From 10b0df38b4286237b56ff9177f8d4c5676bfb5c1 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Mon, 30 Oct 2023 04:22:32 -0400
Subject: tree-wide: refactor

i went overboard on modules. this is much comfier
---
 parts/systems/atlas/default.nix                    |  50 ------
 parts/systems/atlas/hardware-configuration.nix     |  29 ----
 parts/systems/atlas/miniflux.nix                   |  20 ---
 parts/systems/atlas/nginx.nix                      |  32 ----
 parts/systems/caroline/default.nix                 |  17 --
 parts/systems/default.nix                          |  47 -----
 parts/systems/glados-wsl/default.nix               |  39 -----
 parts/systems/glados/boot.nix                      |  25 ---
 parts/systems/glados/default.nix                   |  61 -------
 parts/systems/glados/hardware-configuration.nix    |  72 --------
 parts/systems/profiles.nix                         | 102 -----------
 parts/systems/turret/default.nix                   |  38 -----
 parts/systems/turret/files/etc/config/dhcp         |  55 ------
 parts/systems/turret/files/etc/config/dropbear     |   5 -
 parts/systems/turret/files/etc/config/firewall     | 189 ---------------------
 .../turret/files/etc/config/https-dns-proxy        |  18 --
 parts/systems/turret/files/etc/config/luci         |  41 -----
 parts/systems/turret/files/etc/config/network      |  29 ----
 parts/systems/turret/files/etc/config/rpcd         |  10 --
 parts/systems/turret/files/etc/config/system       |  16 --
 parts/systems/turret/files/etc/config/ucitrack     |  56 ------
 parts/systems/turret/files/etc/config/uhttpd       |  31 ----
 parts/systems/turret/files/etc/config/wireless     |  34 ----
 .../turret/files/etc/dropbear/authorized_keys      |   1 -
 24 files changed, 1017 deletions(-)
 delete mode 100644 parts/systems/atlas/default.nix
 delete mode 100644 parts/systems/atlas/hardware-configuration.nix
 delete mode 100644 parts/systems/atlas/miniflux.nix
 delete mode 100644 parts/systems/atlas/nginx.nix
 delete mode 100644 parts/systems/caroline/default.nix
 delete mode 100644 parts/systems/default.nix
 delete mode 100644 parts/systems/glados-wsl/default.nix
 delete mode 100644 parts/systems/glados/boot.nix
 delete mode 100644 parts/systems/glados/default.nix
 delete mode 100644 parts/systems/glados/hardware-configuration.nix
 delete mode 100644 parts/systems/profiles.nix
 delete mode 100644 parts/systems/turret/default.nix
 delete mode 100644 parts/systems/turret/files/etc/config/dhcp
 delete mode 100644 parts/systems/turret/files/etc/config/dropbear
 delete mode 100644 parts/systems/turret/files/etc/config/firewall
 delete mode 100644 parts/systems/turret/files/etc/config/https-dns-proxy
 delete mode 100644 parts/systems/turret/files/etc/config/luci
 delete mode 100644 parts/systems/turret/files/etc/config/network
 delete mode 100644 parts/systems/turret/files/etc/config/rpcd
 delete mode 100644 parts/systems/turret/files/etc/config/system
 delete mode 100644 parts/systems/turret/files/etc/config/ucitrack
 delete mode 100644 parts/systems/turret/files/etc/config/uhttpd
 delete mode 100644 parts/systems/turret/files/etc/config/wireless
 delete mode 100644 parts/systems/turret/files/etc/dropbear/authorized_keys

(limited to 'parts/systems')

diff --git a/parts/systems/atlas/default.nix b/parts/systems/atlas/default.nix
deleted file mode 100644
index 24cb139..0000000
--- a/parts/systems/atlas/default.nix
+++ /dev/null
@@ -1,50 +0,0 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
-  imports = [
-    ./hardware-configuration.nix
-    ./miniflux.nix
-    ./nginx.nix
-  ];
-
