sudo nix run .\#nixosConfigurations.durruti.config.microvm.declaredRunner
-```
-
-It seems to be necessary to run this as root so that the according tap interface can be created.
-To be able to ping the VM or give Internet Access to the VM your host needs to be setup as described below.
-
-### Host Setup
-To provide network access to the VMs a bridge interface needs to be created on your host.
-For that:
-- Add the infrastructure flake as input to your hosts flake  
-- Add ```inputs.malobeo.nixosModules.malobeo``` to your hosts imports
-- enable the host bridge: ```services.malobeo.microvm.enableHostBridge = true;```
-
-If you want to provide Internet access to the VM it is necessary to create a nat.
-This could be done like this:
-``` nix
-networking.nat = {
-  enable = true;
-  internalInterfaces = [ "microvm" ];
-  externalInterface = "eth0"; #change to your interface name
-};
-```

doc/src/server/durruti.md

@@ -1,2 +0,0 @@
-# Durruti
-Hetzner Server

doc/src/server/lucia.md

@@ -1,2 +0,0 @@
-# Lucia
-Lokaler Raspberry Pi 3

doc/src/server/website.md

@@ -1,7 +0,0 @@
-#Website
-
-hosted on uberspace  
-runs malobeo.org(wordpress) and forum.malobeo.org(phpbb)  
-access via ssh with public key or password  
-Files under /var/www/virtual/malobeo/html
-

flake.lock

@@ -21,24 +21,6 @@
         "url": "https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems_3"
-      },
-      "locked": {
-        "lastModified": 1726560853,
-        "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -46,16 +28,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1726989464,
-        "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
+        "lastModified": 1719827415,
+        "narHash": "sha256-pvh+1hStXXAZf0sZ1xIJbWGx4u+OGBC1rVx6Wsw0fBw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
+        "rev": "f2e3c19867262dbe84fdfab42467fc8dd83a2005",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-24.05",
+        "ref": "release-23.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -79,35 +61,13 @@
         "type": "github"
       }
     },
-    "microvm": {
-      "inputs": {
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "spectrum": "spectrum"
-      },
-      "locked": {
-        "lastModified": 1731240174,
-        "narHash": "sha256-HYu+bPoV3UILhwc4Ar5iQ7aF+DuQWHXl4mljN6Bwq6A=",
-        "owner": "astro",
-        "repo": "microvm.nix",
-        "rev": "dd89404e1885b8d7033106f3898eaef8db660cb2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "astro",
-        "repo": "microvm.nix",
-        "type": "github"
-      }
-    },
     "nixlib": {
       "locked": {
-        "lastModified": 1729386149,
+        "lastModified": 1728781282,
         "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=",
         "owner": "nix-community",
         "repo": "nixpkgs.lib",
-        "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e",
+        "rev": "16340f605f4e8e5cf07fd74dcbe692eee2d4f51b",
         "type": "github"
       },
       "original": {
@@ -124,11 +84,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729472750,
-        "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=",
+        "lastModified": 1729127034,
+        "narHash": "sha256-42AMGl+dh4I2wGgICSeDI1mqYaDEJhwqquHJ1vA0QiQ=",
         "owner": "nix-community",
         "repo": "nixos-generators",
-        "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565",
+        "rev": "dd28a0806e7124fe392c33c9ccaa12f21970401f",
         "type": "github"
       },
       "original": {
@@ -139,11 +99,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1730919458,
-        "narHash": "sha256-yMO0T0QJlmT/x4HEyvrCyigGrdYfIXX3e5gWqB64wLg=",
+        "lastModified": 1729333370,
+        "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "e1cc1f6483393634aee94514186d21a4871e78d7",
+        "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb",
         "type": "github"
       },
       "original": {
@@ -171,11 +131,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1730602179,
-        "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
+        "lastModified": 1728156290,
+        "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
+        "rev": "17ae88b569bb15590549ff478bab6494dde4a907",
         "type": "github"
       },
       "original": {
@@ -187,11 +147,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1730785428,
-        "narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
+        "lastModified": 1729256560,
+        "narHash": "sha256-/uilDXvCIEs3C9l73JTACm4quuHUsIHcns1c+cHUJwA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
+        "rev": "4c2fcb090b1f3e5b47eaa7bd33913b574a11e0a0",
         "type": "github"
       },
       "original": {
@@ -203,11 +163,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1730883749,
-        "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
+        "lastModified": 1729181673,
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
         "type": "github"
       },
       "original": {
@@ -222,7 +182,6 @@
         "ep3-bs": "ep3-bs",
         "home-manager": "home-manager",
         "mfsync": "mfsync",
-        "microvm": "microvm",
         "nixos-generators": "nixos-generators",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs_2",
@@ -240,11 +199,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1731047660,
-        "narHash": "sha256-iyp51lPWEQz4c5VH9bVbAuBcFP4crETU2QJYh5V0NYA=",
+        "lastModified": 1728345710,
+        "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "60e1bce1999f126e3b16ef45f89f72f0c3f8d16f",
+        "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
         "type": "github"
       },
       "original": {
@@ -253,22 +212,6 @@
         "type": "github"
       }
     },
-    "spectrum": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1729945407,
-        "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=",
-        "ref": "refs/heads/main",
-        "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa",
-        "revCount": 764,
-        "type": "git",
-        "url": "https://spectrum-os.org/git/spectrum"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://spectrum-os.org/git/spectrum"
-      }
-    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -314,21 +257,6 @@
         "type": "github"
       }
     },
-    "systems_4": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tasklist": {
       "inputs": {
         "nixpkgs": [
@@ -336,11 +264,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1729717517,
-        "narHash": "sha256-Gul0Zqy0amouh8Hs8BL/DIKFYD6BmdTo4H8+5K5+mTo=",
+        "lastModified": 1721034873,
+        "narHash": "sha256-3Bpj3h2UHXgBwlVm+jB5qCLtbn42LunCIEDg1IX111M=",
         "ref": "refs/heads/master",
-        "rev": "610269a14232c2888289464feb5227e284eef336",
-        "revCount": 27,
+        "rev": "a4a9bf571de0880621739228358a5d31e4c14d43",
+        "revCount": 16,
         "type": "git",
         "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
       },
@@ -387,7 +315,7 @@
     },
     "utils_3": {
       "inputs": {
-        "systems": "systems_4"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1726560853,

