summaryrefslogtreecommitdiff
path: root/hosts/lia
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2024-03-08 10:50:28 +0530
committersinanmohd <sinan@sinanmohd.com>2024-03-08 10:52:52 +0530
commitcd942d253bda8f511fdb921ea29f69f382a9368e (patch)
tree2c7aac5f66e5b614ecdd0871df23432bae4dc6db /hosts/lia
parent2abeb90fbff1d33aadfec37ce80a6bc4d3551661 (diff)
repo: restructure source tree
Diffstat (limited to 'hosts/lia')
-rw-r--r--hosts/lia/configuration.nix13
-rw-r--r--hosts/lia/hardware-configuration.nix29
-rw-r--r--hosts/lia/modules/lxc.nix41
-rw-r--r--hosts/lia/modules/network/default.nix19
-rw-r--r--hosts/lia/modules/network/router.nix47
-rw-r--r--hosts/lia/modules/sshfwd.nix53
-rw-r--r--hosts/lia/modules/users.nix10
-rw-r--r--hosts/lia/secrets.yaml32
8 files changed, 0 insertions, 244 deletions
diff --git a/hosts/lia/configuration.nix b/hosts/lia/configuration.nix
deleted file mode 100644
index 4cc057e..0000000
--- a/hosts/lia/configuration.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ ... }:
-
-{
- imports = [
- ./hardware-configuration.nix
- ../../common.nix
- ./modules/network
- ./modules/users.nix
- ./modules/lxc.nix
- ./modules/sshfwd.nix
- ];
-}
-
diff --git a/hosts/lia/hardware-configuration.nix b/hosts/lia/hardware-configuration.nix
deleted file mode 100644
index 6f4c6a4..0000000
--- a/hosts/lia/hardware-configuration.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ modulesPath, ... }:
-
-{
- imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
- boot = {
- loader.grub = {
- enable = true;
- device = "/dev/sda";
- };
-
- kernelModules = [ "kvm-intel" ];
- initrd.availableKernelModules = [
- "uhci_hcd"
- "ehci_pci"
- "ata_piix"
- "hpsa"
- "usb_storage"
- "usbhid"
- "sd_mod"
- "sr_mod"
- ];
- };
-
- fileSystems."/" = {
- device = "/dev/disk/by-uuid/99fc38a8-9003-4ae2-98f4-e08afd9b4114";
- fsType = "ext4";
- };
-}
diff --git a/hosts/lia/modules/lxc.nix b/hosts/lia/modules/lxc.nix
deleted file mode 100644
index 259c316..0000000
--- a/hosts/lia/modules/lxc.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ pkgs, ... }: let
- container = {
- name = "ubu";
- distro = "ubuntu";
- release = "jammy";
- };
-
- bridge = "lan";
-in {
- virtualisation.lxc.enable = true;
-
- environment.systemPackages = with pkgs; [ wget ];
- systemd.services."lxc-${container.name}-provision" = {
- description = "auto provision ${container.name} lxc container";
- wantedBy = [ "multi-user.target" ];
- after = [ "network-online.target" ];
- wants = [ "network-online.target" ];
- stopIfChanged = false;
-
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
-
- path = with pkgs; [ wget lxc util-linux gnutar xz gawk ];
- script = ''
- if ! lxc-ls | grep -q ${container.name}; then
- lxc-create -n ${container.name} -t download -- \
- --arch amd64 \
- --release ${container.release} \
- --dist ${container.distro}
-
- sed 's/lxcbr0/${bridge}/g' -i /var/lib/lxc/${container.name}/config
- fi
-
- lxc-start -n ${container.name}
- '';
-
- preStop = "lxc-stop --name ${container.name}";
- };
-}
diff --git a/hosts/lia/modules/network/default.nix b/hosts/lia/modules/network/default.nix
deleted file mode 100644
index 927b2b5..0000000
--- a/hosts/lia/modules/network/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }: let
- wan = "enp4s0f2";
-in
-{
- imports = [
- ./router.nix
- ];
-
- networking = {
- interfaces.${wan}.ipv4.addresses = [{
- address = "172.16.148.20";
- prefixLength = 22;
- }];
- defaultGateway = {
- address = "172.16.148.1";
- interface = wan;
- };
- };
-}
diff --git a/hosts/lia/modules/network/router.nix b/hosts/lia/modules/network/router.nix
deleted file mode 100644
index a6aef80..0000000