-  _module.args.nixinate = {
-    host = "atlas";
-    sshUser = "root";
-    buildOn = "remote";
-    substituteOnTarget = true;
-    hermetic = false;
-  };
-
-  boot = {
-    loader.systemd-boot.enable = true;
-    loader.efi.canTouchEfiVariables = true;
-    tmp.cleanOnBoot = true;
-  };
-
-  networking = {
-    domain = "mydadleft.me";
-    hostName = "atlas";
-  };
-
-  services = {
-    guzzle-api = {
-      enable = true;
-      domain = "api.${config.networking.domain}";
-      nginx = {
-        enableACME = true;
-        acmeRoot = null;
-        addSSL = true;
-      };
-    };
-  };
-
-  users.users.atlas = {
-    isNormalUser = true;
-    shell = pkgs.bash;
-    passwordFile = config.age.secrets.userPassword.path;
-  };
-
-  zramSwap.enable = true;
-}
diff --git a/parts/systems/atlas/hardware-configuration.nix b/parts/systems/atlas/hardware-configuration.nix
deleted file mode 100644
index 00c6cd8..0000000
--- a/parts/systems/atlas/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{modulesPath, ...}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
-
-  boot = {
-    extraModulePackages = [];
-    kernelModules = [];
-
-    initrd = {
-      availableKernelModules = ["virtio_pci" "usbhid"];
-      kernelModules = [];
-    };
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/f0c84809-83f5-414b-a973-496d25d74c6d";
-      fsType = "ext4";
-    };
-
-    "/boot" = {
-      device = "/dev/disk/by-uuid/A253-0826";
-      fsType = "vfat";
-    };
-  };
-
-  swapDevices = [];
-}
diff --git a/parts/systems/atlas/miniflux.nix b/parts/systems/atlas/miniflux.nix
deleted file mode 100644
index 5ed5d40..0000000
--- a/parts/systems/atlas/miniflux.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  config,
-  self,
-  ...
-}: {
-  config = {
-    age.secrets = {
-      miniflux.file = "${self}/parts/secrets/systems/${config.networking.hostName}/miniflux.age";
-    };
-
-    services.miniflux = {
-      enable = true;
-      adminCredentialsFile = config.age.secrets.miniflux.path;
-      config = {
-        BASE_URL = "https://miniflux.${config.networking.domain}";
-        LISTEN_ADDR = "localhost:7000";
-      };
-    };
-  };
-}
diff --git a/parts/systems/atlas/nginx.nix b/parts/systems/atlas/nginx.nix
deleted file mode 100644
index cdf483d..0000000
--- a/parts/systems/atlas/nginx.nix
+++ /dev/null
@@ -1,32 +0,0 @@
-{
-  config,
-  self,
-  ...
-}: let
-  inherit (config.networking) domain;
-  inherit (self.lib.utils.nginx) mkVHosts mkProxy;
-in {
-  server = {
-    acme.enable = true;
-    services.cloudflared.enable = true;
-  };
-
-  services.nginx = {
-    enable = true;
-
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-
-    virtualHosts = mkVHosts {
-      "miniflux.${domain}" = {
-        locations = mkProxy "/" "7000";
-      };
-
-      "msix.${domain}" = {
-        root = "/var/www/msix";
-      };
-    };
-  };
-}
diff --git a/parts/systems/caroline/default.nix b/parts/systems/caroline/default.nix
deleted file mode 100644
index 3ec2dd2..0000000
--- a/parts/systems/caroline/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-_: {
-  desktop = {
-    homebrew.enable = true;
-    gpg.enable = true;
-  };
-
-  homebrew.casks = ["altserver"];
-
-  networking = rec {
-    computerName = "caroline";
-    hostName = computerName;
-  };
-
-  nix.settings.trusted-users = ["seth"];
-
-  services.tailscale.enable = true;
-}
diff --git a/parts/systems/default.nix b/parts/systems/default.nix
deleted file mode 100644
index e9ef9ba..0000000
--- a/parts/systems/default.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-  inputs,
-  self,
-  withSystem,
-  ...
