Merge pull request 'colmena + multi location' (#64) from colmena into main

Reviewed-on: #64
2022-07-31 10:51:25 +02:00 · 2022-07-31 10:51:25 +02:00 · ed53c577a2
commit ed53c577a2
parent d80ffb138c ecfc36e017
26 changed files with 138 additions and 175 deletions
--- a/flake.lock
+++ b/flake.lock
@ -26,23 +26,20 @@
    "deploy-rs": {
      "inputs": {
        "flake-compat": "flake-compat_2",
-        "nixpkgs": [
+        "nixpkgs": "nixpkgs_2",
-          "nixpkgs"
+        "utils": "utils_3"
        ],
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1653594315,
+        "lastModified": 1648475189,
-        "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=",
+        "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "184349d8149436748986d1bdba087e4149e9c160",
+        "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
        "type": "github"
      },
      "original": {
-        "owner": "serokell",
+        "id": "deploy-rs",
-        "repo": "deploy-rs",
+        "type": "indirect"
        "type": "github"
      }
    },
    "flake-compat": {
@ -203,7 +200,7 @@
        "nixpkgs": [
          "nixpkgs"
        ],
-        "utils": "utils_3"
+        "utils": "utils_2"
      },
      "locked": {
        "lastModified": 1659144434,
@ -222,7 +219,7 @@
    "nix": {
      "inputs": {
        "lowdown-src": "lowdown-src",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1633098935,
@ -240,7 +237,7 @@
    "nix_2": {
      "inputs": {
        "lowdown-src": "lowdown-src_2",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1633098935,
@ -273,17 +270,18 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1632864508,
+        "lastModified": 1648219316,
-        "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
+        "narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
+        "rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634",
        "type": "github"
      },
      "original": {
-        "id": "nixpkgs",
+        "owner": "NixOS",
-        "ref": "nixos-21.05-small",
+        "ref": "nixpkgs-unstable",
-        "type": "indirect"
+        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs_3": {
@ -301,10 +299,24 @@
        "type": "indirect"
      }
    },
    "nixpkgs_4": {
      "locked": {
        "lastModified": 1632864508,
        "narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "82891b5e2c2359d7e58d08849e4c89511ab94234",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
        "ref": "nixos-21.05-small",
        "type": "indirect"
      }
    },
    "root": {
      "inputs": {
        "colmena": "colmena",
        "deploy-rs": "deploy-rs",
        "minecraft-servers": "minecraft-servers",
        "nixpkgs": "nixpkgs",
        "serokell-nix": "serokell-nix",
@ -313,9 +325,7 @@
    },
    "serokell-nix": {
      "inputs": {
-        "deploy-rs": [
+        "deploy-rs": "deploy-rs",
          "deploy-rs"
        ],
        "flake-compat": "flake-compat_3",
        "flake-utils": "flake-utils_2",
        "gitignore-nix": "gitignore-nix",
@ -370,21 +380,6 @@
      }
    },
    "utils_2": {
      "locked": {
        "lastModified": 1648297722,
        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "utils_3": {
      "inputs": {
        "flake-utils": "flake-utils"
      },
@ -402,6 +397,21 @@
        "type": "github"
      }
    },
    "utils_3": {
      "locked": {
        "lastModified": 1648297722,
        "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "vault-secrets": {
      "inputs": {
        "flake-compat": "flake-compat_4",
--- a/flake.nix
+++ b/flake.nix
@ -8,15 +8,11 @@
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
    deploy-rs.url = "github:serokell/deploy-rs";
    deploy-rs.inputs.nixpkgs.follows = "nixpkgs";
    colmena.url = "github:zhaofengli/colmena";
    colmena.inputs.nixpkgs.follows = "nixpkgs";
    serokell-nix.url = "github:serokell/serokell.nix";
    serokell-nix.inputs.nixpkgs.follows = "nixpkgs";
    serokell-nix.inputs.deploy-rs.follows = "deploy-rs";
    vault-secrets.url = "github:serokell/vault-secrets";
    vault-secrets.inputs.nixpkgs.follows = "nixpkgs";
@ -26,87 +22,73 @@
  };
  outputs =
-    { self, nixpkgs, deploy-rs, vault-secrets, serokell-nix, ... }@inputs:
+    { self, nixpkgs, vault-secrets, serokell-nix, minecraft-servers, colmena, ... }@inputs:
    let
      inherit (nixpkgs) lib;
-      inherit (builtins) filter mapAttrs;
+      inherit (builtins) filter mapAttrs attrValues concatLists;
      system = "x86_64-linux";
-      hosts = import ./hosts.nix;
+      # import and add location qualifier to all hosts
      hosts = mapAttrs (location: lhosts: map ({ tags ? [ ], ... }@x: x // { tags = [ location ] ++ tags; inherit location; }) lhosts) (import ./nixos/hosts);
      # flatten hosts to single list
      flat_hosts = concatLists (attrValues hosts);
      # Filter all nixos host definitions that are actual nix machines
      nixHosts = filter ({ nix ? true, ... }: nix) flat_hosts;
      # Define args each module gets access to (access to hosts is useful for DNS/DHCP)
      specialArgs = { inherit hosts flat_hosts inputs; };
-      # Create a nixosConfiguration based on a foldername (nixname) and if the host is an LXC container or a VM.
