From cf1b2f0887950bbd12f26d31cd9f21118dfdfe7f Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Wed, 13 Nov 2024 16:44:28 +0200 Subject: [PATCH] feat: move dns --- hosts/dns/default.nix | 17 --- lxc/.gitignore | 1 + lxc/flake.lock | 161 +++++++++++++++++++++++++ lxc/flake.nix | 18 +++ lxc/hosts/default.nix | 7 ++ {systems => lxc}/hosts/dns/default.nix | 12 +- lxc/profiles/common/nix.nix | 14 +++ lxc/profiles/default.nix | 3 + lxc/profiles/generic/default.nix | 22 ++++ lxc/profiles/generic/generic.nix | 53 ++++++++ lxc/profiles/generic/roles.nix | 26 ++++ lxc/roles/base.nix | 23 ++++ lxc/roles/cadvisor.nix | 32 +++++ lxc/roles/default.nix | 9 ++ lxc/roles/prometheus.nix | 70 +++++++++++ lxc/roles/tailscale.nix | 34 ++++++ lxc/systems.nix | 45 +++++++ tamma.yaml => lxc/tamma.yaml | 0 lxc/util.nix | 27 +++++ secrets/dns/secrets.yaml | 7 +- systems/hosts/default.nix | 5 - 21 files changed, 558 insertions(+), 28 deletions(-) delete mode 100644 hosts/dns/default.nix create mode 100644 lxc/.gitignore create mode 100644 lxc/flake.lock create mode 100644 lxc/flake.nix create mode 100644 lxc/hosts/default.nix rename {systems => lxc}/hosts/dns/default.nix (92%) create mode 100644 lxc/profiles/common/nix.nix create mode 100644 lxc/profiles/default.nix create mode 100644 lxc/profiles/generic/default.nix create mode 100644 lxc/profiles/generic/generic.nix create mode 100644 lxc/profiles/generic/roles.nix create mode 100644 lxc/roles/base.nix create mode 100644 lxc/roles/cadvisor.nix create mode 100644 lxc/roles/default.nix create mode 100644 lxc/roles/prometheus.nix create mode 100644 lxc/roles/tailscale.nix create mode 100644 lxc/systems.nix rename tamma.yaml => lxc/tamma.yaml (100%) create mode 100644 lxc/util.nix diff --git a/hosts/dns/default.nix b/hosts/dns/default.nix deleted file mode 100644 index d840393..0000000 --- a/hosts/dns/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{config, ...}: { - sops.secrets.rootPwd.neededForUsers = true; - sops.secrets.liljamoPwd.neededForUsers = true; - - roles.base = { - root.hashedPasswordFile = config.sops.secrets.rootPwd.path; - primaryUser = { - username = "liljamo"; - hashedPasswordFile = config.sops.secrets.liljamoPwd.path; - }; - }; - - roles.tailscale = { - enable = true; - enableSSH = true; - }; -} diff --git a/lxc/.gitignore b/lxc/.gitignore new file mode 100644 index 0000000..c4a847d --- /dev/null +++ b/lxc/.gitignore @@ -0,0 +1 @@ +/result diff --git a/lxc/flake.lock b/lxc/flake.lock new file mode 100644 index 0000000..0b612fd --- /dev/null +++ b/lxc/flake.lock @@ -0,0 +1,161 @@ +{ + "nodes": { + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1727826117, + "narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1729386149, + "narHash": "sha256-hUP9oxmnOmNnKcDOf5Y55HQ+NnoT0+bLWHLQWLLw9Ks=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "cce4521b6df014e79a7b7afc58c703ed683c916e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1729472750, + "narHash": "sha256-s93LPHi5BN7I2xSGNAFWiYb8WRsPvT1LE9ZjZBrpFlg=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "7c60ba4bc8d6aa2ba3e5b0f6ceb9fc07bc261565", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1731245184, + "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "aebe249544837ce42588aa4b2e7972222ba12e8f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1731497087, + "narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1731489818, + "narHash": "sha256-VpMvK9x/CWykzWEENEpukNNIE3oW6M5NGNv3tdKB9OY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1252394ddb5900089300b8e602302c0fa85da4d2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1730327045, + "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1731245184, + "narHash": "sha256-vmLS8+x+gHRv1yzj3n+GTAEObwmhxmkkukB2DwtJRdU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "aebe249544837ce42588aa4b2e7972222ba12e8f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-parts": "flake-parts", + "nixos-generators": "nixos-generators", + "nixpkgs": "nixpkgs_2", + "sops-nix": "sops-nix" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1729999681, + "narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/lxc/flake.nix b/lxc/flake.nix new file mode 100644 index 0000000..021beb7 --- /dev/null +++ b/lxc/flake.nix @@ -0,0 +1,18 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; + + flake-parts.url = "github:hercules-ci/flake-parts"; + nixos-generators.url = "github:nix-community/nixos-generators"; + sops-nix.url = "github:Mic92/sops-nix"; + }; + + outputs = inputs @ {self, ...}: + inputs.flake-parts.lib.mkFlake {inherit inputs;} { + imports = [ + ./systems.nix + ]; + + systems = []; + }; +} diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix new file mode 100644 index 0000000..8b629de --- /dev/null +++ b/lxc/hosts/default.nix @@ -0,0 +1,7 @@ +profiles: { + dns = { + system = "x86_64-linux"; + profile = profiles.generic; + modules = []; + }; +} diff --git a/systems/hosts/dns/default.nix b/lxc/hosts/dns/default.nix similarity index 92% rename from systems/hosts/dns/default.nix rename to lxc/hosts/dns/default.nix index db01412..0b3dd5b 100644 --- a/systems/hosts/dns/default.nix +++ b/lxc/hosts/dns/default.nix @@ -1,4 +1,8 @@ -{artautil, ...}: let +{ + config, + util, + ... +}: let proxyAlias = "proxy.home.arpa"; proxyIP = "10.1.2.10"; @@ -12,6 +16,10 @@ rlUrl = ".rustylily.home.arpa"; uwUrl = ".uwulpine.home.arpa"; in { + sops.secrets.rootPwd.neededForUsers = true; + + roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path; + networking.firewall.allowedTCPPorts = [ portDoT portWebDoH @@ -45,7 +53,7 @@ in { "registry${uwUrl}" = proxyIP; "registryui${uwUrl}" = proxyIP; } - // artautil.getDNSEntries "lxc"; + // util.getDNSEntries; }; blocking = { blackLists = { diff --git a/lxc/profiles/common/nix.nix b/lxc/profiles/common/nix.nix new file mode 100644 index 0000000..b8ed0ed --- /dev/null +++ b/lxc/profiles/common/nix.nix @@ -0,0 +1,14 @@ +{ + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 7d"; + }; + settings = { + auto-optimise-store = true; + experimental-features = ["nix-command" "flakes"]; + trusted-users = ["@wheel"]; + }; + }; +} diff --git a/lxc/profiles/default.nix b/lxc/profiles/default.nix new file mode 100644 index 0000000..428b7e5 --- /dev/null +++ b/lxc/profiles/default.nix @@ -0,0 +1,3 @@ +lib: inputs: { + generic = import ./generic lib inputs; +} diff --git a/lxc/profiles/generic/default.nix b/lxc/profiles/generic/default.nix new file mode 100644 index 0000000..17aced6 --- /dev/null +++ b/lxc/profiles/generic/default.nix @@ -0,0 +1,22 @@ +lib: inputs: { + modules = [ + "${inputs.nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + { + proxmoxLXC.manageNetwork = true; + proxmoxLXC.manageHostName = true; + } + + inputs.sops-nix.nixosModules.sops + + ../../roles + + ../common/nix.nix + + ./generic.nix + ./roles.nix + ]; + specialArgs = { + inherit inputs; + util = import ../../util.nix {inherit lib;}; + }; +} diff --git a/lxc/profiles/generic/generic.nix b/lxc/profiles/generic/generic.nix new file mode 100644 index 0000000..6e453c6 --- /dev/null +++ b/lxc/profiles/generic/generic.nix @@ -0,0 +1,53 @@ +{ + util, + config, + lib, + ... +}: { + sops.defaultSopsFile = ../../../secrets/${config.networking.hostName}/secrets.yaml; + + time.timeZone = "Europe/Helsinki"; + + networking.defaultGateway = { + address = "10.1.2.1"; + interface = "eth0"; + }; + networking.nameservers = ["10.1.2.3"]; + networking.interfaces."eth0".ipv4.addresses = [ + { + address = util.getIPv4 config.networking.hostName; + prefixLength = 24; + } + ]; + + nix.settings.trusted-users = ["root"]; + + users.users.root = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGAlif3ABIk0YSx++A+sEeRYPNMMZWLcDuoTKhmcCL6K jonni@liljamo.com" + ]; + }; + + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkForce false; + KbdInteractiveAuthentication = lib.mkForce false; + PermitRootLogin = lib.mkForce "prohibit-password"; + }; + }; + + systemd.suppressedSystemUnits = [ + "systemd-udev-trigger.service" + "systemd-udevd.service" + "sys-fs-fuse-connections.mount" + "sys-kernel-debug.mount" + "dev-mqueue.mount" + ]; + services = { + journald.extraConfig = "SystemMaxUse=4G"; + cron.systemCronJobs = [ + "0 22 * * * root journalctl --vacuum-time=7d" + ]; + }; +} diff --git a/lxc/profiles/generic/roles.nix b/lxc/profiles/generic/roles.nix new file mode 100644 index 0000000..842df65 --- /dev/null +++ b/lxc/profiles/generic/roles.nix @@ -0,0 +1,26 @@ +{ + roles.tailscale = { + enable = true; + enableSSH = true; + }; + + roles.prometheus.exporters = { + enable = true; + openFirewall = true; + node = { + enable = true; + extraFlags = [ + "--collector.disable-defaults" + "--collector.filesystem" + "--collector.stat" + "--collector.time" + ]; + }; + systemd.enable = true; + }; + + roles.cadvisor = { + enable = true; + openFirewall = true; + }; +} diff --git a/lxc/roles/base.nix b/lxc/roles/base.nix new file mode 100644 index 0000000..e77f8ac --- /dev/null +++ b/lxc/roles/base.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.base; +in { + options.roles.base = { + root = lib.mkOption { + type = lib.types.submodule { + options = { + hashedPasswordFile = lib.mkOption { + type = lib.types.path; + }; + }; + }; + }; + }; + + config = { + users.users.root.hashedPasswordFile = cfg.root.hashedPasswordFile; + }; +} diff --git a/lxc/roles/cadvisor.nix b/lxc/roles/cadvisor.nix new file mode 100644 index 0000000..2fd0597 --- /dev/null +++ b/lxc/roles/cadvisor.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + ... +}: let + cfg = config.roles.cadvisor; +in { + options.roles.cadvisor = { + enable = lib.mkEnableOption "cadvisor"; + port = lib.mkOption { + type = lib.types.port; + default = 9080; + }; + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Wheter to open firewall port for cadvisor"; + }; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ + cfg.port + ]; + + services.cadvisor = { + enable = true; + listenAddress = "0.0.0.0"; + port = cfg.port; + }; + }; +} diff --git a/lxc/roles/default.nix b/lxc/roles/default.nix new