1 files changed, 0 insertions, 218 deletions

diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix
deleted file mode 100644
index 31307cd10e..0000000000
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ /dev/null
@@ -1,218 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-with lib;
-
-{
-  imports = [
-    ../modules/common.nix
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  networking.hostName = "mugwump";
-
-  boot = {
-    loader.systemd-boot.enable = true;
-
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
-
-    initrd = {
-      availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-      kernelModules = [
-        "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"
-      ];
-
-      postDeviceCommands = pkgs.lib.mkBefore ''
-        mkdir -m 0755 -p /key
-        sleep 2
-        mount -n -t vfat -o ro `findfs UUID=9048-A9D5` /key
-      '';
-
-      luks.devices."cryptroot" = {
-        device = "/dev/disk/by-uuid/803a9028-339c-4617-a213-4fe138161f6d";
-        keyFile = "/key/keyfile";
-        preLVM = false;
-      };
-    };
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mapper/cryptroot";
-      fsType = "btrfs";
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/7D74-0E4B";
-      fsType = "vfat";
-    };
-  };
-
-  networking.interfaces = {
-    enp0s25.useDHCP = false;
-    wlp2s0.useDHCP = false;
-  };
-
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-
-  security.sudo.extraRules = [{
-    groups = ["wheel"];
-    commands = [{ command = "ALL"; options = ["NOPASSWD"]; }];
-  }];
-
-  nix.gc.dates = "monthly";
-
-  services.fail2ban = {
-    enable = true;
-    ignoreIP = [
-      "172.16.0.0/16"
-    ];
-  };
-
-  services.openssh = {
-    allowSFTP = false;
-    passwordAuthentication = false;
-    permitRootLogin = "no";
-  };
-
-  services.grafana = {
-    enable = true;
-    port = 3000;
-    domain = "metrics.gws.fyi";
-    rootUrl = "https://metrics.gws.fyi";
-    dataDir = "/var/lib/grafana";
-    analytics.reporting.enable = false;
-
-    provision = {
-      enable = true;
-      datasources = [{
-        name = "Prometheus";
-        type = "prometheus";
-        url = "localhost:9090";
-      }];
-    };
-  };
-
-  security.acme.email = "root@gws.fyi";
-  security.acme.acceptTerms = true;
-
-  services.nginx = {
-    enable = true;
-    statusPage = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedTlsSettings = true;
-
-    virtualHosts = {
-      "metrics.gws.fyi" = {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://localhost:${toString config.services.grafana.port}";
-        };
-      };
-
-      "wigglydonke.rs" = {
-        enableACME = true;
-        forceSSL = true;
-        root = ../../../wigglydonke.rs;
-      };
-    };
-  };
-
-  security.acme.certs."metrics.gws.fyi" = {
-    dnsProvider = "namecheap";
-    credentialsFile = "/etc/secrets/namecheap.env";
-    webroot = mkForce null;
-  };
-
-  services.prometheus = {
-    enable = true;
-    exporters = {
-      node = {
-        enable = true;
-        openFirewall = false;
-
-        enabledCollectors = [
-          "processes"
-          "systemd"
-          "tcpstat"
-          "wifi"
-          "textfile"
-        ];
-
-        extraFlags = [
-          "--collector.textfile.directory=/var/lib/prometheus/node-exporter"
-        ];
-      };
-
-      nginx = {
-        enable = true;
-        openFirewall = true;
-        sslVerify = false;
-        constLabels = [ "host=mugwump" ];
-      };
-    };
-
-    scrapeConfigs = [{
-      job_name = "node";
-      scrape_interval = "5s";
-      static_configs = [{
-        targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
-      }];
-    } {
-      job_name = "nginx";
-      scrape_interval = "5s";
-      static_configs = [{
-        targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];
-      }];
-    }];
-  };
-
-  systemd.services."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" "fail2ban.service" ];
-    serviceConfig = {
-      User = "root";
-      Type = "oneshot";
-      ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" ''
-        set -eo pipefail
-        mkdir -p /var/lib/prometheus/node-exporter
-        exec ${pkgs.python3.withPackages (p: [
-          p.prometheus_client
-        ])}/bin/python ${pkgs.fetchurl {
-          url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py";
-          sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4";
-        }}
-      '';
-    };
-
-    path = with pkgs; [ fail2ban ];
-  };
-
-  systemd.timers."prometheus-fail2ban-exporter" = {
-    wantedBy = [ "multi-user.target" ];
-    timerConfig.OnCalendar = "minutely";
-  };
-
-  virtualisation.docker.enable = true;
-
-  services.buildkite-agents = listToAttrs (map (n: rec {
-    name = "mugwump-${toString n}";
-    value = {
-      inherit name;
-      enable = true;
-      tokenPath = "/etc/secrets/buildkite-agent-token";
-      privateSshKeyPath = "/etc/secrets/buildkite-ssh-key";
-      runtimePackages = with pkgs; [
-        docker
-        nix
-        gnutar
-        gzip
-      ];
-    };
-  }) (range 1 1));
-
-  users.users."buildkite-agent-mugwump-1".extraGroups = [ "docker" ];
-  users.users."buildkite-agent-mugwump-2".extraGroups = [ "docker" ];
-}