hosts: remove legion

it's been a good ride, but it's time to say goodbye

hosts/default.nix

@@ -9,7 +9,6 @@
     ./kazuki
     ./hijiri-vm
     ./hijiri
-    ./legion
     # TODO: Custom installer ISO
     # ./installer
     ./ude

hosts/legion/default.nix

@@ -1,47 +0,0 @@
-{
-  configurations.nixos.legion =
-    {
-      config,
-      username,
-      ...
-    }:
-    {
-      imports = [
-        ./hardware.nix
-        # ./disks.nix
-        ./msmtp.nix
-        ./desktop.nix
-      ];
-
-      nixpkgs.hostPlatform = "x86_64-linux";
-
-      specialisation = {
-        nas.configuration = ./nas;
-      };
-
-      boot = {
-        loader.systemd-boot.enable = true;
-        loader.efi.canTouchEfiVariables = true;
-      };
-
-      settei.tailscale = {
-        ipv4 = "100.84.112.35";
-        ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023";
-      };
-
-      networking = {
-        hostName = "legion";
-        hostId = builtins.substring 0 8 "524209a432724c7abaf04398cdd6eecd";
-        networkmanager.enable = true;
-      };
-      systemd.services.NetworkManager-wait-online.enable = false;
-
-      powerManagement.cpuFreqGovernor = "performance";
-
-      age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age;
-      users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path;
-
-      settei.incus.enable = true;
-      virtualisation.podman.enable = true;
-    };
-}

hosts/legion/desktop.nix

@@ -1,112 +0,0 @@
-# TODO: Proper desktop module
-{
-  config,
-  pkgs,
-  lib,
-  username,
-  ...
-}:
-{
-  # Needed for nvidia and steam
-  nixpkgs.config.allowUnfree = true;
-
-  settei.user.config = {
-    settei.desktop.enable = true;
-    home.packages = with pkgs; [
-      brightnessctl
-      dmenu
-    ];
-
-    xsession.windowManager.i3 = {
-      enable = true;
-      config = {
-        terminal = "wezterm";
-        modifier = "Mod4";
-      };
-    };
-
-    home.file.".xinitrc".source = pkgs.writeShellScript "xinitrc" ''
-      xrandr --setprovideroutputsource modesetting NVIDIA-0
-      xrandr --auto
-      exec dbus-run-session i3
-    '';
-  };
-
-  programs.steam = {
-    enable = true;
-    remotePlay.openFirewall = true;
-    dedicatedServer.openFirewall = true;
-    gamescopeSession = { };
-  };
-
-  hardware.steam-hardware.enable = true;
-
-  services.logind = lib.genAttrs [
-    "lidSwitch"
-    "lidSwitchDocked"
-    "lidSwitchExternalPower"
-  ] (_: "ignore");
-
-  services.pipewire = {
-    enable = true;
-    alsa.enable = true;
-    pulse.enable = true;
-  };
-
-  programs.dconf.enable = true;
-  services.dbus.enable = true;
-
-  users.users.${username}.extraGroups = [
-    "video"
-    "input"
-  ];
-
-  # NVIDIA stuff
-  services.xserver = {
-    enable = true;
-    excludePackages = [ pkgs.xterm ];
-    videoDrivers = [ "nvidia" ];
-    xkb.layout = "pl";
-    displayManager.startx.enable = true;
-    config = lib.mkForce ''
-      Section "OutputClass"
-        Identifier "intel"
-        MatchDriver "i915"
-        Driver "modesetting"
-      EndSection
-
-      Section "OutputClass"
-        Identifier "nvidia"
-        MatchDriver "nvidia-drm"
-        Driver "nvidia"
-        Option "AllowEmptyInitialConfiguration"
-        Option "PrimaryGPU" "yes"
-        ModulePath "${config.hardware.nvidia.package.bin}/lib/xorg/modules"
-        ModulePath "${pkgs.xorg.xorgserver}/lib/xorg/modules"
-      EndSection
-
-      Section "InputClass"
-        Identifier "touchpad"
-        Driver "libinput"
-        MatchIsTouchpad "on"
-        Option "Tapping" "on"
-        Option "TappingButtonMap" "lrm"
-        Option "NaturalScrolling" "true"
-      EndSection
-    '';
-    exportConfiguration = true;
-  };
-  services.libinput.enable = true;
-
-  hardware.nvidia = {
-    patch.enable = true;
-    patch.nvidiaPackage = config.boot.kernelPackages.nvidia_x11_production;
-    open = false;
-    modesetting.enable = true;
-  };
-
-  hardware.graphics = {
-    enable = true;
-    enable32Bit = true;
-  };
-}

