[user module] add backup usr

doc/src/anleitung/create.md

@@ -1,19 +1,47 @@
-# Create host with nixos-anywhere
-We use a nixos-anywhere wrapper script to deploy new hosts.
-The wrapper script takes care of copying persistent host keys before calling nixos-anywhere.
-
-To accomplish that boot the host from a nixos image and setup a root password.
+# Create host with disko-install
+How to use disko-install is described here: https://github.com/nix-community/disko/blob/master/docs/disko-install.md
+---
+Here are the exact steps to get bakunin running:  
+First create machines/hostname/configuration.nix  
+Add hosts nixosConfiguration in machines/configurations.nix  
+Boot nixos installer on the Machine.  
 ``` bash
-sudo su
-passwd
-```
+# establish network connection
+wpa_passphrase "network" "password" > wpa.conf
+wpa_supplicant -B -i wlp3s0 -c wpa.conf
+ping 8.8.8.8
+# if that works continue
 
-After that get the hosts ip using `ip a` and start deployment from your own machine:
+# generate a base hardware config
+nixos-generate-config --root /tmp/config --no-filesystems
 
-``` bash
-# from infrastrucutre repository root dir:
-nix develop .#
-remote-install hostname 10.0.42.23
+# get the infra repo
+nix-shell -p git
+git clone https://git.dynamicdiscord.de/kalipso/infrastructure
+cd infrastructure
+
+# add the new generated hardware config (and import in hosts configuration.nix)
+cp /tmp/config/etc/nixos/hardware-configuration.nix machines/bakunin/
+
+# check which harddrive we want to install the system on
+lsblk #choose harddrive, in this case /dev/sda
+
+# run nixos-install on that harddrive
+sudo nix --extra-experimental-features flakes --extra-experimental-features nix-command run 'github:nix-community/disko/latest#disko-install' -- --flake .#bakunin --disk main /dev/sda
+
+# this failed with out of memory
+# running again showed: no disk left on device
+# it seems the usb stick i used for flashing is way to small
+# it is only 
+# with a bigger one (more than 8 gig i guess) it should work
+# instead the disko-install tool i try the old method - first partitioning using disko and then installing the system
+# for that i needed to adjust ./machines/modules/disko/btrfs-laptop.nix and set the disk to "/dev/sda"
+
+sudo nix --extra-experimental-features "flakes nix-command" run 'github:nix-community/disko/latest' -- --mode format --flake .#bakunin
+
+# failed with no space left on device.
+# problem is lots of data is written to the local /nix/store which is mounted on tmpfs in ram
+# it seems that a workaround could be modifying the bootable stick to contain a swap partition to extend tmpfs storage
 ```
 
 # Testing Disko
@@ -21,3 +49,18 @@ Testing disko partitioning is working quite well. Just run the following and che
 ```bash
 nix run -L .\#nixosConfigurations.fanny.config.system.build.vmWithDisko
 ```
+
+Only problem is that encryption is not working, so it needs to be commented out. For testing host fanny the following parts in ```./machines/modules/disko/fanny.nix``` need to be commented out(for both pools!):
+```nix
+datasets = {
+  encrypted = {
+    options = {
+      encryption = "aes-256-gcm"; #THIS ONE
+      keyformat = "passphrase"; #THIS ONE
+      keylocation = "file:///tmp/root.key"; #THIS ONE
+    };
+    # use this to read the key during boot
+     postCreateHook = '' #THIS ONE 
+       zfs set keylocation="prompt" "zroot/$name"; #THIS ONE 
+     ''; #THIS ONE 
+```

