remove aux config

aux-etc-nixos/backupdl-module.nix

@@ -1,53 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-let
-  makeBackup = pkgs.writeScript "make-backupdl" ''
-    #!${pkgs.bash}/bin/bash
-
-    set -e
-
-    export PATH=${pkgs.rsync}/bin:${pkgs.openssh}/bin
-
-    rsync --ignore-existing -av nixbld.m-labs.hk:/home/backupdl /var/lib/backupdl
-  '';
-
-  cfg = config.services.backupdl;
-in
-{
-  options.services.backupdl = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable backups";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    systemd.services.backupdl = {
-      description = "Nixbld backups download";
-      serviceConfig = {
-        Type = "oneshot";
-        User = "backupdl";
-        Group = "backupdl";
-        ExecStart = "${makeBackup}";
-      };
-    };
-
-    users.users.backupdl = {
-      name = "backupdl";
-      group = "backupdl";
-      description = "Nixbld backups download";
-      isSystemUser = true;
-      createHome = true;
-      home = "/var/lib/backupdl";
-      useDefaultShell = true;
-    };
-    users.extraGroups.backupdl = {};
-
-    systemd.timers.backupdl = {
-      description = "Nixbld backups download";
-      wantedBy = [ "timers.target" ];
-      timerConfig.OnCalendar = "*-*-* 18:00:00";
-    };
-  };
-}