+      # Resolve imports based on a foldername (nixname) and if the host is an LXC container or a VM.
-      mkConfig = { hostname, profile ? hostname, lxc ? true, ... }: {
+      resolveImports = { hostname, location, profile ? hostname, lxc ? true, ... }: [
-        "${profile}" = lib.nixosSystem {
+        ./nixos/common
-          inherit system;
+        "${./.}/nixos/hosts/${location}/${profile}/configuration.nix"
-          modules = [
+      ] ++ (if lxc then [
-            ./nixos/common
+        "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
-            "${./.}/nixos/hosts/${profile}/configuration.nix"
+        ./nixos/common/generic-lxc.nix
-          ] ++ (if lxc then [
+      ]
-            "${nixpkgs}/nixos/modules/virtualisation/lxc-container.nix"
+      else [ ./nixos/common/generic-vm.nix ]);
-            ./nixos/common/generic-lxc.nix
+
-          ] else
+      mkConfig = { hostname, ... }@host: {
-            [ ./nixos/common/generic-vm.nix ]);
+        "${hostname}" = lib.nixosSystem {
-          specialArgs = { inherit hosts inputs; };
+          inherit system specialArgs;
          modules = resolveImports host;
        };
      };
-      # Same as above, but for the nodes part of deploy.
+      mkColmenaHost = { ip, hostname, tags, location, ... }@host: {
      mkDeploy = { ip, hostname, profile ? hostname, ... }: {
        "${hostname}" = {
-          hostname = ip;
+          imports = resolveImports host;
-          fastConnection = true;
+          networking = {
-          profiles.system = {
+            hostName = hostname;
-            user = "root";
+            domain = location;
-            path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${profile};
+          };
          deployment = {
            inherit tags;
            targetHost = ip;
            targetUser = null; # Defaults to $USER
          };
        };
      };
      # Generates hosts.auto.tfvars.json for Terraform
      genTFVars =
        let
          hostToVar = z@{ hostname, mac, ... }: {
            "${hostname}" = { inherit mac; };
          };
          hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts;
          json = builtins.toJSON { hosts = hostSet; };
        in
        pkgs.writeScriptBin "gen-tf-vars" ''
          echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json;
          echo "Generated Terraform Variables";
        '';
      # Import all nixos host definitions that are actual nix machines
      nixHosts = filter ({ nix ? true, ... }: nix) hosts;
      pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
    in
    {
-      # Make the config and deploy sets
+      # Make the nixosConfigurations, mostly for vault-secrets
      nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
      deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
-
+      # Make the coleman configuration
-      apps.${system} = rec {
+      colmena = lib.foldr (el: acc: acc // mkColmenaHost el)
-        default = deploy;
+        {
-        deploy = {
+          meta = {
-          type = "app";
+            nixpkgs = import nixpkgs {
-          program = "${deploy-rs.packages.${system}.deploy-rs}/bin/deploy";
+              inherit system;