flake.lock

@@ -235,8 +235,7 @@
         "nixpkgs-unstable": "nixpkgs-unstable",
         "sops-nix": "sops-nix",
         "tasklist": "tasklist",
-        "utils": "utils_3",
-        "zineshop": "zineshop"
+        "utils": "utils_3"
       }
     },
     "sops-nix": {
@@ -335,21 +334,6 @@
         "type": "github"
       }
     },
-    "systems_5": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
     "tasklist": {
       "inputs": {
         "nixpkgs": [
@@ -357,11 +341,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1743458889,
-        "narHash": "sha256-eVTtsCPio3Wj/g/gvKTsyjh90vrNsmgjzXK9jMfcboM=",
+        "lastModified": 1737548421,
+        "narHash": "sha256-gmlqJdC+v86vXc2yMhiza1mvsqh3vMfrEsiw+tV5MXg=",
         "ref": "refs/heads/master",
-        "rev": "b61466549e2687628516aa1f9ba73f251935773a",
-        "revCount": 30,
+        "rev": "c5fff78c83959841ac724980a13597dcfa6dc26d",
+        "revCount": 29,
         "type": "git",
         "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
       },
@@ -423,45 +407,6 @@
         "repo": "flake-utils",
         "type": "github"
       }
-    },
-    "utils_4": {
-      "inputs": {
-        "systems": "systems_5"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "zineshop": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "utils": "utils_4"
-      },
-      "locked": {
-        "lastModified": 1744626173,
-        "narHash": "sha256-DSuLVFGvmMUoStIs5ar4CLE8eD2dlFPUmPC7CODauts=",
-        "ref": "refs/heads/master",
-        "rev": "19ce41aca7d92bc8e02f97e7bdbca7ac7ba64090",
-        "revCount": 103,
-        "type": "git",
-        "url": "https://git.dynamicdiscord.de/kalipso/zineshop"
-      },
-      "original": {
-        "type": "git",
-        "url": "https://git.dynamicdiscord.de/kalipso/zineshop"
-      }
     }
   },
   "root": "root",

flake.nix

@@ -22,11 +22,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    zineshop = {
-      url = "git+https://git.dynamicdiscord.de/kalipso/zineshop";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
     ep3-bs = {
       url = "git+https://git.dynamicdiscord.de/kalipso/ep3-bs.nix";
       inputs.nixpkgs.follows = "nixpkgs";

machines/durruti/host_config.nix

@@ -73,17 +73,6 @@ in
       };
     };
 
-
-    services.nginx.virtualHosts."shop.malobeo.org" = {
-      forceSSL = true;
-      enableACME= true;
-      locations."/" = {
-        proxyPass = "http://10.0.0.10";
-        extraConfig = ''
-        '';
-      };
-    };
-
     services.nginx.virtualHosts."status.malobeo.org" = {
       forceSSL = true;
       enableACME= true;

machines/fanny/configuration.nix

@@ -5,7 +5,6 @@ in
 {
   sops.defaultSopsFile = ./secrets.yaml;
   sops.secrets.wg_private = {};
-  sops.secrets.shop_auth = {};
 
   imports =
     [ # Include the results of the hardware scan.
@@ -19,7 +18,6 @@ in
       inputs.self.nixosModules.malobeo.microvm
       inputs.self.nixosModules.malobeo.metrics
       inputs.self.nixosModules.malobeo.users
-      inputs.self.nixosModules.malobeo.backup
     ];
 
     virtualisation.vmVariantWithDisko = {
@@ -44,11 +42,6 @@ in
     cacheurl = "https://cache.dynamicdiscord.de";
   };
 
-  malobeo.backup = {
-    enable = true;
-    snapshots = [ "storage/encrypted" "zroot/encrypted/var" ];
-  };
-
   nix = {
     settings.experimental-features = [ "nix-command" "flakes" ];
     #always update microvms
@@ -60,7 +53,6 @@ in
   malobeo.users = {
     malobeo = true;
     admin = true;
-    backup = true;
   };
 
   malobeo.disks = {
@@ -94,13 +86,7 @@ in
   };
 
   services.malobeo.microvm.enableHostBridge = true;
-  services.malobeo.microvm.deployHosts = [ 
-    "overwatch" 
-    "infradocs" 
-    "nextcloud" 
-    "durruti" 
-    "zineshop"
-  ];
+  services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ];
 
   networking = {
     nat = {
@@ -151,18 +137,6 @@ in
         '';
       };
     };
-
-    virtualHosts."shop.malobeo.org" = {
-      # created with: nix-shell --packages apacheHttpd --run 'htpasswd -B -c foo.txt malobeo'
-      # then content of foo.txt put into sops
-      basicAuthFile = config.sops.secrets.shop_auth.path;
-      locations."/" = {
-        proxyPass = "http://10.0.0.15:8080";
-        extraConfig = ''
-          proxy_set_header Host $host;
-        '';
-      };
-    };
   };
 
   services.tor = {

machines/fanny/secrets.yaml

@@ -1,6 +1,4 @@
 wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
-shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
-shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +23,8 @@ sops:
             QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
             SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-14T10:34:55Z"
-    mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str]
+    lastmodified: "2025-01-14T12:41:07Z"
+    mac: ENC[AES256_GCM,data:RJ4Fa8MmX8u8S3zrD/SaywTC3d2IfHQPBDy3C9u4GuXJ/ruEChAB1kN8rqMPvkmET8UUgHIEp7RpbzMtg/FOmKYKYTTx5t//3/VozvAEZurhG/4mnN3r6uaZ0R9+wSjym8IyOKsJ7p4XrfE5tRdzNyU4EqfkEiyf+jO751uSnYI=,iv:eiTdmbcrpUvyDPFmGawxJs/ehmD7KqulaoB+nfpC6ko=,tag:+TKr53cFS3wbLXNgcbZfJQ==,type:str]
     pgp:
         - created_at: "2025-02-11T18:32:49Z"
           enc: |-
@@ -67,4 +65,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.9.2

machines/hosts.nix

@@ -67,14 +67,6 @@
         };
       };
 