aux-etc-nixos/configuration.nix

@@ -1,230 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  netifWan = "enp0s25";
-  netifLan = "enp3s0";
-  netifWifi = "wlp1s0";
-  netifSit = "henet0";
-in
-{
-  imports =
-    [
-      ./hardware-configuration.nix
-      ./backupdl-module.nix
-    ];
-
-  boot.loader.grub.enable = true;
-  boot.loader.grub.version = 2;
-  boot.loader.grub.device = "/dev/sda";
-
-  boot.blacklistedKernelModules = [ "r8169" ];
-  boot.extraModulePackages = [ (pkgs.callPackage ./r8169 { kernel = config.boot.kernelPackages.kernel; }) ];
-
-  networking.hostName = "aux";
-
-  networking.interfaces."${netifWan}".useDHCP = true;
-  services.hostapd = {
-    enable        = true;
-    interface     = netifWifi;
-    hwMode        = "g";
-    ssid          = "M-Labs";
-    wpaPassphrase = (import /etc/nixos/secret/wifi_password.nix);
-    extraConfig   = ''
-      ieee80211d=1
-      country_code=HK
-      ieee80211n=1
-      wmm_enabled=1
-      auth_algs=1
-      wpa_key_mgmt=WPA-PSK
-      rsn_pairwise=CCMP
-    '';
-  };
-  networking.interfaces."${netifLan}" = {
-    ipv4.addresses = [{
-      address = "192.168.1.1";
-      prefixLength = 24;
-    }];
-    ipv6.addresses = [{
-      address = "2001:470:f891:1::";
-      prefixLength = 64;
-    }];
-  };
-  networking.interfaces."${netifWifi}" = {
-    ipv4.addresses = [{
-      address = "192.168.15.1";
-      prefixLength = 24;
-    }];
-    ipv6.addresses = [{
-      address = "2001:470:f891:2::";
-      prefixLength = 64;
-    }];
-  };
-
-  networking.sits."${netifSit}" = {
-    dev = netifWan;
-    remote = "216.218.221.6";
-    local = "94.190.212.123";
-    ttl = 255;
-  };
-  networking.interfaces."${netifSit}".ipv6 = {
-    addresses = [{ address = "2001:470:18:390::2"; prefixLength = 64; }];
-    routes = [{ address = "::"; prefixLength = 0; }];
-  };
-  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = "1";
-  boot.kernel.sysctl."net.ipv6.conf.default.forwarding" = "1";
-  boot.kernel.sysctl."net.ipv6.conf.${netifLan}.accept_dad" = "0";
-  boot.kernel.sysctl."net.ipv6.conf.${netifWifi}.accept_dad" = "0";
-
-  networking.firewall = {
-    allowedTCPPorts = [ 53 ];
-    allowedUDPPorts = [ 53 67 ];
-    trustedInterfaces = [ netifLan ];
-  };
-
-  services.bind = {
-    enable = true;
-    listenOn = [];
-    listenOnIpv6 = [];
-    forwarders = [];
-    extraOptions = "listen-on-v6 port 5354 { ::1; };";
-    extraConfig = ''
-      zone "mil." IN {
-        type forward;
-        forward only;
-        forwarders { 74.82.42.42; };
-      };
-     '';
-    cacheNetworks = [ "::1/128" ];
-  };
-  services.dnsmasq = {
-    enable = true;
-    servers = ["::1#5354"];
-    extraConfig = ''
-      interface=${netifWifi}
-      interface=${netifLan}
-      bind-interfaces
-      dhcp-range=interface:${netifLan},192.168.1.81,192.168.1.254,24h
-      dhcp-range=interface:${netifWifi},192.168.15.10,192.168.15.254,24h
-      enable-ra
-      dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names
-      dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only
-
-      no-resolv
-
-      # Static IPv4s to make port redirections work
-      dhcp-host=chiron,192.168.1.201
-      dhcp-host=old-nixbld,192.168.1.202
-
-      # Google can't do DNS geolocation correctly and slows down websites of everyone using
-      # their shitty font cloud hosting. In HK, you sometimes get IPs behind the GFW that you
-      # cannot reach.
-      address=/fonts.googleapis.com/142.250.207.74
-    '';
-  };
-  networking.nat = {
-    enable = true;
-    externalInterface = netifWan;
-    internalInterfaces = [ netifLan netifWifi ];
-    forwardPorts = [
-      { sourcePort = 2201; destination = "192.168.1.201:22"; proto = "tcp"; }
-      { sourcePort = 2202; destination = "192.168.1.202:22"; proto = "tcp"; }
-    ];
-    extraCommands = ''
-      iptables -w -N block-lan-from-wifi
-      iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
-      iptables -w -A block-lan-from-wifi -i ${netifWifi} -o ${netifLan} -j DROP
-      iptables -w -A FORWARD -j block-lan-from-wifi
-
-      iptables -w -N block-insecure-devices
-      iptables -w -A block-insecure-devices -m mac --mac-source 00:20:0c:6c:ee:ba -j DROP  # keysight SA
-      iptables -w -A block-insecure-devices -m mac --mac-source 74:5b:c5:20:c1:5f -j DROP  # siglent scope
-      iptables -w -A block-insecure-devices -m mac --mac-source 00:0a:35:00:01:23 -j DROP  # function generator
-      iptables -w -A block-insecure-devices -m mac --mac-source 74:5b:c5:21:f1:ee -j DROP  # siglent scope #2
-      iptables -w -A block-insecure-devices -m mac --mac-source 00:19:af:5b:dd:58 -j DROP  # power supply
-      iptables -w -A FORWARD -j block-insecure-devices
-    '';
-    extraStopCommands = ''
-      iptables -w -D FORWARD -j block-lan-from-wifi 2>/dev/null|| true
-      iptables -w -F block-lan-from-wifi 2>/dev/null|| true
-      iptables -w -X block-lan-from-wifi 2>/dev/null|| true
-
-      iptables -w -D FORWARD -j block-insecure-devices 2>/dev/null|| true
-      iptables -w -F block-insecure-devices 2>/dev/null|| true
-      iptables -w -X block-insecure-devices 2>/dev/null|| true
-    '';
-  };
-
-  time.timeZone = "Asia/Hong_Kong";
-  
-  nixpkgs.config.allowUnfree = true;
-  services.avahi.enable = true;
-  services.avahi.publish.enable = true;
-  services.avahi.publish.userServices = true;
-  services.printing.enable = true;
-  services.printing.drivers = [ pkgs.hplipWithPlugin ];
-  services.printing.browsing = true;
-  services.printing.listenAddresses = [ "*:631" ];
-  services.printing.defaultShared = true;
-  hardware.sane.enable = true;
-  hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
-  systemd.sockets.cups.wants = [ "network-setup.service" ];
-  systemd.sockets.cups.after = [ "network-setup.service" ];
-  systemd.sockets.cups.wantedBy = [ "multi-user.target" ];
-  systemd.services.cups.wantedBy = [ "multi-user.target" ];
-
-  users.extraGroups.plugdev = { };
-  users.extraUsers.root = {
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
-    ];
-    shell = pkgs.fish;
-  };
-  # https://github.com/NixOS/nixpkgs/issues/155357
-  security.sudo.enable = true;
-  users.users.sb = {
-    isNormalUser = true;
-    extraGroups = ["lp" "scanner" "plugdev"];
-    openssh.authorizedKeys.keys = [
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyPk5WyFoWSvF4ozehxcVBoZ+UHgrI7VW/OoQfFFwIQe0qvetUZBMZwR2FwkLPAMZV8zz1v4EfncudEkVghy4P+/YVLlDjqDq9zwZnh8Nd/ifu84wmcNWHT2UcqnhjniCdshL8a44memzABnxfLLv+sXhP2x32cJAamo5y6fukr2qLp2jbXzR+3sv3klE0ruUXis/BR1lLqNJEYP8jB6fLn2sLKinnZPfn6DwVOk10mGeQsdME/eGl3phpjhODH9JW5V2V5nJBbC0rBnq+78dyArKVqjPSmIcSy72DEIpTctnMEN1W34BGrnsDd5Xd/DKxKxHKTMCHtZRwLC2X0NWN"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCMALVC8RDTHec+PC8y1s3tcpUAODgq6DEzQdHDf/cyvDMfmCaPiMxfIdmkns5lMa03hymIfSmLUF0jFFDc7biRp7uf9AAXNsrTmplHii0l0McuOOZGlSdZM4eL817P7UwJqFMxJyFXDjkubhQiX6kp25Kfuj/zLnupRCaiDvE7ho/xay6Jrv0XLz935TPDwkc7W1asLIvsZLheB+sRz9SMOb9gtrvk5WXZl5JTOFOLu+JaRwQLHL/xdcHJTOod7tqHYfpoC5JHrEwKzbhTOwxZBQBfTQjQktKENQtBxXHTe71rUEWfEZQGg60/BC4BrRmh4qJjlJu3v4VIhC7SSHn1"
-    ];
-    shell = pkgs.fish;
-  };
-
-  documentation.enable = false;
-  environment.systemPackages = with pkgs; [
-    wget vim git usbutils pciutils file lm_sensors acpi
-    psmisc
-    iw
-    tmux
-    bind
-    nixopsUnstable
-    imagemagick
-  ];
-
-  programs.mosh.enable = true;
-  programs.fish.enable = true;
-
-  services.openssh.enable = true;
-  services.openssh.forwardX11 = true;
-  services.openssh.passwordAuthentication = false;
-  services.openssh.extraConfig =
-    ''
-    StreamLocalBindUnlink yes
-    '';
-
-  services.backupdl.enable = true;
-
-  services.udev.extraRules =
-    ''
-    # label printer
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="07cf", ATTRS{idProduct}=="4204", MODE="0660", GROUP="plugdev"
-    '';
-
-  nix.settings.trusted-public-keys = ["nixbld.m-labs.hk-1:5aSRVA5b320xbNvu30tqxVPXpld73bhtOeH6uAjRyHc="];
-  nix.settings.substituters = ["https://nixbld.m-labs.hk" "https://cache.nixos.org"];
-  nix.settings.trusted-users = ["sb"];
-
-  system.stateVersion = "22.05";
-}