-        };
+              overlays = [
-        vault-push-approles = {
+                (import ./nixos/pkgs)
-          type = "app";
+                minecraft-servers.overlays.default
-          program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
+              ];
-        };
+            };
-        vault-push-approle-envs = {
+            inherit specialArgs;
-          type = "app";
+          };
-          program =
+        }
-            "${pkgs.vault-push-approle-envs self}/bin/vault-push-approle-envs";
+        nixHosts;
        };
        tfvars = {
          type = "app";
          program = "${genTFVars}/bin/gen-tf-vars";
        };
      };
      # Use by running `nix develop`
      devShells.${system}.default = pkgs.mkShell {
@ -114,7 +96,7 @@
        # This only support bash so just execute zsh in bash as a workaround :/
        shellHook = "zsh; exit $?";
        buildInputs = with pkgs; [
-          deploy-rs.packages.${system}.deploy-rs
+          colmena.packages.x86_64-linux.colmena
          fluxcd
          k9s
          kubectl
@ -123,17 +105,9 @@
          nixfmt
          nixUnstable
          vault
-          # (vault-push-approles self { })
+          (vault-push-approle-envs self)
-          # (vault-push-approle-envs self { })
+          (vault-push-approle-approles self)
          genTFVars
        ];
      };
      # Filter out non-system checks: https://github.com/NixOS/nixpkgs/issues/175875#issuecomment-1152996862
      checks = lib.filterAttrs
        (a: _: a == system)
        (builtins.mapAttrs
          (system: deployLib: deployLib.deployChecks self.deploy)
          deploy-rs.lib);
    };
 }
--- a/nixos/common/default.nix
+++ b/nixos/common/default.nix
@ -1,4 +1,4 @@
-{ config, inputs, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 {
  imports = [
@ -24,12 +24,19 @@
        "https://cachix.cachix.org"
        "https://nix-community.cachix.org"
        "https://nixpkgs-review-bot.cachix.org"
        "https://colmena.cachix.org"
      ];
      trusted-public-keys = [
        "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
        "nixpkgs-review-bot.cachix.org-1:eppgiDjPk7Hkzzz7XlUesk3rcEHqNDozGOrcLc8IqwE="
        "colmena.cachix.org-1:7BzpDnjjH8ki2CT3f6GdOk7QAzPOl+1t3LvTLXqYcSg="
      ];
    # Also use zsh for root;
    };
    optimise = {
      automatic = true;
      dates = [ "weekly" ];
    };
    extraOptions = ''
      experimental-features = nix-command flakes
@ -37,10 +44,6 @@
  };
  nixpkgs.config.allowUnfree = true;
  nixpkgs.overlays = [
    (import ../pkgs)
    inputs.minecraft-servers.overlays.default
  ];
  # Limit the systemd journal to 100 MB of disk or the
  # last 7 days of logs, whichever happens first.
@ -56,7 +59,7 @@
    permitRootLogin = "no";
  };
-  vault-secrets = {
+  vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
    vaultPrefix = "secrets/nixos";
    vaultAddress = "http://vault.olympus:8200/";
    approlePrefix = "olympus-${config.networking.hostName}";
--- a/nixos/common/users/default.nix
+++ b/nixos/common/users/default.nix
@ -48,13 +48,13 @@
    ];
    # Make me admin
-    extraGroups = [ "wheel" ];
+    extraGroups = [ "systemd-journal" "wheel" ];
  };