-      zineshop = {
-        type = "microvm";
-        network = {
-          address = "10.0.0.15";
-          mac = "D0:E5:CA:F0:D7:F1";
-        };
-      };
-
       testvm = {
         type = "host";
       };

machines/louise/configuration.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, inputs, ... }:
+{ config, pkgs, ... }:
 
 {
   imports =
@@ -9,7 +9,6 @@
       ../modules/sshd.nix
       ../modules/minimal_tools.nix
       ../modules/autoupdate.nix
-      inputs.self.nixosModules.malobeo.printing
     ];
 
   malobeo.autoUpdate = {
@@ -51,8 +50,6 @@
   };
 
   services.printing.enable = true;
-  services.malobeo.printing.enable = true;
-
   services.printing.drivers = [
     (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd))
     pkgs.gutenprint

machines/modules/host_builder.nix

@@ -195,7 +195,8 @@ rec {
 
   vmNestedMicroVMOverwrites = host: sopsDummy: {
 
-    microvm.vms = pkgs.lib.mkForce (
+    services.malobeo.microvm.deployHosts = pkgs.lib.mkForce [];
+    microvm.vms = 
     let
       # Map the values to each hostname to then generate an Attrset using listToAttrs
       mapperFunc = name: { inherit name; value = {
@@ -215,7 +216,7 @@ rec {
         };
       }; };
     in
-    builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts));
+    builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts);
   };
 
   buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {

machines/modules/malobeo/backup.nix

@@ -1,102 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let 
-  cfg = config.malobeo.backup;
-  hostToCommand = (hostname: datasetNames: 
-    (map (dataset:  { 
-      name = "${hostname}_${dataset.sourceDataset}";
-      value = { 
-        inherit hostname; 
-        inherit (dataset) sourceDataset targetDataset;
-      }; 
-    } ) datasetNames));
-  peers = import ./peers.nix;
-
-  enableSnapshots = cfg.snapshots != null;
-  enableBackups = cfg.hosts != null;
-in
-{
-  options.malobeo.backup = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable sanoid/syncoid based backup functionality";
-    };
-
-    snapshots = mkOption {
-      type = types.nullOr (types.listOf types.str);
-      default = null;
-      description = "Automatic snapshots will be created for the given datasets";
-    };
-
-    hosts = mkOption {
-      default = null;
-      type = types.nullOr (types.attrsOf (types.listOf (types.submodule {
-        options = {
-          sourceDataset = mkOption {
-            type = types.str;
-            description = "The source that needs to be backed up";
-          };
-          targetDataset = mkOption {
-            type = types.str;
-            description = "The target dataset where the backup should be stored";
-          };
-        };
-      })));
-      description = ''
-          Hostname with list of datasets to backup. This option should be defined on hosts that will store backups.
-
-          It is necessary to add the machines that get backed up to known hosts.
-          This can be done for example systemwide using 
-          programs.ssh.knownHosts."10.100.0.101" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqp2/YiiIhai7wyScGZJ20gtrzY+lp4N/8unyRs4qhc";
-          Or set it for the syncoid user directly.
-        '';
-    };
-
-    sshKey = mkOption {
-      default = null;
-      type = types.nullOr types.str;
-      description = "Set path to ssh key used for pull backups. Otherwise default key is used";
-    };
-  };
-  
-  config = mkIf (cfg.enable) {
-    services.sanoid = mkIf (enableSnapshots) {
-      enable = true;
-  
-      templates."default" = {
-        hourly = 24;
-        daily = 30; #keep 30 daily snapshots
-        monthly = 6; #keep 6 monthly backups
-        yearly = 0;
-  
-        autosnap = true; #take snapshots automatically
-        autoprune = true; #delete old snapshots
-      };
-  
-      datasets = builtins.listToAttrs (map (name: { inherit name; value = {
-        useTemplate = [ "default" ];
-        recursive = true;
-      }; }) cfg.snapshots);
-    };
-
-    services.syncoid = mkIf (enableBackups) {
-      enable = true;
-      sshKey = cfg.sshKey;
-  
-      commonArgs = [
-        "--no-sync-snap"
-      ];
-  
-      interval = "*-*-* 04:15:00";
-  
-      commands = builtins.mapAttrs (name: value: {
-        source = "backup@${peers.${value.hostname}.address}:${value.sourceDataset}";
-        target = "${value.targetDataset}";
-        sendOptions = "w";
-        recvOptions = "\"\"";
-        recursive = true;
-      })(builtins.listToAttrs (builtins.concatLists (builtins.attrValues (builtins.mapAttrs hostToCommand cfg.hosts))));
-    };
-  };
-}