-}: {
-  flake = let
-    inherit (self.lib.configs) mapSystems;
-    profiles = import ./profiles.nix {inherit self inputs;};
-  in {
-    darwinConfigurations = mapSystems {
-      caroline = {
-        system = "x86_64-darwin";
-        profile = profiles.personal-darwin;
-      };
-    };
-
-    nixosConfigurations = mapSystems {
-      glados = {
-        modules = with inputs; [
-          lanzaboote.nixosModules.lanzaboote
-        ];
-        profile = profiles.personal;
-      };
-
-      glados-wsl = {
-        modules = [inputs.nixos-wsl.nixosModules.wsl];
-        profile = profiles.personal;
-      };
-
-      atlas = {
-        modules = [inputs.guzzle_api.nixosModules.default];
-        system = "aarch64-linux";
-        profile = profiles.server;
-      };
-    };
-
-    openwrtConfigurations.turret = withSystem "x86_64-linux" ({pkgs, ...}:
-      pkgs.callPackage ./turret {
-        inherit (inputs) openwrt-imagebuilder;
-      });
-  };
-
-  perSystem = {system, ...}: {
-    apps = (inputs.nixinate.nixinate.${system} self).nixinate;
-  };
-}
diff --git a/parts/systems/glados-wsl/default.nix b/parts/systems/glados-wsl/default.nix
deleted file mode 100644
index 98b57ed..0000000
--- a/parts/systems/glados-wsl/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{
-  modulesPath,
-  pkgs,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/minimal.nix")
-    ../../modules/nixos/features/tailscale.nix
-  ];
-
-  environment.systemPackages = with pkgs; [
-    wslu
-  ];
-
-  base.networking.enable = false;
-  features.tailscale.enable = true;
-
-  wsl = {
-    enable = true;
-    defaultUser = "seth";
-    nativeSystemd = true;
-    wslConf.network = {
-      hostname = "glados-wsl";
-      generateResolvConf = true;
-    };
-    startMenuLaunchers = false;
-    interop.includePath = false;
-  };
-
-  services.dbus.apparmor = "disabled";
-
-  networking.hostName = "glados-wsl";
-
-  security = {
-    apparmor.enable = false;
-    audit.enable = false;
-    auditd.enable = false;
-  };
-}
diff --git a/parts/systems/glados/boot.nix b/parts/systems/glados/boot.nix
deleted file mode 100644
index 4a9af4e..0000000
--- a/parts/systems/glados/boot.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: {
-  environment.systemPackages = with pkgs; [
-    sbctl
-    tpm2-tss
-  ];
-
-  boot = {
-    initrd.systemd.enable = true;
-    kernelPackages = pkgs.linuxPackages_latest;
-
-    bootspec.enable = true;
-    loader.systemd-boot.enable = lib.mkForce false;
-
-    lanzaboote = {
-      enable = true;
-      pkiBundle = "/etc/secureboot";
-    };
-
-    supportedFilesystems = ["btrfs" "ntfs"];
-  };
-}
diff --git a/parts/systems/glados/default.nix b/parts/systems/glados/default.nix
deleted file mode 100644
index de2c1d5..0000000
--- a/parts/systems/glados/default.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-{lib, ...}: {
-  imports = [
-    ./boot.nix
-    ./hardware-configuration.nix
-    ../../modules/nixos/features/tailscale.nix
-    ../../modules/nixos/features/virtualisation.nix
-  ];
-
-  boot = {
-    kernelParams = ["amd_pstate=active"];
-    kernel.sysctl = {
-      "vm.swappiness" = 100;
-      "vm.vfs_cache_pressure" = 500;
-      "vm.dirty_background_ratio" = 1;
-      "vm.dirty_ratio" = 50;
-    };
-  };
-
-  desktop.gnome.enable = true;
-
-  features = {
-    tailscale.enable = true;
-    virtualisation.enable = true;
-  };
-
-  hardware = {
-    nvidia.enable = true;
-    ssd.enable = true;
-  };
-
-  networking.hostName = "glados";
-
-  security.tpm2 = {
-    enable = true;
-    abrmd.enable = true;
-  };
-
-  services = {
-    flatpak.enable = true;
-    fwupd.enable = true;
-  };
-
-  systemd = {
-    services."prepare-kexec".wantedBy = ["multi-user.target"];
-    tmpfiles.rules = let
-      nproc = 12;
-    in
-      builtins.map
-      (n: "w /sys/devices/system/cpu/cpu${builtins.toString n}/cpufreq/energy_performance_preference - - - - ${"balance_performance"}")
-      (lib.range 0 (nproc - 1));
-  };
-
-  powerManagement.cpuFreqGovernor = "powersave";
-
-  zramSwap = {
-    enable = true;
-    algorithm = "zstd";
-    swapDevices = 1;
-    memoryPercent = 50;
-  };
-}
diff --git a/parts/systems/glados/hardware-configuration.nix b/parts/systems/glados/hardware-configuration.nix
deleted file mode 100644
index a7ff9e9..0000000
--- a/parts/systems/glados/hardware-configuration.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-# Do not modify this file!  It was generated by ‘nixos-generate-config’
-# and may be overwritten by future invocations.  Please make changes
-# to /etc/nixos/configuration.nix instead.