  # Configure the root account
  users.extraUsers.root = {
    # Allow my SSH keys for logging in as root.
-    openssh.authorizedKeys.keys = config.users.users.victor.openssh.authorizedKeys.keys;
+    openssh.authorizedKeys.keys = config.users.extraUsers.victor.openssh.authorizedKeys.keys;
    # Also use zsh for root
    shell = pkgs.zsh;
  };
--- a/nixos/hosts/default.nix
+++ b/nixos/hosts/default.nix
@ -0,0 +1,4 @@
 {
  hades = import ./hades;
  olympus = import ./olympus;
 }
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@ -0,0 +1 @@
 []
--- a/nixos/hosts/olympus/_template/configuration.nix
+++ b/nixos/hosts/olympus/_template/configuration.nix
@ -7,8 +7,6 @@
 {
  imports = [ ];
  networking.hostName = "template";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/bastion/configuration.nix
+++ b/nixos/hosts/olympus/bastion/configuration.nix
@ -28,8 +28,6 @@ in {
  boot.loader.grub.version = 2;
  boot.loader.grub.device = "/dev/sda";
  networking.hostName = "bastion";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@ -45,7 +43,6 @@ in {
  # Additional packages
  environment.systemPackages = with pkgs; [
    binutils
    checkov
    fix-vscode
    fluxcd
    k9s
--- a/nixos/hosts/olympus/bastion/hardware-configuration.nix
+++ b/nixos/hosts/olympus/bastion/hardware-configuration.nix
--- a/nixos/hosts/olympus/database/configuration.nix
+++ b/nixos/hosts/olympus/database/configuration.nix
@ -9,8 +9,6 @@ in
 {
  imports = [ ];
  networking.hostName = "database";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/default.nix
+++ b/nixos/hosts/olympus/default.nix
@ -46,6 +46,7 @@
    ip = "10.42.42.9";
    ip6 = "2001:41f0:9639:1:68c2:89ff:fe85:cfa6";
    mac = "6A:C2:89:85:CF:A6";
    tags = [ "web" ];
  }
  {
    hostname = "k3s-node1";
@ -97,7 +98,6 @@
    hostname = "minecraft";
    ip = "10.42.42.21";
    mac = "EA:30:73:E4:B6:69";
    nix = false;
  }
  {
    hostname = "gitea";
--- a/nixos/hosts/olympus/dhcp/configuration.nix
+++ b/nixos/hosts/olympus/dhcp/configuration.nix
@ -5,11 +5,12 @@ let
    hostName = hostname;
    ipAddress = ip;
  };
  localDomain = config.networking.domain;
  hosts' = hosts.${localDomain};
 in {
  imports = [ ];
  networking = {
    hostName = "dhcp";
    defaultGateway = "10.42.42.1";
    nameservers = [ "10.42.42.15" "10.42.42.16" ];
    interfaces.eth0 = {
@ -41,12 +42,12 @@ in {
      option broadcast-address 10.42.43.255;
      option routers 10.42.42.1;
      option domain-name-servers 10.42.42.15, 10.42.42.16;
-      option domain-name "olympus";
+      option domain-name "${localDomain}";
-      option domain-search "olympus";
+      option domain-search "${localDomain}";
      subnet 10.42.42.0 netmask 255.255.254.0 {
        range 10.42.43.1 10.42.43.254;
      }
    '';
-    machines = map hostToDhcp hosts;
+    machines = map hostToDhcp hosts';
  };
 }
--- a/nixos/hosts/olympus/dns/configuration.nix
+++ b/nixos/hosts/olympus/dns/configuration.nix
@ -1,18 +1,18 @@
-{ config, pkgs, hosts, ... }:
+{ config, pkgs, hosts, flat_hosts, ... }:
 let
-  inherit (builtins) filter hasAttr;
+  inherit (builtins) filter hasAttr attrNames;
-  localdomain = "olympus";
+  hosts' = flat_hosts;
-  ipv6Hosts = filter (hasAttr "ip6") hosts;
+  domains = attrNames hosts;
-  localData = { hostname, ip, ... }: ''"${hostname}.${localdomain}. A ${ip}"'';
+  ipv6Hosts = filter (hasAttr "ip6") hosts';
-  local6Data = { hostname, ip6, ... }: ''"${hostname}.${localdomain}. AAAA ${ip6}"'';
+
-  ptrData = { hostname, ip, ... }: ''"${ip} ${hostname}.${localdomain}"'';
+  localData = { hostname, location, ip, ... }: ''"${hostname}.${location}. A ${ip}"'';
-  ptr6Data = { hostname, ip6, ... }: ''"${ip6} ${hostname}.${localdomain}"'';
+  local6Data = { hostname, location, ip6, ... }: ''"${hostname}.${location}. AAAA ${ip6}"'';
  ptrData = { hostname, location, ip, ... }: ''"${ip} ${hostname}.${location}"'';
  ptr6Data = { hostname, location, ip6, ... }: ''"${ip6} ${hostname}.${location}"'';
 in {
  imports = [ ];
