chore: clean up unused options

machines/calcite/configuration.nix

@@ -5,7 +5,7 @@
   ...
 }:
 let
-  inherit (lib) mkForce getExe;
+  inherit (lib) getExe;
   inherit (config.my-lib.settings) idpUrl;
 in
 {
@@ -17,7 +17,7 @@ in
   ];
 
   commonSettings = {
-    # auth.enable = true;
+    auth.enable = true;
     nix = {
       signing.enable = true;
     };
@@ -37,7 +37,6 @@ in
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.loader.efi.efiSysMountPoint = "/boot/efi";
-  # boot.kernelPackages = pkgs.linuxPackages_latest;
   boot.kernelModules = [
     "nvidia"
     "nvidia_modeset"
@@ -61,7 +60,6 @@ in
     # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
     tctiEnvironment.enable = true;
   };
-  # services.gnome.gnome-keyring.enable = lib.mkForce false;
   security.pam.services.login.enableGnomeKeyring = lib.mkForce false;
 
   programs.ssh.agentPKCS11Whitelist = "${config.security.tpm2.pkcs11.package}/lib/libtpm_pkcs11.so";
@@ -187,7 +185,6 @@ in
         settings = {
           main = {
             mouse2 = "leftmeta";
-            # leftalt = "mouse1";
           };
         };
       };
@@ -206,7 +203,6 @@ in
     extraBackends = [ pkgs.hplipWithPlugin ];
   };
 
-  hardware.pulseaudio.enable = false;
   security.rtkit.enable = true;
   services.avahi.enable = true;
   services.pipewire = {
@@ -217,23 +213,6 @@ in
     pulse.enable = true;
     # If you want to use JACK applications, uncomment this
     jack.enable = true;
-
-    # Airplay client
-    raopOpenFirewall = true;
-    extraConfig.pipewire = {
-      "10-airplay" = {
-        "context.modules" = [
-          {
-            name = "libpipewire-module-raop-discover";
-
-            # increase the buffer size if you get dropouts/glitches
-            # args = {
-            #   "raop.latency.ms" = 500;
-            # };
-          }
-        ];
-      };
-    };
   };
 
   # Define a user account. Don't forget to set a password with ‘passwd’.
@@ -249,13 +228,6 @@ in
     ];
   };
 
-  services.kanidm = {
-    enableClient = true;
-    clientSettings = {
-      uri = "https://${idpUrl}";
-    };
-  };
-
   # Smart services
   services.smartd.enable = true;
 
@@ -264,11 +236,7 @@ in
   nixpkgs.config.allowUnfree = true;
   nixpkgs.config.permittedInsecurePackages = [
     "openssl-1.1.1w"
-    # FIXME: Waiting for https://github.com/NixOS/nixpkgs/pull/335753
-    "jitsi-meet-1.0.8043"
   ];
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
   environment.systemPackages = with pkgs; [
     imhex
     oidc-agent
@@ -292,8 +260,6 @@ in
     bubblewrap
 
     # ==== Development ==== #
-    # Python
-    # reference: https://nixos.wiki/wiki/Python
     (
       let
         my-python-packages =
@@ -340,7 +306,6 @@ in
 
     # Writting
     zotero
-    # onlyoffice-bin
 
     # wemeet
     wemeet
@@ -367,10 +332,6 @@ in
       owner = "xin";
       sopsFile = ./secrets.yaml;
     };
-    "gitea/envfile" = {
-      owner = "root";
-      sopsFile = ./secrets.yaml;
-    };
     "davfs2/photosync_password" = {
       sopsFile = ./secrets.yaml;
       mode = "0600";
@@ -401,16 +362,6 @@ in
     ];
   };
 
-  # custom.forgejo-actions-runner = {
-  #   enable = false;
-  #   tokenFile = config.sops.secrets."gitea/envfile".path;
-  #   settings = {
-  #     runner.capacity = 2;
-  #     runner.fetch_timeout = "120s";
-  #     runner.fetch_interval = "30s";
-  #   };
-  # };
-  #
   custom.prometheus = {
     exporters.node.enable = true;
   };

machines/calcite/hardware-configuration.nix

@@ -18,7 +18,6 @@
     "ahci"
     "usbhid"
   ];
-  boot.initrd.kernelModules = [ ];
 
   boot.initrd = {
     systemd.enable = true; # initrd uses systemd
@@ -31,10 +30,8 @@
     };
   };
   boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
-    # device = "/dev/disk/by-label/NIXROOT";
     device = "/dev/mapper/cryptroot";
     fsType = "btrfs";
   };
@@ -57,16 +54,6 @@
 
   swapDevices = [ { device = "/dev/disk/by-label/NIXSWAP"; } ];
 