flake.nix

@@ -8,8 +8,6 @@
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";
     mfsync.url = "github:k4lipso/mfsync";
-    microvm.url = "github:astro/microvm.nix";
-    microvm.inputs.nixpkgs.follows = "nixpkgs";
 
     utils = {
       url = "github:numtide/flake-utils";
@@ -31,7 +29,7 @@
     };
 
     home-manager=  {
-      url = "github:nix-community/home-manager/release-24.05";
+      url = "github:nix-community/home-manager/release-23.11";
       inputs = {
         nixpkgs.follows = "nixpkgs";
       };

machines/configuration.nix

@@ -40,36 +40,16 @@ let
     }
   ];
   defaultModules = baseModules;
-
-  makeMicroVM = hostName: ipv4Addr: modules: [
-    inputs.microvm.nixosModules.microvm
-    {
-      microvm = {
-        hypervisor = "qemu";
-        interfaces = [
-          {
-            type = "tap";
-            id = "vm-${hostName}";
-            mac = "02:00:00:00:00:01";
-          }
-        ];
-      };
-      
-      systemd.network.enable = true;
-      
-      systemd.network.networks."20-lan" = {
-        matchConfig.Type = "ether";
-        networkConfig = {
-          Address = [ "${ipv4Addr}/24" ];
-          Gateway = "10.0.0.1";
-          DNS = ["1.1.1.1"];
-          DHCP = "no";
-        };
-      };
-    }
-  ] ++ defaultModules ++ modules;
 in
 {
+  moderatio = nixosSystem {
+    system = "x86_64-linux";
+    specialArgs.inputs = inputs;
+    modules = defaultModules ++ [
+      ./moderatio/configuration.nix
+    ];
+  };
+
   louise = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
@@ -81,7 +61,7 @@ in
   durruti = nixosSystem {
     system = "x86_64-linux";
     specialArgs.inputs = inputs;
-    modules = makeMicroVM "durruti" "10.0.0.5" [
+    modules = defaultModules ++ [
       ./durruti/configuration.nix
     ];
   };
@@ -95,11 +75,15 @@ in
     ];
   };
 