-{
-  config,
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
-
-  boot = {
-    extraModulePackages = [];
-    kernelModules = ["kvm-amd"];
-
-    initrd = {
-      availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod"];
-      kernelModules = [];
-
-      luks.devices."cryptroot" = {
-        device = "/dev/disk/by-uuid/bbbc1f37-53f5-4776-a70e-f2779179de50";
-        allowDiscards = true;
-        crypttabExtraOpts = ["tpm2-device=auto"];
-      };
-    };
-  };
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/mapper/cryptroot";
-      fsType = "btrfs";
-      options = ["subvol=root" "compress=zstd" "noatime"];
-    };
-
-    "/var/log" = {
-      device = "/dev/mapper/cryptroot";
-      fsType = "btrfs";
-      options = ["subvol=var_log" "compress=zstd" "noatime"];
-    };
-
-    "/nix" = {
-      device = "/dev/mapper/cryptroot";
-      fsType = "btrfs";
-      options = ["subvol=nix" "compress=zstd" "noatime" "nodatacow"];
-    };
-
-    "/home" = {
-      device = "/dev/mapper/cryptroot";
-      fsType = "btrfs";
-      options = ["subvol=home" "compress=zstd" "noatime"];
-    };
-
-    "/boot" = {
-      device = "/dev/disk/by-uuid/B95B-9412";
-      fsType = "vfat";
-    };
-  };
-
-  swapDevices = [];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
diff --git a/parts/systems/profiles.nix b/parts/systems/profiles.nix
deleted file mode 100644
index eada9ac..0000000
--- a/parts/systems/profiles.nix
+++ /dev/null
@@ -1,102 +0,0 @@
-{
-  inputs,
-  self,
-  ...
-}: let
-  specialArgs = {inherit inputs self;};
-in {
-  personal = {
-    system = "x86_64-linux";
-    builder = inputs.nixpkgs.lib.nixosSystem;
-    inherit specialArgs;
-
-    modules = with inputs; [
-      agenix.nixosModules.default
-      catppuccin.nixosModules.catppuccin
-      hm.nixosModules.home-manager
-      nur.nixosModules.nur
-      self.nixosModules.default
-
-      ../users/seth/system.nix
-
-      {
-        age = {
-          identityPaths = ["/etc/age/key"];
-          secrets = let
-            baseDir = "${self}/parts/secrets/shared";
-          in {
-            rootPassword.file = "${baseDir}/rootPassword.age";
-            sethPassword.file = "${baseDir}/sethPassword.age";
-          };
-        };
-
-        base.enable = true;
-        system.stateVersion = "23.11";
-
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-        };
-      }
-    ];
-  };
-
-  personal-darwin = {
-    builder = inputs.darwin.lib.darwinSystem;
-    inherit specialArgs;
-    modules = with inputs; [
-      hm.darwinModules.home-manager
-      self.darwinModules.default
-
-      ../users/seth/system.nix
-
-      {
-        base.enable = true;
-        desktop.enable = true;
-        system.stateVersion = 4;
-
-        home-manager = {
-          useGlobalPkgs = true;
-          useUserPackages = true;
-          extraSpecialArgs = specialArgs;
-
-          users.seth = {
-            imports = [
-              ../users/seth/darwin.nix
-            ];
-
-            getchoo.desktop.enable = false;
-          };
-        };
-      }
-    ];
-  };
-
-  server = {
-    builder = inputs.nixpkgs-stable.lib.nixosSystem;
-    inherit specialArgs;
-
-    modules = with inputs; [
-      agenix.nixosModules.default
-      ../modules/nixos/base
-      ../modules/nixos/server
-      ../modules/nixos/features/tailscale.nix
-
-      {
-        features.tailscale = {
-          enable = true;
-          ssh.enable = true;
-        };
-
-        server = {
-          enable = true;
-          secrets.enable = true;
-        };
-
-        nix.registry.n.flake = nixpkgs-stable;
-        system.stateVersion = "23.05";
-      }
-    ];
-  };
-}
diff --git a/parts/systems/turret/default.nix b/parts/systems/turret/default.nix
deleted file mode 100644
index faac3d2..0000000
--- a/parts/systems/turret/default.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{
-  pkgs,
-  openwrt-imagebuilder,
-  ...