hosts/legion/disks.nix

@@ -1,14 +0,0 @@
-_args:
-/*
-  let
-    bootDevice = args.bootDevice or "/dev/nvme0n1";
-  in
-*/
-{
-  assertions = [
-    {
-      assertion = false;
-      message = "Disko config TODO";
-    }
-  ];
-}

hosts/legion/hardware.nix

@@ -1,90 +0,0 @@
-{ config, ... }:
-{
-  boot.initrd.availableKernelModules = [
-    "xhci_pci"
-    "ahci"
-    "nvme"
-    "usbhid"
-    "usb_storage"
-    "uas"
-  ];
-  boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
-  boot.kernelModules = [
-    "kvm-intel"
-    "i2c-dev"
-    "acpi_call"
-  ];
-  boot.blacklistedKernelModules = [ "nouveau" ];
-
-  # Needed for enableAllFirmware
-  nixpkgs.config.allowUnfree = true;
-  hardware = {
-    enableAllFirmware = true;
-    cpu.intel.updateMicrocode = true;
-  };
-
-  services.smartd.enable = true;
-
-  # TODO: Move to disko only
-  # TODO: Actually set up impermanence
-  boot.supportedFilesystems = [ "btrfs" ];
-  boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS";
-
-  fileSystems."/" = {
-    device = "/dev/disk/by-label/LINUX";
-    fsType = "btrfs";
-    options = [
-      "subvol=root"
-      "compress=zstd"
-      "noatime"
-    ];
-  };
-
-  fileSystems."/home" = {
-    device = "/dev/disk/by-label/LINUX";
-    fsType = "btrfs";
-    options = [
-      "subvol=home"
-      "compress=zstd"
-      "noatime"
-    ];
-  };
-
-  fileSystems."/nix" = {
-    device = "/dev/disk/by-label/LINUX";
-    fsType = "btrfs";
-    options = [
-      "subvol=nix"
-      "compress=zstd"
-      "noatime"
-    ];
-  };
-
-  fileSystems."/persist" = {
-    device = "/dev/disk/by-label/LINUX";
-    fsType = "btrfs";
-    options = [
-      "subvol=persist"
-      "compress=zstd"
-      "noatime"
-    ];
-  };
-
-  fileSystems."/var/log" = {
-    device = "/dev/disk/by-label/LINUX";
-    fsType = "btrfs";
-    options = [
-      "subvol=log"
-      "compress=zstd"
-      "noatime"
-    ];
-    neededForBoot = true;
-  };
-
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-label/BOOT";
-    fsType = "vfat";
-  };
-
-  swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
-}

hosts/legion/msmtp.nix

@@ -1,36 +0,0 @@
-# TODO: Potentially make this a common module?
-{
-  pkgs,
-  config,
-  username,
-  ...
-}:
-let
-  mail = "alert@nrab.lol";
-  aliases = pkgs.writeText "mail-aliases" ''
-    ${username}: nikodem@rabulinski.com
-    root: ${mail}
-  '';
-in
-{
-  age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age;
-
-  programs.msmtp = {
-    enable = true;
-    setSendmail = true;
-    defaults = {
-      inherit aliases;
-      tls = "on";
-      auth = "login";
-      tls_starttls = "off";
-    };
-    accounts = {
-      default = {
-        host = "mail.nrab.lol";
-        passwordeval = "cat ${config.age.secrets.alert-plaintext.path}";
-        user = mail;
-        from = mail;
-      };
-    };
-  };
-}