aux-etc-nixos/r8169/default.nix

@@ -1,42 +0,0 @@
-{ stdenv, lib, kernel }:
-
-
-let modDestDir = "$out/lib/modules/${kernel.modDirVersion}/kernel/drivers/net/wireless/realtek/r8169";
-
-in stdenv.mkDerivation rec {
-  name = "r8169-${kernel.version}-${version}";
-  version = "6.031.00";
-
-  src = ./r8169-${version}.tar.bz2;
-
-  hardeningDisable = [ "pic" ];
-
-  nativeBuildInputs = kernel.moduleBuildDependencies;
-
-  # rename to avoid conflict with totally broken piece of crap from mainline kernel
-  patchPhase =
-    ''
-    substituteInPlace src/Makefile --replace r8169.o r8169-vendor.o
-    substituteInPlace src/Makefile --replace r8169-objs r8169-vendor-objs
-    '';
-
-  # avoid using the Makefile directly -- it doesn't understand
-  # any kernel but the current.
-  # based on the ArchLinux pkgbuild: https://git.archlinux.org/svntogit/community.git/tree/trunk/PKGBUILD?h=packages/r8168
-  makeFlags = kernel.makeFlags ++ [
-    "-C ${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
-    "M=$(PWD)/src"
-    "modules"
-  ];
-  preBuild = ''
-    makeFlagsArray+=("EXTRA_CFLAGS=-DCONFIG_R8169_NAPI -DCONFIG_R8169_VLAN -DCONFIG_ASPM -DENABLE_S5WOL -DENABLE_EEE")
-  '';
-
-  enableParallelBuilding = true;
-
-  installPhase = ''
-    mkdir -p ${modDestDir}
-    find . -name '*.ko' -exec cp --parents '{}' ${modDestDir} \;
-    find ${modDestDir} -name '*.ko' -exec xz -f '{}' \;
-  '';
-}