file mode 100644 index 0000000..a45e34c --- /dev/null +++ b/lxc/roles/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./base.nix + + ./cadvisor.nix + ./prometheus.nix + ./tailscale.nix + ]; +} diff --git a/lxc/roles/prometheus.nix b/lxc/roles/prometheus.nix new file mode 100644 index 0000000..c6cbaf5 --- /dev/null +++ b/lxc/roles/prometheus.nix @@ -0,0 +1,70 @@ +{ + lib, + config, + ... +}: let + cfg = config.roles.prometheus; +in { + options.roles.prometheus = { + exporters = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "prometheus exporters"; + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Wheter to open firewall ports for enabled exporters"; + }; + node = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "node exporter"; + port = lib.mkOption { + type = lib.types.port; + default = 9100; + }; + extraFlags = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; + }; + }; + }; + systemd = lib.mkOption { + type = lib.types.submodule { + options = { + enable = lib.mkEnableOption "systemd exporter"; + port = lib.mkOption { + type = lib.types.port; + default = 9558; + }; + }; + }; + }; + }; + }; + default = {}; + }; + }; + + # FIXME: this or top level prometheus server enable + config = lib.mkIf cfg.exporters.enable { + # FIXME: only open for exporters that are enabled + networking.firewall.allowedTCPPorts = lib.mkIf cfg.exporters.openFirewall [ + cfg.exporters.node.port + cfg.exporters.systemd.port + ]; + + services.prometheus.exporters = lib.mkIf cfg.exporters.enable { + node = lib.mkIf cfg.exporters.node.enable { + enable = true; + port = cfg.exporters.node.port; + extraFlags = cfg.exporters.node.extraFlags; + }; + systemd = lib.mkIf cfg.exporters.systemd.enable { + enable = true; + port = cfg.exporters.systemd.port; + }; + }; + }; +} diff --git a/lxc/roles/tailscale.nix b/lxc/roles/tailscale.nix new file mode 100644 index 0000000..2cd9878 --- /dev/null +++ b/lxc/roles/tailscale.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: let + cfg = config.roles.tailscale; +in { + options.roles.tailscale = { + enable = lib.mkEnableOption "Tailscale"; + authKeyFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + }; + interfaceName = lib.mkOption { + type = lib.types.str; + default = "tailscale0"; + }; + enableSSH = lib.mkOption { + type = lib.types.bool; + default = false; + }; + }; + + config = lib.mkIf cfg.enable { + services.tailscale = { + enable = true; + authKeyFile = lib.mkIf (cfg.authKeyFile != null) cfg.authKeyFile; + extraUpFlags = lib.mkIf (cfg.enableSSH) ["--ssh"]; # TODO: Make modular for multiple possible flags. + interfaceName = cfg.interfaceName; + openFirewall = false; + useRoutingFeatures = "none"; + }; + }; +} diff --git a/lxc/systems.nix b/lxc/systems.nix new file mode 100644 index 0000000..9c32a57 --- /dev/null +++ b/lxc/systems.nix @@ -0,0 +1,45 @@ +{ + lib, + inputs, + ... +}: { + flake = let + mkHost = name: cfg: + inputs.nixpkgs.lib.nixosSystem { + system = cfg.system; + specialArgs = cfg.profile.specialArgs; + modules = + cfg.profile.modules + ++ cfg.modules + ++ [ + ./hosts/${name} + { + networking.hostName = name; + } + ]; + }; + + /* + mkLXCTemplatePackage = name: cfg: + inputs.nixos-generators.nixosGenerate { + system = cfg.system; + specialArgs = cfg.profile.specialArgs; + modules = + cfg.profile.modules + ++ cfg.modules + ++ [ + { + networking.hostName = name; + } + ]; + format = "proxmox-lxc"; + }; + */ + + profiles = import ./profiles lib inputs; + hosts = import ./hosts profiles; + in { + nixosConfigurations = lib.mapAttrs mkHost hosts; + #packages.x86_64-linux = inputs.nixpkgs.lib.mapAttrs mkLXCTemplatePackage templatePackages; + }; +} diff --git a/tamma.yaml b/lxc/tamma.yaml similarity index 100% rename from tamma.yaml rename to lxc/tamma.yaml diff --git a/lxc/util.nix b/lxc/util.nix new file mode 100644 index 0000000..d42384b --- /dev/null +++ b/lxc/util.nix @@ -0,0 +1,27 @@ +{lib, ...}: let + hostnameIPv4 = { + "dns" = "10.1.2.3"; + "metrics" = "10.1.2.5"; + "oci" = "10.1.2.9"; + "proxy" = "10.1.2.10"; + "auth" = "10.1.2.12"; + "cloud" = "10.1.2.15"; + "social" = "10.1.2.17"; + }; + + # getIPv4 "hostname" + getIPv4 = hostname: hostnameIPv4.${hostname}; + + # getHostnames + getHostnames = builtins.attrNames hostnameIPv4; + + # getDNSEntries + getDNSEntries = + lib.attrsets.mapAttrs' + (name: value: lib.attrsets.nameValuePair (name + ".home.arpa") value) + hostnameIPv4; +in { + getIPv4 = getIPv4; + getHostnames = getHostnames; + getDNSEntries = getDNSEntries; +} diff --git a/secrets/dns/secrets.yaml b/secrets/dns/secrets.yaml index 3a28f4d..81c8fdb 100644 --- a/secrets/dns/secrets.yaml +++ b/secrets/dns/secrets.yaml @@ -1,5 +1,4 @@ -rootPwd: ENC[AES256_GCM,data:cuZt7paSCrVK7rp88SXhrFmko7YLIWgNG3KNmcelCBJBvoCAlLwSdfXMKljMGWTBB5qs+GQTSYlbPlqjRfWEX/imABrivg8YMGNn4o8O0hkWvyc9IYCGFVaTJkrB5gNpkMLEHda05Wvf/w==,iv:n+tuhDnyYIe9xl9YYPkhMnh5W/g3Ceg7E5Nuy5pu97s=,tag:aq37MjrsizGuwIHgDGt2dw==,type:str] -liljamoPwd: ENC[AES256_GCM,data:MMissiTedcpmM7cWGm3PL3/7mrRMLcHatf4BHTcrR1BjGkpEuSIwFxQGgbhulj2Taa4djdL7013tS6Jbb+Hz/o/yL1SrKDD5w0y1hwXcjfDYTsys9uly5UoCtQDLG0gFn4FLxv00ATufdw==,iv:psHrWXFAsUKcgDnDjAOdAOo6bF8h8yr/MLyJeC1+cRI=,tag:BC4EaIT3Rqw/2W1LXxxIvA==,type:str] +rootPwd: ENC[AES256_GCM,data:s/VdQNQSmepsk8+Fp2ryDo6AwHxX51cRnSndfcZjMxV5vosGcCa82zXVps4Lloxq4lzg5ZOGPqpCVmqpmzNhfoPOXy73JaVQB/ITU20pO8l9e65PUTvZRBhEEpNnWlf9AOa7A1aqMnxi+w==,iv:T/nVYNOvYqymCQk18oWkS5YjNxBkZsN+DqjiPqEPg5M=,tag:9PCrU/m1pKqNwgSgBgGdIA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +14,8 @@ sops: ZVRRZ1hkRllRd1BGTmU0STVQNWVGT1UKE4PBQjAlb0NCI8vrAv9GpsmJFBkR6qRw 4RYHGreTyTgE1NLyf4d+AMIrTmfIXixx4SeiInO4tmMct6ds1gwMAw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-08-18T09:49:50Z" - mac: ENC[AES256_GCM,data:No+EUPIds/phGQHY+Lw/8Ict+iLn+0509oXcx2sW2OjGnGU3mJ4uFPrtpoEJ/JWyHUwKhVkuNmqNT4zYe+qVnGUYxnTDFnjcC+nlcIxIkI9vxQhDYruS0FitxuG6BK+6YLmOszmMIEHf2MZUfK5MFvPqAn2gQbzPXzNj+fzW2xo=,iv:seFsJRgJbrHATjTuJ1y55WrrOait56oXSjvB41i29kY=,tag:Zi0N+niUxzqhKytwAZ5RpA==,type:str] + lastmodified: "2024-11-13T13:29:04Z" + mac: ENC[AES256_GCM,data:+jWbH78CfAnrT6VbYbnQpK0UYZq3pnhXOx+UDULIOms3ESJnJWDiQQ13G+EUEcJ5tJuZajB9iXYHWBcRMuJlfDiqXeHI4LPxC1rUftNsTiz9bDcAOu1ctRWTvSJ08kszbR3BsxkpYNRX74Wc233N0qIkP9hpSWrk3CLtJ3mzYb4=,iv:SoiZ9y6vCDYvR/+KMgInmy9qdTJwipk7LLQlL3zgKbs=,tag:MjR7CmhzfzzL1j3sLNiy5g==,type:str] pgp: - created_at: "2024-08-18T09:36:11Z" enc: |- diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix index b7f6cbb..bfcfdcd 100644 --- a/systems/hosts/default.nix +++ b/systems/hosts/default.nix @@ -27,11 +27,6 @@ profile = lxc; modules = []; }; - dns = { - system = "x86_64-linux"; - profile = lxc; - modules = []; - }; metrics = { system = "x86_64-linux"; profile = lxc; -- 2.44.1