From a7f6e9f4c7c246d4c52e61d8654b7c2f4d527fd1 Mon Sep 17 00:00:00 2001
From: Gabriel Simmer <g@gmem.ca>
Date: Tue, 5 Sep 2023 17:09:09 +0100
Subject: [PATCH] Cleanup

---
 homelab/vaultwarden-s3.env.age  |  9 ----
 krops/nas/k3s/configuration.nix | 52 ------------------
 krops/nas/k3s/hardware.nix      | 38 --------------
 krops/nas/nixpkgs/n8n.nix       | 93 ---------------------------------
 4 files changed, 192 deletions(-)
 delete mode 100644 homelab/vaultwarden-s3.env.age
 delete mode 100644 krops/nas/k3s/configuration.nix
 delete mode 100644 krops/nas/k3s/hardware.nix
 delete mode 100644 krops/nas/nixpkgs/n8n.nix

diff --git a/homelab/vaultwarden-s3.env.age b/homelab/vaultwarden-s3.env.age
deleted file mode 100644
index 927e5ca..0000000
--- a/homelab/vaultwarden-s3.env.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> piv-p256 JccfSQ AhIbgVYw7nnbfVvpM2755rvolAK+7TVKMYV7+7HXweKW
-tpz/Ea90ttJQanaA033mrIgMzKtIOgiBkcfNY9qPPyM
--> D-grease &[o{ }PTMp/+M y!I
-4B6KLBrcEWiTzcCyfN+EKTd0j9rOPe9RP5KFM87HAmFAOR7fa4yOousUqFvP32Xw
-Xs8hyC4vT+P3buXFMPR/k9yrzJcAOdmB
---- e930foLDztNKnvtkkj6phGiXCo6z02hczVmScHC0uw8
-Y	ù_•AœWæ"#W@^¦‰y4Ò!‘êHz
-°ú)×0Oži5‹9ûV¨7rÖ¦ÙQß(¦ì	™Íš{lÎ.BÖøR¨·¶˜Ä‡U+²hª!h[(©ê1ö ªt #‹è¹ŒƒÁJ±XŒ­¶¼xNCÚÖ)Èi«ï\t»åq
\ No newline at end of file
diff --git a/krops/nas/k3s/configuration.nix b/krops/nas/k3s/configuration.nix
deleted file mode 100644
index deb8617..0000000
--- a/krops/nas/k3s/configuration.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running `nixos-help`).
-
-{ config, pkgs, ... }:
-
-{
-  imports =
-    [
-      ./hardware.nix
-    ];
-
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  time.timeZone = "Europe/London";
-  environment.systemPackages = with pkgs; [
-    vim
-    wget
-    k3s
-    git
-  ];
-  services = {
-    openssh.enable = true;
-    k3s = {
-      enable = true;
-      role = "server";
-      extraFlags = toString [
-        "--secrets-encryption"
-        "--tls-san=192.168.50.229"
-      ];
-    };
-  };
-
-  networking = {
-    hostName = "k3s";
-    domain = "gmem.ca";
-    firewall = {
-      enable = false;
-      allowedTCPPorts = [  6443 80 443 ];
-    };
-
-    nftables.enable = true;
-  };
-  # Copy the NixOS configuration file and link it from the resulting system
-  # (/run/current-system/configuration.nix). This is useful in case you
-  # accidentally delete configuration.nix.
-  system.copySystemConfiguration = true;
-
-  system.stateVersion = "23.05"; # Did you read the comment?
-
-}
diff --git a/krops/nas/k3s/hardware.nix b/krops/nas/k3s/hardware.nix
deleted file mode 100644
index 4685118..0000000
--- a/krops/nas/k3s/hardware.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-# Do not modify this file!  It was generated by â€˜nixos-generate-configâ€™
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/f306aefe-e24d-4f19-9131-124aeb3b0880";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/7562-558C";
-      fsType = "vfat";
-    };
-
-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/b94a7a44-73d2-4c69-aadd-80f030a38bc0"; }
-    ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-}
diff --git a/krops/nas/nixpkgs/n8n.nix b/krops/nas/nixpkgs/n8n.nix
deleted file mode 100644
index 4f3be11..0000000
--- a/krops/nas/nixpkgs/n8n.nix
+++ /dev/null
@@ -1,93 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.services.n8n;
-  format = pkgs.formats.json {};
-  configFile = format.generate "n8n.json" cfg.settings;
-in
-{
-  options.services.n8n = {
-    enable = mkEnableOption (lib.mdDoc "n8n server");
-
-    openFirewall = mkOption {
-      type = types.bool;
-      default = false;
-      description = lib.mdDoc "Open ports in the firewall for the n8n web interface.";
-    };
-
-    settings = mkOption {
-      type = format.type;
-      default = {};
-      description = lib.mdDoc ''
-        Configuration for n8n, see <https://docs.n8n.io/hosting/environment-variables/configuration-methods/>
-        for supported values.
-      '';
-    };
-
-    webhookUrl = mkOption {
-      type = types.str;
-      default = "";
-      description = lib.mdDoc ''
-        WEBHOOK_URL for n8n, in case we're running behind a reverse proxy.
-        This cannot be set through configuration and must reside in an environment variable.
-      '';
-    };
-
-  };
-
-  config = mkIf cfg.enable {
-    services.n8n.settings = {
-      # We use this to open the firewall, so we need to know about the default at eval time
-      port = lib.mkDefault 5678;
-    };
-
-    systemd.services.n8n = {
-      description = "N8N service";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      environment = {
-        # This folder must be writeable as the application is storing
-        # its data in it, so the StateDirectory is a good choice
-        N8N_USER_FOLDER = "/var/lib/n8n";
-        HOME = "/var/lib/n8n";
-        N8N_CONFIG_FILES = "${configFile}";
-        WEBHOOK_URL = "${cfg.webhookUrl}";
-        VUE_APP_URL_BASE_API="https://vancouver.scorpion-ghost.ts.net/n8n/";
-        N8N_PATH="/n8n/";
-        # Don't phone home
-        N8N_DIAGNOSTICS_ENABLED = "false";
-        N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
-      };
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = "${pkgs.n8n}/bin/n8n";
-        Restart = "on-failure";
-        StateDirectory = "n8n";
-
-        # Basic Hardening
-        NoNewPrivileges = "yes";
-        PrivateTmp = "yes";
-        PrivateDevices = "yes";
-        DevicePolicy = "closed";
-        DynamicUser = "true";
-        ProtectSystem = "strict";
-        ProtectHome = "read-only";
-        ProtectControlGroups = "yes";
-        ProtectKernelModules = "yes";
-        ProtectKernelTunables = "yes";
-        RestrictAddressFamilies = "AF_UNIX AF_INET AF_INET6 AF_NETLINK";
-        RestrictNamespaces = "yes";
-        RestrictRealtime = "yes";
-        RestrictSUIDSGID = "yes";
-        MemoryDenyWriteExecute = "no"; # v8 JIT requires memory segments to be Writable-Executable.
-        LockPersonality = "yes";
-      };
-    };
-
-    networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [ cfg.settings.port ];
-    };
-  };
-}