-  gitea = nixosSystem {
-    system = "x86_64-linux";
+  sdImageLucia = nixosSystem {
+    system = "aarch64-linux";
     specialArgs.inputs = inputs;
-    modules = makeMicroVM "gitea" "10.0.0.6" [
-      ./gitea/configuration.nix
+    modules = defaultModules ++ [
+      "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
+      ./lucia/configuration.nix
+      {
+        sdImage.compressImage = false;
+      }
     ];
   };
 }

machines/durruti/configuration.nix

@@ -5,6 +5,7 @@ with lib;
 {
   sops.defaultSopsFile = ./secrets.yaml;
 
+  boot.isContainer = true;
   networking = {
     hostName = mkDefault "durruti";
     useDHCP = false;

machines/durruti/host_config.nix

@@ -44,5 +44,6 @@ in
       enableACME= true;
       locations."/".proxyPass = "http://${cfg.host_ip}:80";
     };
+
   };
 }

machines/gitea/configuration.nix

@@ -1,37 +0,0 @@
-{ config, lib, pkgs, inputs, ... }:
-
-with lib;
-
-{
-  #sops.defaultSopsFile = ./secrets.yaml;
-
-  networking = {
-    hostName = mkDefault "gitea";
-    useDHCP = false;
-    nameservers = [ "1.1.1.1" ];
-  };
-
-  imports = [
-    ../modules/malobeo_user.nix
-    ../modules/sshd.nix
-    ../modules/minimal_tools.nix
-    ../modules/autoupdate.nix
-  ];
-
-  services.gitea = {
-    enable = true;
-    appName = "malobeo git instance";
-
-    settings.server = {
-      DOMAIN = "git.malobeo.org";
-      HTTP_PORT = 3001;
-      SSH_PORT = 22;
-      ROOT_URL = "https://git.malobeo.org/";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 3001 ];
-
-  system.stateVersion = "22.11"; # Did you read the comment?
-}
-

machines/lucia/configuration.nix

@@ -14,7 +14,7 @@ in
 
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.passwordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "prohibit-password";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 
@@ -173,7 +173,7 @@ in
     mpv
     ncmpcpp
     ncpamixer
-    # pulseaudio
+    pulseaudio
     vim
     htop
     wget
@@ -182,23 +182,23 @@ in
     nix-tree
   ];
 
-  #hardware.pulseaudio = {
-  #  enable = true;
-  #  systemWide = true;
-  #  tcp = {
-  #    enable = true;
-  #    anonymousClients.allowedIpRanges = [
-  #      "127.0.0.0/8"
-  #      "192.168.1.0/24"
-  #    ];
-  #  };
+  hardware.pulseaudio = {
+    enable = true;
+    systemWide = true;
+    tcp = {
+      enable = true;
+      anonymousClients.allowedIpRanges = [
+        "127.0.0.0/8"
+        "192.168.1.0/24"
+      ];
+    };
 
-  #  zeroconf.publish.enable = true;
-  #};
+    zeroconf.publish.enable = true;
+  };
 
   services.avahi = {
     enable = true;
-    nssmdns4 = true;
+    nssmdns = true;
     publish = {
       enable = true;
       addresses = true;

machines/moderatio/configuration.nix

@@ -0,0 +1,92 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  services.acpid.enable = true;
+
+  boot.kernelPackages = pkgs.linuxPackages_5_4;
+  services.xserver.videoDrivers = [ "intel" ];
+  services.xserver.deviceSection = ''
+    Option "DRI" "2"
+    Option "TearFree" "true"
+  '';
+
+  zramSwap.enable = true;
+  zramSwap.memoryPercent = 150;
+
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./zfs.nix
+
+      ../modules/xserver.nix
+      ../modules/malobeo_user.nix
+      ../modules/sshd.nix
+      ../modules/minimal_tools.nix
+    ];
+
+  users.users.malobeo = {
+    packages = with pkgs; [
+      firefox
+      thunderbird
+    ];
+  };
+
+  networking.hostName = "moderatio"; # Define your hostname.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  #   useXkbConfig = true; # use xkbOptions in tty.
+  # };
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  sound.enable = true;
+  hardware.pulseaudio.enable = true;
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "22.05"; # Did you read the comment?
+
+}
+