  networking.hostName = "dns";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@ -37,15 +37,16 @@ in {
        interface-automatic = "yes";
        interface = [ "0.0.0.0" "::0" ];
-        local-zone = ''"${localdomain}." transparent'';
+        local-zone = map (localdomain: ''"${localdomain}}." transparent'') domains;
-        local-data = (map localData hosts) ++ (map local6Data ipv6Hosts);
+        local-data = (map localData hosts') ++ (map local6Data ipv6Hosts);
-        local-data-ptr = (map ptrData hosts) ++ (map ptr6Data ipv6Hosts);
+        local-data-ptr = (map ptrData hosts') ++ (map ptr6Data ipv6Hosts);
        access-control = [
          "127.0.0.1/32 allow_snoop"
          "::1 allow_snoop"
          "10.42.0.0/16 allow"
          "127.0.0.0/8 allow"
          "192.168.0.0/23 allow"
          "192.168.2.0/24 allow"
          "::1/128 allow"
        ];
--- a/nixos/hosts/olympus/gitea/configuration.nix
+++ b/nixos/hosts/olympus/gitea/configuration.nix
@ -6,8 +6,6 @@
 {
  imports = [ ];
  networking.hostName = "gitea";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/hedgedoc/configuration.nix
+++ b/nixos/hosts/olympus/hedgedoc/configuration.nix
@ -11,8 +11,6 @@ in
 {
  imports = [ ];
  networking.hostName = "hedgedoc";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/k3s/configuration.nix
+++ b/nixos/hosts/olympus/k3s/configuration.nix
@ -14,8 +14,6 @@
  boot.kernel.sysctl."fs.inotify.max_user_instances" = 2147483647; # INT_MAX, dynamically limited based on available memory
  boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
  networking.hostName = "k3s-node1";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/k3s/hardware-configuration.nix
+++ b/nixos/hosts/olympus/k3s/hardware-configuration.nix
--- a/nixos/hosts/olympus/minecraft/configuration.nix
+++ b/nixos/hosts/olympus/minecraft/configuration.nix
@ -6,8 +6,6 @@
 {
  imports = [ ];
  networking.hostName = "minecraft";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@ -24,7 +22,7 @@
  networking.firewall.allowedTCPPorts = [ ];
  services.minecraft-server = {
-    enable = true;
+    enable = false;
    package = pkgs.minecraftServers.purpur_1_18;
    jvmOpts = "--add-modules=jdk.incubator.vector -Xmx2048M -Xms2048M";
--- a/nixos/hosts/olympus/minio/configuration.nix
+++ b/nixos/hosts/olympus/minio/configuration.nix
@ -10,8 +10,6 @@ let
 in {
  imports = [ ];
  networking.hostName = "minio";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/mosquitto/configuration.nix
+++ b/nixos/hosts/olympus/mosquitto/configuration.nix
@ -8,8 +8,6 @@ in
 {
  imports = [ ];
  networking.hostName = "mosquitto";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/nginx/configuration.nix
+++ b/nixos/hosts/olympus/nginx/configuration.nix
@ -24,8 +24,6 @@ let
  '';
 in
 {
  networking.hostName = "nginx";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/synapse/configuration.nix
+++ b/nixos/hosts/olympus/synapse/configuration.nix
@ -11,8 +11,6 @@ in
 {
  imports = [ ];
  networking.hostName = "synapse";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/unifi/configuration.nix
+++ b/nixos/hosts/olympus/unifi/configuration.nix
@ -7,8 +7,6 @@
 {
  imports = [ ];
  networking.hostName = "unifi";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/vault/configuration.nix
+++ b/nixos/hosts/olympus/vault/configuration.nix
@ -5,8 +5,6 @@
 { config, pkgs, ... }:
 let port = 8200;
 in {
  networking.hostName = "vault";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/victoriametrics/configuration.nix
+++ b/nixos/hosts/olympus/victoriametrics/configuration.nix
@ -10,8 +10,6 @@ in
 {
  imports = [ ];
  networking.hostName = "victoriametrics";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/nixos/hosts/olympus/wireguard/configuration.nix
+++ b/nixos/hosts/olympus/wireguard/configuration.nix
@ -7,8 +7,6 @@ let vs = config.vault-secrets.secrets; in
 {
  imports = [ ];
  networking.hostName = "wireguard";
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave