From 27ff9dc82e03c18e242f31007c0d50555c4cb90e Mon Sep 17 00:00:00 2001 From: chn Date: Wed, 10 Sep 2025 22:22:37 +0800 Subject: [PATCH] devices.one: remove --- .sops.yaml | 7 ++----- devices/cross/ssh.nix | 1 - devices/cross/wireguard.nix | 7 +++---- devices/one/default.nix | 35 ---------------------------------- devices/one/secrets.yaml | 32 ------------------------------- flake/dns/config/chn.moe.nix | 1 - flake/dns/config/wireguard.nix | 1 - flake/nixos.nix | 2 +- 8 files changed, 6 insertions(+), 80 deletions(-) delete mode 100644 devices/one/default.nix delete mode 100644 devices/one/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index b6d914a3..bd32ce6b 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,7 +4,6 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age - &vps4 age1yvrl4y0r6yzcxzzkgfwshlrtsjt8uuya6rfwks09pnft7esfcyvqmrtm5q - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6 - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3 - - &one age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp - &srv1-node0 age1nzetyehldf3gl6pr6mu5d2cv387p8wjqn6wfpll7a3sl8us6n38s0ds633 - &srv1-node1 age1wj33xt8nj7rhnsenepsf6k3lmq5vk4wn84jwr55qy9cwu05xn5cspg3h7t - &srv1-node2 age16e7ykphshal6qhwfvat698hl48s8yr0jvzh27ecdyfh5uk7t9u6s753jgy @@ -22,8 +21,6 @@ creation_rules: key_groups: [{ age: [ *chn, *vps6 ] }] - path_regex: devices/nas/.*$ key_groups: [{ age: [ *chn, *nas ] }] - - path_regex: devices/one/.*$ - key_groups: [{ age: [ *chn, *one ] }] - path_regex: devices/srv1/secrets/.*$ key_groups: [{ age: [ *chn, *srv1-node0, *srv1-node1, *srv1-node2 ] }] - path_regex: devices/srv1/node0/.*$ @@ -46,8 +43,8 @@ creation_rules: key_groups: [{ age: [ *chn, *test-pc-vm ] }] - path_regex: devices/cross/secrets/default.yaml$ key_groups: - - age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1, + - age: [ *chn, *pc, *vps4, *vps6, *nas, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1, *test, *test-pc, *test-pc-vm] - path_regex: devices/cross/secrets/chn.yaml$ key_groups: - - age: [ *chn, *pc, *one, *nas ] + - age: [ *chn, *pc, *nas ] diff --git a/devices/cross/ssh.nix b/devices/cross/ssh.nix index cd210920..ef28b1ae 100644 --- a/devices/cross/ssh.nix +++ b/devices/cross/ssh.nix @@ -19,7 +19,6 @@ let initrdPublicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT"; extraAccess = [ "ssh.git" ]; }; - one.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIC5i2Z/vK0D5DBRg3WBzS2ejM0U+w3ZPDJRJySdPcJ5d"; pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ"; srv1-node0 = { publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; }; diff --git a/devices/cross/wireguard.nix b/devices/cross/wireguard.nix index e58e983f..3abd5ca5 100644 --- a/devices/cross/wireguard.nix +++ b/devices/cross/wireguard.nix @@ -6,7 +6,6 @@ let vps6 = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4="; pc = "l1gFSDCeBxyf/BipXNvoEvVvLqPgdil84nmr5q6+EEw="; nas = "xCYRbZEaGloMk7Awr00UR3JcDJy4AzVp4QvGNoyEgFY="; - one = "Hey9V9lleafneEJwTLPaTV11wbzCQF34Cnhr0w2ihDQ="; srv1-node0 = "Br+ou+t9M9kMrnNnhTvaZi2oNFRygzebA1NqcHWADWM="; srv1-node1 = "wyNONnJF2WHykaHsQIV4gNntOaCsdTfi7ysXDsR2Bww="; srv1-node2 = "zWvkVyJwtQhwmxM2fHwNDnK+iwYm1O0RHrwCQ/VXdEo="; @@ -62,16 +61,16 @@ let (builtins.listToAttrs ( (builtins.map (n: { name = n; value = getAddress n; }) [ "vps4" "vps6" ]) - ++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" "srv1-node0" "srv2-node0" ]) + ++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "srv1-node0" "srv2-node0" ]) )) # 校内网络 (builtins.listToAttrs ( (builtins.map (n: { name = n; value = getAddress n; }) [ "srv1-node0" "srv2-node0" ]) - ++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" "one" ]) + ++ (builtins.map (n: { name = n; value = null; }) [ "pc" "nas" ]) )) # 办公室或者宿舍局域网 - (builtins.listToAttrs (builtins.map (n: { name = n; value = getAddress n; }) [ "pc" "nas" "one" ])) + (builtins.listToAttrs (builtins.map (n: { name = n; value = getAddress n; }) [ "pc" "nas" ])) # 集群内部网络 (builtins.listToAttrs (builtins.map (n: { name = "srv1-node${builtins.toString n}"; value = "192.168.178.