hosts/legion/nas/default.nix

@@ -1,59 +0,0 @@
-{
-  pkgs,
-  lib,
-  username,
-  ...
-}:
-{
-  imports = [ ./media.nix ];
-
-  boot.supportedFilesystems = [
-    "ext4"
-    "zfs"
-  ];
-
-  boot.zfs.extraPools = [ "yottapool" ];
-  services.zfs = {
-    autoScrub.enable = true;
-    zed.settings = {
-      ZED_DEBUG_LOG = "/tmp/zed.debug.log";
-      ZED_EMAIL_ADDR = [ username ];
-      ZED_EMAIL_PROG = lib.getExe pkgs.msmtp;
-      ZED_EMAIL_OPTS = "@ADDRESS@";
-
-      ZED_NOTIFY_INTERVAL_SECS = 3600;
-      ZED_NOTIFY_VERBOSE = true;
-
-      ZED_USE_ENCLOSURE_LEDS = true;
-      ZED_SCRUB_AFTER_RESILVER = true;
-    };
-  };
-
-  fileSystems."/bulk" = {
-    device = "/dev/disk/by-label/BULK";
-    fsType = "ext4";
-  };
-
-  systemd.mounts = [
-    {
-      type = "none";
-      options = "bind";
-      what = "/media/data";
-      where = "/export/yotta-data";
-      requires = [ "zfs-mount.service" ];
-      after = [ "zfs-mount.service" ];
-      wantedBy = [ "multi-user.target" ];
-      before = [ "nfs-server.service" ];
-      requiredBy = [ "nfs-server.service" ];
-    }
-  ];
-
-  services.nfs.server = {
-    enable = true;
-    hostName = "100.84.112.35";
-    exports = ''
-      /export            *(insecure,rw,crossmnt,fsid=0)
-      /export/yotta-data *(insecure,rw,nohide)
-    '';
-  };
-}

hosts/legion/nas/media.nix

@@ -1,132 +0,0 @@
-{
-  config,
-  username,
-  lib,
-  ...
-}:
-{
-  age.secrets.rab-lol-cf = {
-    file = ../../../secrets/rab-lol-cf.age;
-    owner = config.services.nginx.user;
-  };
-
-  services.jellyfin = {
-    enable = true;
-    openFirewall = true;
-  };
-  services.radarr.enable = true;
-  # TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged
-  nixpkgs.config.permittedInsecurePackages = [
-    "dotnet-sdk-6.0.428"
-    "aspnetcore-runtime-6.0.36"
-  ];
-  services.sonarr.enable = true;
-  services.prowlarr.enable = true;
-  services.jellyseerr.enable = true;
-  services.deluge = {
-    enable = true;
-    web.enable = true;
-    config.download_location = "/media/deluge";
-  };
-
-  services.restic.server = {
-    enable = true;
-    dataDir = "/media/restic";
-    extraFlags = [ "--no-auth" ];
-  };
-
-  users.users = {
-    jellyfin.extraGroups = [
-      "radarr"
-      "sonarr"
-    ];
-    radarr.extraGroups = [ "deluge" ];
-    sonarr.extraGroups = [ "deluge" ];
-    ${username}.extraGroups = [ "deluge" ];
-  };
-
-  systemd.services = lib.mkMerge [
-    (lib.genAttrs
-      [
-        "jellyfin"
-        "radarr"
-        "sonarr"
-        "prowlarr"
-        "deluged"
-        "restic-rest-server"
-      ]
-      (_: {
-        requires = [ "zfs-mount.service" ];
-        after = [ "zfs-mount.service" ];
-      })
-    )
-    {
-      jellyseerr.requires = [
-        "jellyfin.service"
-        "radarr.service"
-        "sonarr.service"
-      ];
-
-      radarr.requires = [ "deluged.service" ];
-      sonarr.requires = [ "deluged.service" ];
-    }
-  ];
-
-  services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    virtualHosts =
-      let
-        services = [
-          "jellyfin"
-          "jellyseerr"
-          "deluge"
-          "prowlarr"
-          "sonarr"
-          "radarr"
-        ];
-        mkService = name: {
-          forceSSL = true;
-          useACMEHost = "_wildcard.legion.rab.lol";
-          listen = lib.flatten (
-            map
-              (port: [
-                (port // { addr = config.settei.tailscale.ipv4; })
-                (port // { addr = "[${config.settei.tailscale.ipv6}]"; })
-              ])
-              [
-                { port = 80; }
-                {
-                  port = 443;
-                  ssl = true;
-                }
-              ]
-          );
-
-          locations."/".proxyPass = "http://${name}";
-        };
-        services' = map (service: {
-          name = "${service}.legion.rab.lol";
-          value = mkService service;
-        }) services;
-      in
-      lib.listToAttrs services';
-    upstreams = {
-      jellyfin.servers."localhost:8096" = { };
-      jellyseerr.servers."localhost:5055" = { };
-      deluge.servers."localhost:8112" = { };
-      prowlarr.servers."localhost:9696" = { };
-      radarr.servers."localhost:7878" = { };
-      sonarr.servers."localhost:8989" = { };
-    };
-  };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-  security.acme.acceptTerms = true;
-  security.acme.certs."_wildcard.legion.rab.lol" = {
-    domain = "*.legion.rab.lol";
-    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.rab-lol-cf.path;
-    email = "nikodem@rabulinski.com";
-  };
-}