machines/moderatio/hardware-configuration.nix

@@ -0,0 +1,53 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "usb_storage" "ums_realtek" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "rpool/nixos/root";
+      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+    };
+
+  fileSystems."/home" =
+    { device = "rpool/nixos/home";
+      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "bpool/nixos/root";
+      fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ];
+    };
+
+  fileSystems."/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1" =
+    { device = "/dev/disk/by-uuid/A0D1-00C1";
+      fsType = "vfat";
+    };
+
+  fileSystems."/boot/efi" =
+    { device = "/boot/efis/ata-ST250LT003-9YG14C_W041QXCA-part1";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
+
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

machines/moderatio/zfs.nix

@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+{ boot.supportedFilesystems = [ "zfs" ];
+  networking.hostId = "ae749b82";
+  #boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+boot.loader.efi.efiSysMountPoint = "/boot/efi";
+boot.loader.efi.canTouchEfiVariables = false;
+boot.loader.generationsDir.copyKernels = true;
+boot.loader.grub.efiInstallAsRemovable = true;
+boot.loader.grub.enable = true;
+boot.loader.grub.version = 2;
+boot.loader.grub.copyKernels = true;
+boot.loader.grub.efiSupport = true;
+boot.loader.grub.zfsSupport = true;
+boot.loader.grub.extraPrepareConfig = ''
+  mkdir -p /boot/efis
+  for i in  /boot/efis/*; do mount $i ; done
+
+  mkdir -p /boot/efi
+  mount /boot/efi
+'';
+boot.loader.grub.extraInstallCommands = ''
+ESP_MIRROR=$(mktemp -d)
+cp -r /boot/efi/EFI $ESP_MIRROR
+for i in /boot/efis/*; do
+ cp -r $ESP_MIRROR/EFI $i
+done
+rm -rf $ESP_MIRROR
+'';
+boot.loader.grub.devices = [
+      "/dev/disk/by-id/ata-ST250LT003-9YG14C_W041QXCA"
+    ];
+users.users.root.initialHashedPassword = "$6$PmoyhSlGGT6SI0t0$.cFsLyhtO1ks1LUDhLjG0vT44/NjuWCBrv5vUSXqwrU5WpaBvvthnLp0Dfwfyd6Zcdx/4izDcjQAgEWs4QdzW0";
+}

machines/modules/autoupdate.nix

@@ -100,12 +100,11 @@ in
     nix = {
       # Show a diff when activating a new system except for microvms which handle this seperately
       #diffSystem = config.malobeo.deployment.server or "" == "";
-      #TODO: THIS WIPES HOSTS NIX STORE FROM WITHIN NIXOS-CONTAINER
-      #gc = lib.mkIf config.malobeo.autoUpdate.enable {
-      #  automatic = true;
-      #  randomizedDelaySec = "6h";
-      #  options = "--delete-older-than 21d";
-      #};
+      gc = lib.mkIf config.malobeo.autoUpdate.enable {
+        automatic = true;
+        randomizedDelaySec = "6h";
+        options = "--delete-older-than 21d";
+      };
     };
 
     environment.systemPackages = [ (

machines/modules/malobeo/microvm_host.nix

@@ -1,52 +0,0 @@
-{ config, lib, options, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.malobeo.microvm;
-in
-{
-  options = {
-    services.malobeo.microvm = {
-      enableHostBridge = mkOption {
-        default = false;
-        type = types.bool;
-        description = lib.mdDoc "Setup bridge device for microvms.";
-      };
-    };
-  };
-
-  config = mkIf cfg.enableHostBridge
-  { 
-    systemd.network = {
-      enable = true;
-      # create a bride device that all the microvms will be connected to
-      netdevs."10-microvm".netdevConfig = {
-        Kind = "bridge";
-        Name = "microvm";
-      };
-
-      networks."10-microvm" = {
-        matchConfig.Name = "microvm";
-        networkConfig = {
-          DHCPServer = true;
-          IPv6SendRA = true;
-        };
-        addresses = [ {
-          Address = "10.0.0.1/24";
-        } {
-          Address = "fd12:3456:789a::1/64";
-        } ];
-        ipv6Prefixes = [ {
-          Prefix = "fd12:3456:789a::/64";
-        } ];
-      };
-
-      # connect the vms to the bridge
-      networks."11-microvm" = {
-        matchConfig.Name = "vm-*";
-        networkConfig.Bridge = "microvm";
-      };
-    };
-  };
-}