machines/modules/malobeo/microvm_host.nix

@@ -102,22 +102,6 @@ in
           /run/current-system/sw/bin/microvm -Ru ${name}
         '';
       };
-
-      "microvm-init-dirs@${name}" = {
-        description = "Initialize microvm directories";
-        after = [ "zfs-mount.service" ];
-        wantedBy = [ "microvm@${name}.service" ];
-        unitConfig.ConditionPathExists = "!/var/lib/microvms/${name}/.is_initialized";
-        serviceConfig = {
-          Type = "oneshot";
-        };
-        script = ''
-          mkdir -p /var/lib/microvms/${name}/var
-          mkdir -p /var/lib/microvms/${name}/etc
-          mkdir -p /var/lib/microvms/data/${name}
-          touch /var/lib/microvms/${name}/.is_initialized
-        '';
-      };
     }) {} (cfg.deployHosts);
 
     systemd.timers = builtins.foldl' (timers: name: timers // {

machines/modules/malobeo/peers.nix

@@ -2,7 +2,7 @@
   "vpn" = {
     role = "server";
     publicIp = "5.9.153.217";
-    address = "10.100.0.1";
+    address = [ "10.100.0.1/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
     listenPort = 51821;
     publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
@@ -11,43 +11,36 @@
 
   "celine" = {
     role = "client";
-    address = "10.100.0.2";
+    address = [ "10.100.0.2/24" ];
     allowedIPs = [ "10.100.0.2/32" ];
     publicKey = "Jgx82tSOmZJS4sm1o8Eci9ahaQdQir2PLq9dBqsWZw4=";
   };
 
   "desktop" = {
     role = "client";
-    address = "10.100.0.3";
+    address = [ "10.100.0.3/24" ];
     allowedIPs = [ "10.100.0.3/32" ];
     publicKey = "FtY2lcdWcw+nvtydOOUDyaeh/xkaqHA8y9GXzqU0Am0=";
   };
 
   "atlan-pc" = {
     role = "client";
-    address = "10.100.0.5";
+    address = [ "10.100.0.5/24" ];
     allowedIPs = [ "10.100.0.5/32" ];
     publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
   };
 
   "hetzner" = {
     role = "client";
-    address = "10.100.0.6";
+    address = [ "10.100.0.6/24" ];
     allowedIPs = [ "10.100.0.6/32" ];
     publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
   };
 
   "fanny" = {
     role = "client";
-    address = "10.100.0.101";
+    address = [ "10.100.0.101/24" ];
     allowedIPs = [ "10.100.0.101/32" ];
     publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
   };
-
-  "backup0" = {
-    role = "client";
-    address = "10.100.0.20";
-    allowedIPs = [ "10.100.0.20/32" ];
-    publicKey = "Pp55Jg//jREzHdbbIqTXc9N7rnLZIFw904qh6NLrACE=";
-  };
 }

machines/modules/malobeo/printing.nix

@@ -1,51 +0,0 @@
-{ config, lib, pkgs, ... }:
-with lib;
-let 
-  cfg = config.services.malobeo.printing;
-  driverFile = pkgs.writeTextDir "share/cups/model/konicaminoltac258.ppd" (builtins.readFile ../KOC658UX.ppd);
-
-  defaultPpdOptions = {
-    PageSize = "A4";
-    SelectColor = "Grayscale";
-    Finisher = "FS534";
-    SaddleUnit = "SD511";
-    Model = "C258";
-    InputSlot = "Tray1";
-  };
-
-in
-{
-  options.services.malobeo.printing = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Setup malobeo printers";
-    };
-  };
-  
-  config = mkIf (cfg.enable) {
-    services.printing.enable = true;
-    services.printing.drivers = [
-      driverFile
-    ];
-
-    hardware.printers.ensurePrinters = [ {
-      name = "KonicaDefault";
-      model = "konicaminoltac258.ppd";
-      location = "Zine Workshop";
-      deviceUri = "ipp://192.168.1.42/ipp";
-      ppdOptions = defaultPpdOptions;
-    }
-    {
-      name = "KonicaBooklet";
-      model = "konicaminoltac258.ppd";
-      location = "Zine Workshop";
-      deviceUri = "ipp://192.168.1.42/ipp";
-      ppdOptions = defaultPpdOptions // {
-        Fold = "Stitch";
-        Staple = "None";
-      };
-    }
-  ];
-  };
-}