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wg0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
-
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
   hardware.graphics = {

machines/calcite/network.nix

@@ -1,14 +1,7 @@
 {
-  config,
   pkgs,
-  lib,
   ...
 }:
-let
-  inherit (config.my-lib.settings)
-    internalDomain
-    ;
-in
 {
   imports = [ ];
 
@@ -28,14 +21,7 @@ in
     enable = true;
     extraUpFlags = [ "--accept-routes" ];
   };
-  # services.tailscale.useRoutingFeatures = "both";
 
-  # services.dae.enable = true;
-  # services.dae.configFile = "/var/lib/dae/config.dae";
-  # systemd.services.dae.after = lib.mkIf (config.networking.networkmanager.enable) [
-  #   "NetworkManager-wait-online.service"
-  # ];
-  #
   # Open ports in the firewall.
   networking.firewall.enable = true;
   networking.firewall.allowedTCPPorts = [ 3389 ];

machines/calcite/secrets.yaml

@@ -1,15 +1,9 @@
 restic:
     repo_url: ENC[AES256_GCM,data:x/g1nZQ59SavVG+u5apNmBQ0Y5uQ9N0EKVh6qovqeP/Z7tmkudJtlBFD35C0ZidcQLAqTaZk1FFh8Ikjo4OcQSdTsx9BGvT4,iv:RQMOSEacDHXjYceBaAW4sFGk38vkijHuADcTS3DMxa8=,tag:769rLA2eRKjDrAaL/jERbA==,type:str]
     repo_password: ENC[AES256_GCM,data:jqsIP1R5/yX8F0oYaSXACx6C,iv:KckzqctKLnmay+d30/Y4IttiASxYnMw6IHQrtwP2YdQ=,tag:L/Ij51UU1om48I8fd4iuwA==,type:str]
-gitea:
-    envfile: ENC[AES256_GCM,data:CK+JNELuzjKgWnImuV4Euif3f3nNOACOrvc4NiIXs+q/F7QWrtpb3TK8/FrLNQk=,iv:QSDrlKJCBld2gDx/y1sT8anh37GhqSS2QZd2JJi5Yis=,tag:x5T6h59LBXhEyVwSr2dnuQ==,type:str]
 davfs2:
     photosync_password: ENC[AES256_GCM,data:J3+pJCjjV+hlPC2il5f7Vn+9k+Aatolgut1DX1G+JF4=,iv:OgZn6Glho3Cfrl0GJhGSbmcYjSe6sjM9PjvEZnM/c4w=,tag:i5AVG139nK3ecK3VwWpQuQ==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
           enc: |
@@ -29,8 +23,7 @@ sops:
             WGlLdXVoZlp3bEFXZjlMdG1VOUZDNUkKQ2NNTE3OsNUr2pOI7qeNFSCVkUIVRS+g
             FG5FbJJcFihXqr+Qo0nZkq+xq07vIia7mKoqyoIfkKwweiVzDKyrkQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-07T08:57:13Z"
-    mac: ENC[AES256_GCM,data:UvMXEu2UFapYNHa7kxvFhDzvJZvuV6mwRqmxFISDpp0VhRhY1+Mj2GFxrS5RgTW1ozUnCB0DSBUwWcmsPZeOUveMkHqqRFGZIjinh6blwseZjJMOR30KG3atY6L2adOOZaBERi+HJXqXfdqymeSCmkMC5iJ2jt2KGuMx5NqSfbE=,iv:pueL1hT/tvug65KPYxqY3RwNYeBOlGpIFf70+26VOYQ=,tag:VLwuipBxchMBSSuOMXYKJQ==,type:str]
-    pgp: []
+    lastmodified: "2025-05-08T09:47:09Z"
+    mac: ENC[AES256_GCM,data:pBryBOfgVYROAJ6LfqpEXz8ph4bcAoWLADibpET0jwb4CBNuEW9BWXzVu+Ci+gKjKhSxh8xwr+TLSvo8zNOeGz/Mdl2vVaEWNKX4dUMMd9IXRJ+8jSlhxkMWPi25xoiMjY763MgOnBYsdqPpKKB1xLHkRtULAHlZ2m3VhVWxMWM=,iv:egYcxVjCH4uPbHvCcU9MVCRHoDbNH8tYet1vyDf9nhw=,tag:DDBC0TSdsnaF3SFTuH6rOQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2