-}: let
-  inherit (pkgs) runCommand;
-  inherit (pkgs.stdenv) mkDerivation;
-  inherit (openwrt-imagebuilder.lib) build profiles;
-  wrtProfiles = profiles {
-    inherit pkgs;
-    release = "22.03.3";
-  };
-  config = mkDerivation {
-    name = "openwrt-config-files";
-    src = ./files;
-    installPhase = ''
-      mkdir -p $out
-      cp -r * $out/
-    '';
-  };
-  image =
-    wrtProfiles.identifyProfile "netgear_wac104"
-    // {
-      packages = ["https-dns-proxy"];
-
-      files = runCommand "image-files" {} ''
-        mkdir -p $out/etc/uci-defaults
-        cat > $out/etc/uci-defaults/99-custom <<EOF
-        uci -q batch << EOI
-        set system.@system[0].hostname='turret'
-        commit
-        EOI
-        EOF
-        cp -fr ${config}/etc/* $out/etc/
-      '';
-    };
-in
-  build image
diff --git a/parts/systems/turret/files/etc/config/dhcp b/parts/systems/turret/files/etc/config/dhcp
deleted file mode 100644
index 4a471cf..0000000
--- a/parts/systems/turret/files/etc/config/dhcp
+++ /dev/null
@@ -1,55 +0,0 @@
-
-config dnsmasq
-	option domainneeded '1'
-	option boguspriv '1'
-	option filterwin2k '0'
-	option localise_queries '1'
-	option rebind_protection '1'
-	option rebind_localhost '1'
-	option local '/lan/'
-	option domain 'lan'
-	option expandhosts '1'
-	option nonegcache '0'
-	option authoritative '1'
-	option readethers '1'
-	option leasefile '/tmp/dhcp.leases'
-	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
-	option nonwildcard '1'
-	option localservice '1'
-	option ednspacket_max '1232'
-	option doh_backup_noresolv '-1'
-	option noresolv '1'
-	list doh_backup_server ''
-	list doh_backup_server '/mask.icloud.com/'
-	list doh_backup_server '/mask-h2.icloud.com/'
-	list doh_backup_server '/use-application-dns.net/'
-	list doh_backup_server '127.0.0.1#5054'
-	list doh_backup_server '127.0.0.1#5053'
-	list server '/mask.icloud.com/'
-	list server '/mask-h2.icloud.com/'
-	list server '/use-application-dns.net/'
-	list server '127.0.0.1#5054'
-	list server '127.0.0.1#5053'
-
-config dhcp 'lan'
-	option interface 'lan'
-	option start '100'
-	option limit '150'
-	option leasetime '12h'
-	option dhcpv4 'server'
-	option dhcpv6 'server'
-	option ra 'server'
-	option ra_slaac '1'
-	list ra_flags 'managed-config'
-	list ra_flags 'other-config'
-
-config dhcp 'wan'
-	option interface 'wan'
-	option ignore '1'
-
-config odhcpd 'odhcpd'
-	option maindhcp '0'
-	option leasefile '/tmp/hosts/odhcpd'
-	option leasetrigger '/usr/sbin/odhcpd-update'
-	option loglevel '4'
-
diff --git a/parts/systems/turret/files/etc/config/dropbear b/parts/systems/turret/files/etc/config/dropbear
deleted file mode 100644
index 2139ba0..0000000
--- a/parts/systems/turret/files/etc/config/dropbear
+++ /dev/null
@@ -1,5 +0,0 @@
-config dropbear
-	option PasswordAuth 'on'
-	option RootPasswordAuth 'on'
-	option Port         '22'
-#	option BannerFile   '/etc/banner'
diff --git a/parts/systems/turret/files/etc/config/firewall b/parts/systems/turret/files/etc/config/firewall
deleted file mode 100644
index b9a4647..0000000
--- a/parts/systems/turret/files/etc/config/firewall
+++ /dev/null
@@ -1,189 +0,0 @@
-config defaults
-	option syn_flood	1
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		REJECT
-# Uncomment this line to disable ipv6 rules
-#	option disable_ipv6	1
-
-config zone
-	option name		lan
-	list   network		'lan'
-	option input		ACCEPT
-	option output		ACCEPT
-	option forward		ACCEPT
-
-config zone
-	option name		wan
-	list   network		'wan'
-	list   network		'wan6'
-	option input		REJECT
-	option output		ACCEPT
-	option forward		REJECT
-	option masq		1
-	option mtu_fix		1
-
-config forwarding
-	option src		lan
-	option dest		wan
-
-# We need to accept udp packets on port 68,
-# see https://dev.openwrt.org/ticket/4108
-config rule
-	option name		Allow-DHCP-Renew
-	option src		wan
-	option proto		udp
-	option dest_port	68
-	option target		ACCEPT
-	option family		ipv4
-
-# Allow IPv4 ping
-config rule
-	option name		Allow-Ping
-	option src		wan
-	option proto		icmp
-	option icmp_type	echo-request
-	option family		ipv4
-	option target		ACCEPT
-
-config rule
-	option name		Allow-IGMP
-	option src		wan
-	option proto		igmp
-	option family		ipv4
-	option target		ACCEPT
-
-# Allow DHCPv6 replies
-# see https://github.com/openwrt/openwrt/issues/5066
-config rule
-	option name		Allow-DHCPv6
-	option src		wan
-	option proto		udp
-	option dest_port	546
-	option family		ipv6
-	option target		ACCEPT
-
-config rule
-	option name		Allow-MLD
-	option src		wan
-	option proto		icmp
-	option src_ip		fe80::/10
-	list icmp_type		'130/0'
-	list icmp_type		'131/0'
-	list icmp_type		'132/0'
-	list icmp_type		'143/0'
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential incoming IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Input
-	option src		wan
-	option proto	icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	list icmp_type		router-solicitation
-	list icmp_type		neighbour-solicitation
-	list icmp_type		router-advertisement
-	list icmp_type		neighbour-advertisement
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-# Allow essential forwarded IPv6 ICMP traffic
-config rule
-	option name		Allow-ICMPv6-Forward
-	option src		wan
-	option dest		*
-	option proto		icmp
-	list icmp_type		echo-request
-	list icmp_type		echo-reply
-	list icmp_type		destination-unreachable
-	list icmp_type		packet-too-big
-	list icmp_type		time-exceeded
-	list icmp_type		bad-header
-	list icmp_type		unknown-header-type
-	option limit		1000/sec
-	option family		ipv6
-	option target		ACCEPT
-
-config rule
-	option name		Allow-IPSec-ESP
-	option src		wan
-	option dest		lan
-	option proto		esp
-	option target		ACCEPT
-
-config rule
-	option name		Allow-ISAKMP
-	option src		wan
-	option dest		lan
-	option dest_port	500
-	option proto		udp
-	option target		ACCEPT
-
-
-### EXAMPLE CONFIG SECTIONS
-# do not allow a specific ip to access wan
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option dest		wan
-#	option proto	tcp
-#	option target	REJECT
-
-# block a specific mac on wan
-#config rule
-#	option dest		wan
-#	option src_mac	00:11:22:33:44:66
-#	option target	REJECT
-
-# block incoming ICMP traffic on a zone
-#config rule
-#	option src		lan
-#	option proto	ICMP
-#	option target	DROP
-
-# port redirect port coming in on wan to lan
-#config redirect
-#	option src			wan
-#	option src_dport	80
-#	option dest			lan
-#	option dest_ip		192.168.16.235
-#	option dest_port	80
-#	option proto		tcp
-
-# port redirect of remapped ssh port (22001) on wan
-#config redirect
-#	option src		wan
-#	option src_dport	22001
-#	option dest		lan
-#	option dest_port	22
-#	option proto		tcp
-
-### FULL CONFIG SECTIONS
-#config rule
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port	80
-#	option dest		wan
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
-#	option target	REJECT
-
-#config redirect
-#	option src		lan
-#	option src_ip	192.168.45.2
-#	option src_mac	00:11:22:33:44:55
-#	option src_port		1024
-#	option src_dport	80
-#	option dest_ip	194.25.2.129
-#	option dest_port	120
-#	option proto	tcp
diff --git a/parts/systems/turret/files/etc/config/https-dns-proxy b/parts/systems/turret/files/etc/config/https-dns-proxy
deleted file mode 100644