machines/modules/sshd.nix

@@ -6,7 +6,7 @@ in
 {
   services.openssh.enable = true;
   services.openssh.ports = [ 22 ];
-  services.openssh.settings.PasswordAuthentication = false;
+  services.openssh.passwordAuthentication = false;
   services.openssh.settings.PermitRootLogin = "no";
   users.users.root.openssh.authorizedKeys.keys = sshKeys.admins;
 }

machines/modules/xserver.nix

@@ -7,6 +7,7 @@
       xterm.enable = false;
       cinnamon.enable = true;
     };
+
+    displayManager.defaultSession = "cinnamon";
   };
-  services.displayManager.defaultSession = "cinnamon";
 }

outputs.nix

@@ -18,44 +18,12 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
     devShells.default = pkgs.callPackage ./shell.nix {
       inherit (sops-nix.packages."${pkgs.system}") sops-import-keys-hook ssh-to-pgp sops-init-gpg-key;
     };
-
-    packages = {
-      docs = pkgs.stdenv.mkDerivation {
-        name = "malobeo-docs";
-        phases = [ "buildPhase" ];
-        buildInputs = [ pkgs.mdbook ];
-      
-        inputs = pkgs.lib.sourceFilesBySuffices ./doc/. [ ".md" ".toml" ];
-      
-        buildPhase = ''
-          dest=$out/share/doc
-          mkdir -p $dest
-          cp -r --no-preserve=all $inputs/* ./
-          mdbook build
-          ls
-          cp -r ./book/* $dest
-        '';
-      };
-    };
-
-    apps = {
-      docs = {
-        type = "app";
-        program = builtins.toString (pkgs.writeShellScript "docs" ''
-          ${pkgs.mdbook}/bin/mdbook serve --open ./doc
-        '');
-      };
-    };
-
   })) // rec {
     nixosConfigurations = import ./machines/configuration.nix (inputs // {
       inherit inputs;
     });
 
-    nixosModules.malobeo.imports = [
-      ./machines/durruti/host_config.nix
-      ./machines/modules/malobeo/microvm_host.nix
-    ];
+    nixosModules.malobeo = import ./machines/durruti/host_config.nix;
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (
       let
@@ -68,4 +36,26 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       nixpkgs.lib.mapAttrs getBuildEntry self.nixosConfigurations
 
       );
+
+      #lucia = self.nixosConfigurations.lucia.config.system.build.toplevel;
+    
+
+    #images.lucia_base_image = nixosConfigurations.lucia.config.system.build.sdImage;
+
+    #packages.x86_64-linux = {
+    #  lucia_base_img = nixos-generators.nixosGenerate {
+    #    system = "aarch64-linux";
+    #    modules = [
+    #      #"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix"
+    #      ./machines/modules/sshd.nix
+    #      {
+    #        nixpkgs.config.allowUnsupportedSystem = true;
+    #        nixpkgs.crossSystem.system = "aarch64-linux";
+    #        networking.dhcpcd.enable = true;
+    #      }
+    #    ];
+
+    #    format = "sd-aarch64-installer";
+    #  };
+    #};
 }

src/SUMMARY.md

@@ -8,10 +8,8 @@
         - [Hardware]()
         - [Netzwerk]()
         - [Seiten]()
-            - [Website](./server/website.md)
             - [musik](./projekte/musik.md)
         - [TODO](./todo.md)
     - [How-to]()
         - [Updates](./anleitung/updates.md)
-        - [Rollbacks](./anleitung/rollback.md)
-        - [MicroVM](./anleitung/microvm.md)
+        - [Rollbacks](./anleitung/rollback.md)

src/server/durruti.md

@@ -0,0 +1 @@
+# Durruti

src/server/lucia.md

@@ -0,0 +1 @@
+# Lucia

src/todo.md

@@ -7,11 +7,8 @@
   * [ ] how to use beamer
   * [ ] how to buecher ausleihen
   * ...
-- [x] host a local wiki with infrastructure information
 * [x] host some pad (codimd aka hedgedoc)
 * [ ] some network fileshare for storing the movies and streaming them within the network
-  - Currently developed in the 'fileserver' branch
-    - NFSV4 based
 * [x] malobeo network infrastructure rework
   * [x] request mulvad acc
   * [x] remove freifunk, use openwrt with mulvad configured