${builtins.toString (n + 1)}"; }) diff --git a/devices/one/default.nix b/devices/one/default.nix deleted file mode 100644 index 30b73450..00000000 --- a/devices/one/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -inputs: -{ - config = - { - nixos = - { - model = { type = "desktop"; private = true; }; - system = - { - fileSystems = - { - mount = - { - vfat."/dev/disk/by-partlabel/one-boot" = "/boot"; - btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; }; - }; - luks.auto."/dev/disk/by-partlabel/one-root" = { mapper = "root"; ssd = true; }; - swap = [ "/nix/swap/swap" ]; - resume = { device = "/dev/mapper/root"; offset = 4728064; }; - }; - nixpkgs.march = "tigerlake"; - }; - hardware.gpu.type = "intel"; - services = - { - xray.client = {}; - beesd."/".hashTableSizeMB = 64; - sshd = {}; - waydroid = {}; - }; - bugs = [ "xmunet" ]; - }; - specialisation.niri.configuration.nixos.system.gui.implementation = "niri"; - }; -} diff --git a/devices/one/secrets.yaml b/devices/one/secrets.yaml deleted file mode 100644 index 6ff93d12..00000000 --- a/devices/one/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -xray-client: - uuid: ENC[AES256_GCM,data:GmfSlDQjO4aBq3u50jnFjOR9VxamYHzokUrO9IpIGuBx0j8e,iv:++O2wBUCnHDPowRgtxPQJQePXP2Cda74WXQvlKHbHNw=,tag:XDWhiXwT718RgrBw7L5yzw==,type:str] -wireguard: ENC[AES256_GCM,data:OuduClOu9y9adCcV1+U/NLp/t1yWPkuyptproTJv4beImptrLOVGbhb5fb8=,iv:qa1jpzAlUEhPBznZw6j4CYquTCpmNZ+uNbyHjH2qGy4=,tag:+5I2CRuyCAMSy74xVtdJGA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOUJWMm5xT040cEoxQit5 - ZnhhQWVyWjlnejhzQlEvVVg3ZGVJb05iL1hjCnF5bzFTUTZFYkNQR0k5U0xmOW1t - TXhsRHFIeVBBSXc1UURON2M4MDlTMEUKLS0tIGdSbTdZdmdjY0dmNjkrRjd0VkhK - eWV6SDJqT1B2MEp1MURkV0E4S3Z0Zm8KX9lEjG4u2QRe1zH+13rbedCWl1B7vvl8 - 2iMHj1qQ4JkCeq83llEH5IuDXKYnKKXSi8l3nU/l6Aw6yx/KHDFK/g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1m7nrxfw22wvp7pj8y9pdl745w95x89uu8dzl9ppsaazweqf2lqms5yshsp - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2K3VKTVJqMTl2cWxUZHhM - OVg5ZjN0VGNpVXQ5M1FKZHloZ0ZnWTZ2ZWowCjJIYTlhRU8wd1JienlUTHIwWXYw - eFY1d2MxeStBd013VmszbTUzTkF6U2cKLS0tIDdDNXp4OTdQRjN0MGdIOS9oSldU - ZW5PT3VYZWhDMkZUeHViZE41eUhna2sKc8J8mJ8ge9KMb5p6Xi/vRIIXZMEj6Ih+ - LjLKsgDfMbqNqKaQXSvC3tbvI/dDoiStyCsf4rkTY9QOkyEI80MtXg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-10T10:44:01Z" - mac: ENC[AES256_GCM,data:Sso6g9UEH7faygbcrypsnB/4h8cIwveLdVI+YgDDfTHMC5nxXj+xtfFHhzao1pkyvF0avUVjsMVXLRcB48eDcbZdXwBvoNKg0mpL7VAeOnDuwElI6GGpRVTaOsZC9LT9d1kuGkmavMljCvmaA3sPLZsvW3Hqjdicj+suMoQJ/nE=,iv:DYf0m9PfJ1qx3gI/6T6ByxJWHrdVGgiNMCVhcBOrgBw=,tag:Ddw2HFuCmk6PFnxF4G13hQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/flake/dns/config/chn.moe.nix b/flake/dns/config/chn.moe.nix index 20988744..572d3dc5 100644 --- a/flake/dns/config/chn.moe.nix +++ b/flake/dns/config/chn.moe.nix @@ -28,7 +28,6 @@ let { nas = "192.168.1.2"; pc = "192.168.1.3"; - one = "192.168.1.4"; office = "210.34.16.20"; srv1-node0 = "59.77.36.250"; vps4 = "104.234.37.61"; diff --git a/flake/dns/config/wireguard.nix b/flake/dns/config/wireguard.nix index b29c33f6..c96959e3 100644 --- a/flake/dns/config/wireguard.nix +++ b/flake/dns/config/wireguard.nix @@ -6,7 +6,6 @@ vps6 = 1; pc = 3; nas = 4; - one = 5; srv1-node0 = 9; srv1-node1 = 6; srv1-node2 = 8; diff --git a/flake/nixos.nix b/flake/nixos.nix index 9e1b01c2..b0303b02 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,6 +1,6 @@ { inputs, localLib }: let - singles = [ "nas" "pc" "vps4" "vps6" "one" "r2s" ]; + singles = [ "nas" "pc" "vps4" "vps6" "r2s" ]; cluster = { srv1 = 3; srv2 = 2; }; deviceModules = builtins.listToAttrs (