machines/modules/malobeo/users.nix

@@ -68,11 +68,7 @@ in
           users = [ "backup" ];
           commands = [
             {
-              command = "/run/current-system/sw/bin/zfs";
-              options = [ "NOPASSWD" ];
-            }
-            {
-              command = "/run/current-system/sw/bin/zpool";
+              command = "${pkgs.zfs-user}/bin/zfs";
               options = [ "NOPASSWD" ];
             }
           ];
@@ -98,4 +94,4 @@ in
       ];
     }
   ];
-}
+}

machines/modules/malobeo/wireguard.nix

@@ -70,7 +70,7 @@ in
       interfaces = {
         malovpn = {
           mtu = 1340; #seems to be necessary to proxypass nginx traffic through vpn
-          address = [ "${myPeer.address}/24" ];
+          address = myPeer.address;
           autostart = cfg.autostart;
           listenPort = mkIf (myPeer.role == "server") myPeer.listenPort;
 

machines/nextcloud/configuration.nix

@@ -47,7 +47,7 @@ with lib;
     };
     extraAppsEnable = true;
     extraApps = {
-      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration;
+      inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls;
       collectives = pkgs.fetchNextcloudApp {
         sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
         url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";
@@ -56,7 +56,6 @@ with lib;
     };
     settings = {
       trusted_domains = ["10.0.0.13"];
-      trusted_proxies = [ "10.0.0.1" ];
       "maintenance_window_start" = "1";
       "default_phone_region" = "DE";
     };

machines/overwatch/configuration.nix

@@ -107,12 +107,6 @@ with lib;
           targets = [ "10.0.0.13:9002" ];
         }];
       }
-      {
-        job_name = "zineshop";
-        static_configs = [{
-          targets = [ "10.0.0.15:9002" ];
-        }];
-      }
       {
         job_name = "fanny";
         static_configs = [{

machines/vpn/configuration.nix

@@ -66,15 +66,6 @@ with lib;
         '';
       };
     };
-
-    virtualHosts."shop.malobeo.org" = {
-      locations."/" = {
-        proxyPass = "http://10.100.0.101";
-        extraConfig = ''
-          proxy_set_header Host $host;
-        '';
-      };
-    };
   };
 
   system.stateVersion = "22.11"; # Did you read the comment?

machines/zineshop/configuration.nix

@@ -1,34 +0,0 @@
-{ self, config, lib, pkgs, inputs, ... }:
-
-with lib;
-
-{
-  networking = {
-    hostName = mkDefault "zineshop";
-    useDHCP = false;
-  };
-
-  imports = [
-    inputs.malobeo.nixosModules.malobeo.metrics
-    inputs.malobeo.nixosModules.malobeo.printing
-    inputs.zineshop.nixosModules.zineshop
-    ../modules/malobeo_user.nix
-    ../modules/sshd.nix
-  ];
-
-  malobeo.metrics = {
-    enable = true;
-    enablePromtail = true;
-    logNginx = true;
-    lokiHost = "10.0.0.14";
-  };
-
-  services.printing.enable = true;
-  services.malobeo.printing.enable = true;
-
-  services.zineshop.enable = true;
-  networking.firewall.allowedTCPPorts = [ 8080 ];
-
-  system.stateVersion = "22.11"; # Did you read the comment?
-}
-

outputs.nix

@@ -116,8 +116,6 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
       metrics.imports = [ ./machines/modules/malobeo/metrics.nix ];
       disko.imports = [ ./machines/modules/disko ];
       users.imports = [ ./machines/modules/malobeo/users.nix ];
-      backup.imports = [ ./machines/modules/malobeo/backup.nix ];
-      printing.imports = [ ./machines/modules/malobeo/printing.nix ];
     };
 
     hydraJobs = nixpkgs.lib.mapAttrs (_: nixpkgs.lib.hydraJob) (