Fix mailserver and vault warden

2025-01-01 22:23:27 -05:00 · 2025-01-01 22:23:27 -05:00 · 26551f207d
commit 26551f207d
parent 26c14a5b7c
7 changed files with 48 additions and 104 deletions
--- a/hosts/kitty/boot/default.nix
+++ b/hosts/kitty/boot/default.nix
@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, ... }:
 {
  boot = {
    kernelPackages = pkgs.linuxPackages_hardened;
--- a/hosts/prophet/boot/default.nix
+++ b/hosts/prophet/boot/default.nix
@ -1,37 +1,7 @@
-{ pkgs, ... }:
+{ lib, pkgs, ... }:
 {
  boot = {
-    initrd = {
-      systemd = {
-        enable = true;
-        services.root-reset = {
-          description = "Reset root and snapshot last boot";
-          wantedBy = [ "initrd.target" ];
-          after = [ "dev-${config.networking.hostName}-root.device" ];
-          before = [ "sysroot.mount" ];
-          unitConfig.DefaultDependencies = "no";
-          serviceConfig.Type = "oneshot";
-          script = ''
-            mkdir -p /mnt
-            mount /dev/${config.networking.hostName}/root /mnt
-
-            if [[ -e /mnt/prev ]]; then
-              btrfs subvolume delete /mnt/prev
-            fi
-
-            btrfs subvolume snapshot /mnt/root /mnt/prev
-
-            btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do
-              btrfs subvolume delete "/mnt/$subvolume"
-            done
-
-            btrfs subvolume delete /mnt/root
-            btrfs subvolume create /mnt/root
-
-            umount /mnt
-          '';
-        };
-      };
-    };
+    kernelPackages = pkgs.linuxPackages_hardened;
+    initrd.systemd.services.root-reset.enable = lib.mkForce false;
  };
 }
--- a/hosts/prophet/default.nix
+++ b/hosts/prophet/default.nix
@ -1,28 +1,26 @@
-{ config, ... }:
+{ lib, ... }:
 {
  imports = [
+    ./boot
+    ./filesystems
    ./hardware
-
-    # Apps and programs
-    ../../../modules/system
-    ../../../modules/system/accounts
-    ../../../modules/system/devices/filesystems
-    ../../../modules/system/devices/boot/systemd
-    ../../../modules/system/devices/networking
-    ../../../modules/system/devices/networking/firewall/pc
-    ../../../modules/system/devices/networking/wireguard/pc
-    ../../../modules/system/programs/git
-    ../../../modules/system/programs/security
-    ../../../modules/system/services/common
-    ../../../modules/system/services/server/acme
-    ../../../modules/system/services/server/webhost/nginx
-    ../../../modules/system/services/server/mailserver
-
-    # Misc
-    ../../../overlays
-    ../../../variables
+    ./users
+    ../../modules/system
  ];

-  networking.hostName = "prophet";
-  networking.wireguard.interfaces.wgc.ips = [ "10.100.0.19/24" ];
+  networking = {
+    hostName = "prophet";
+    hostId = "97a21a38";
+    wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ];
+  };
+
+  environment.persistence."/persist".enable = lib.mkForce false;
+
+  system = {
+    desktop.enable = false;
+    mailserver.enable = true;
+    wireless.enable = false;
+    wireguard.client.enable = true;
+    stateVersion = "24.05";
+  };
 }