index e5623ad..0000000
--- a/parts/systems/turret/files/etc/config/https-dns-proxy
+++ /dev/null
@@ -1,18 +0,0 @@
-
-config main 'config'
-	option dnsmasq_config_update '*'
-	list force_dns_port '53'
-	list force_dns_port '853'
-	option procd_trigger_wan6 '0'
-	option canary_domains_icloud '0'
-	option canary_domains_mozilla '0'
-	option force_dns '0'
-
-config https-dns-proxy
-	option bootstrap_dns '1.1.1.1,1.0.0.1'
-	option resolver_url 'https://cloudflare-dns.com/dns-query'
-	option listen_addr '127.0.0.1'
-	option listen_port '5054'
-	option user 'nobody'
-	option group 'nogroup'
-
diff --git a/parts/systems/turret/files/etc/config/luci b/parts/systems/turret/files/etc/config/luci
deleted file mode 100644
index 8eb8a9b..0000000
--- a/parts/systems/turret/files/etc/config/luci
+++ /dev/null
@@ -1,41 +0,0 @@
-
-config core 'main'
-	option lang 'auto'
-	option mediaurlbase '/luci-static/bootstrap'
-	option resourcebase '/luci-static/resources'
-	option ubuspath '/ubus/'
-
-config extern 'flash_keep'
-	option uci '/etc/config/'
-	option dropbear '/etc/dropbear/'
-	option openvpn '/etc/openvpn/'
-	option passwd '/etc/passwd'
-	option opkg '/etc/opkg.conf'
-	option firewall '/etc/firewall.user'
-	option uploads '/lib/uci/upload/'
-
-config internal 'languages'
-
-config internal 'sauth'
-	option sessionpath '/tmp/luci-sessions'
-	option sessiontime '3600'
-
-config internal 'ccache'
-	option enable '1'
-
-config internal 'themes'
-	option Bootstrap '/luci-static/bootstrap'
-	option BootstrapDark '/luci-static/bootstrap-dark'
-	option BootstrapLight '/luci-static/bootstrap-light'
-
-config internal 'apply'
-	option rollback '90'
-	option holdoff '4'
-	option timeout '5'
-	option display '1.5'
-
-config internal 'diag'
-	option dns 'openwrt.org'
-	option ping 'openwrt.org'
-	option route 'openwrt.org'
-
diff --git a/parts/systems/turret/files/etc/config/network b/parts/systems/turret/files/etc/config/network
deleted file mode 100644
index c71cf98..0000000
--- a/parts/systems/turret/files/etc/config/network
+++ /dev/null
@@ -1,29 +0,0 @@
-
-config interface 'loopback'
-	option device 'lo'
-	option proto 'static'
-	option ipaddr '127.0.0.1'
-	option netmask '255.0.0.0'
-
-config globals 'globals'
-	option packet_steering '1'
-	option ula_prefix 'fd26:3166:dece::/48'
-
-config device
-	option name 'br-lan'
-	option type 'bridge'
-	list ports 'lan2'
-	list ports 'lan3'
-	list ports 'lan4'
-
-config interface 'lan'
-	option device 'br-lan'
-	option proto 'static'
-	option ipaddr '192.168.1.1'
-	option netmask '255.255.255.0'
-	option ip6assign '60'
-
-config interface 'wan'
-	option device 'lan1'
-	option proto 'dhcp'
-
diff --git a/parts/systems/turret/files/etc/config/rpcd b/parts/systems/turret/files/etc/config/rpcd
deleted file mode 100644
index 176c643..0000000
--- a/parts/systems/turret/files/etc/config/rpcd
+++ /dev/null
@@ -1,10 +0,0 @@
-config rpcd
-	option socket /var/run/ubus/ubus.sock
-	option timeout 30
-
-config login
-	option username 'root'
-	option password '$p$root'
-	list read '*'
-	list write '*'
-
diff --git a/parts/systems/turret/files/etc/config/system b/parts/systems/turret/files/etc/config/system
deleted file mode 100644
index ee3415f..0000000
--- a/parts/systems/turret/files/etc/config/system
+++ /dev/null
@@ -1,16 +0,0 @@
-
-config system
-	option hostname 'turret'
-	option timezone 'UTC'
-	option ttylogin '0'
-	option log_size '64'
-	option urandom_seed '0'
-	option compat_version '1.1'
-
-config timeserver 'ntp'
-	option enabled '1'
-	option enable_server '0'
-	list server '0.openwrt.pool.ntp.org'
-	list server '1.openwrt.pool.ntp.org'
-	list server '2.openwrt.pool.ntp.org'
-	list server '3.openwrt.pool.ntp.org'
diff --git a/parts/systems/turret/files/etc/config/ucitrack b/parts/systems/turret/files/etc/config/ucitrack
deleted file mode 100644
index bb4cdbc..0000000
--- a/parts/systems/turret/files/etc/config/ucitrack
+++ /dev/null
@@ -1,56 +0,0 @@
-config network
-	option init network
-	list affects dhcp
-
-config wireless
-	list affects network
-
-config firewall
-	option init firewall
-	list affects luci-splash
-	list affects qos
-	list affects miniupnpd
-
-config olsr
-	option init olsrd
-
-config dhcp
-	option init dnsmasq
-	list affects odhcpd
-
-config odhcpd
-	option init odhcpd
-
-config dropbear
-	option init dropbear
-
-config httpd
-	option init httpd
-
-config fstab
-	option exec '/sbin/block mount'
-
-config qos
-	option init qos
-
-config system
-	option init led
-	option exec '/etc/init.d/log reload'
-	list affects luci_statistics
-	list affects dhcp
-
-config luci_splash
-	option init luci_splash
-
-config upnpd
-	option init miniupnpd
-
-config ntpclient
-	option init ntpclient
-
-config samba
-	option init samba
-
-config tinyproxy
-	option init tinyproxy
-
diff --git a/parts/systems/turret/files/etc/config/uhttpd b/parts/systems/turret/files/etc/config/uhttpd
deleted file mode 100644
index cb2ff71..0000000
--- a/parts/systems/turret/files/etc/config/uhttpd
+++ /dev/null
@@ -1,31 +0,0 @@
-
-config uhttpd 'main'
-	list listen_http '0.0.0.0:80'
-	list listen_http '[::]:80'
-	list listen_https '0.0.0.0:443'
-	list listen_https '[::]:443'
-	option redirect_https '0'
-	option home '/www'
-	option rfc1918_filter '1'
-	option max_requests '3'
-	option max_connections '100'
-	option cert '/etc/uhttpd.crt'
-	option key '/etc/uhttpd.key'
-	option cgi_prefix '/cgi-bin'
-	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
-	option script_timeout '60'
-	option network_timeout '30'
-	option http_keepalive '20'
-	option tcp_keepalive '1'
-	option ubus_prefix '/ubus'
-
-config cert 'defaults'
-	option days '730'
-	option key_type 'ec'
-	option bits '2048'
-	option ec_curve 'P-256'
-	option country 'ZZ'
-	option state 'Somewhere'
-	option location 'Unknown'
-	option commonname 'OpenWrt'
-
diff --git a/parts/systems/turret/files/etc/config/wireless b/parts/systems/turret/files/etc/config/wireless
deleted file mode 100644
index c8bb9d7..0000000
--- a/parts/systems/turret/files/etc/config/wireless
+++ /dev/null
@@ -1,34 +0,0 @@
-
-config wifi-device 'radio0'
-	option type 'mac80211'
-	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
-	option band '2g'
-	option disabled '0'
-	option htmode 'HT40'
-	option channel '1'
-	option cell_density '0'
-
-config wifi-iface 'default_radio0'
-	option device 'radio0'
-	option network 'lan'
-	option mode 'ap'
-	option ssid 'Box-2.4G'
-	option encryption 'psk2'
-	option key 'REPLACEME'
-
-config wifi-device 'radio1'
-	option type 'mac80211'
-	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
-	option band '5g'
-	option disabled '0'
-	option htmode 'VHT40'
-	option channel '36'
-	option cell_density '0'
-
-config wifi-iface 'default_radio1'
-	option device 'radio1'
-	option network 'lan'
-	option mode 'ap'
-	option ssid 'Box-5G'
-	option key 'REPLACEME'
-	option encryption 'psk2'
diff --git a/parts/systems/turret/files/etc/dropbear/authorized_keys b/parts/systems/turret/files/etc/dropbear/authorized_keys
deleted file mode 100644
index 495c605..0000000
--- a/parts/systems/turret/files/etc/dropbear/authorized_keys
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIERx0I8DKtALZ9VrYnY1iBEpwl2pBlRiS8oJQvZwpl5e seth@glados
-- 
cgit v1.2.3