--- a/hosts/lia/modules/network/router.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ ... }: let
- wanInterface = "enp4s0f2";
- lanInterfaces = [ "enp4s0f1" "enp4s0f3" ];
-
- prefix = 24;
- subnet = "192.168.1.0";
- host = "192.168.1.1";
-
- leaseRangeStart = "192.168.1.100";
- leaseRangeEnd = "192.168.1.254";
- nameServer = [ "10.0.0.2" "10.0.0.3" ];
-in
-{
- networking = {
- bridges."lan".interfaces = lanInterfaces;
-
- nat = {
- enable = true;
- externalInterface = wanInterface;
- internalInterfaces = [ "lan" ];
- };
-
- interfaces.lan = {
- ipv4.addresses = [{
- address = host;
- prefixLength = prefix;
- }];
- };
-
- firewall = {
- allowedUDPPorts = [ 53 67 ];
- allowedTCPPorts = [ 53 ];
- extraCommands =
- "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE";
- };
- };
-
- services.dnsmasq = {
- enable = true;
-
- settings = {
- server = nameServer;
- dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ];
- interface = [ "lan" ];
- };
- };
-}
diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix
deleted file mode 100644
index 3c7c006..0000000
--- a/hosts/lia/modules/sshfwd.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ pkgs, config, ... }: let
- mkFwdSrv = {
- local_port,
- remote_port,
- remote_user,
- remote ? "sinanmohd.com",
- ssh_port ? 22,
- key ? config.sops.secrets."sshfwd/${remote}".path,
- }: {
- "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
- description = "Forwarding port ${toString local_port} to ${remote}";
-
- wantedBy = [ "multi-user.target" ];
- after = [ "network-online.target" ];
- wants = [ "network-online.target" ];
- # restart rather than stop+start this unit to prevent
- # the ssh from dying during switch-to-configuration.
- stopIfChanged = false;
-
- serviceConfig = {
- ExecStart = ''
- ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
- -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
- -o ServerAliveInterval=15 \
- -o ExitOnForwardFailure=yes \
- -i ${key}
- '';
-
- RestartSec = 3;
- Restart = "always";
- };
-
- };
- };
-in {
- sops.secrets."sshfwd/sinanmohd.com" = {};
- sops.secrets."sshfwd/lia.sinanmohd.com" = {};
-
- environment.systemPackages = with pkgs; [ openssh ];
- systemd.services
- = (mkFwdSrv {
- local_port = 22;
- remote_user = "lia";
- remote_port = 2222;
- }) //
- (mkFwdSrv {
- local_port = 22;
- remote_port = 22;
- ssh_port = 23;
- remote_user = "root";
- remote = "lia.sinanmohd.com";
- });
-}
diff --git a/hosts/lia/modules/users.nix b/hosts/lia/modules/users.nix
deleted file mode 100644
index 13617ff..0000000
--- a/hosts/lia/modules/users.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, ... }: {
- users.users."rohit" = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
-
- packages = with pkgs; [ git htop ];
- openssh.authorizedKeys.keys =
- [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus" ];
- };
-}
diff --git a/hosts/lia/secrets.yaml b/hosts/lia/secrets.yaml
deleted file mode 100644
index b2b5218..0000000
--- a/hosts/lia/secrets.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-sshfwd:
- sinanmohd.com: ENC[AES256_GCM,data:ZB2qbUA4+AcYlIY6IaPf9aUdMV0ltdKveqVSNS2Nhq8h6kWheqWiaXgIK6vuN7oDHKomgVXWaVdxTf6OFvFQHCHMMqtm0KfvSJW+cdORpfZkEZuji5Ob/yQiNllyS8oAw9iT5YdyifLi7XkfD+dHbt+XWLQCMFPirJ8Lz6ynTYxV+N7Pu7yOhfCzPDYfqexW7Ymrjk0PI32OVgo+sE0obnASGW645dP4ydKOZM5xx9NGr/Oao2W5C61qdr2gUCoYQKZXkfItGRfCuWuCeh0ZmbxumS6Q1WeWUW09SY5NN24025TBoZgE+UdJIXuczAQy5wzpXYsDWwBXNod4gAhe76YgLydlYBpBHe6xN6OBgCewHkjCGkirHawmbYxkmJ40L6/lMFPjRmMV7yhj94Vsyx7NAW1H8yKVE/9typXUrIyxbxAOGrwy0TjlGYogAcZ7YYZ+ipmkqNlQ1pliA2Kha+2ZzPG0hV8NKhydNr0cz5ylfL4cQaAXxxg6YHOUYL0DGbfMXMpZKTt47TJcY72RWDaUr2RsmhJ+k2vNBDY3I01n9syWnlk80h2bs1ILJ5Ad3PP8Em8yGaXJLM+3,iv:VoDyy+h3UHL0YJPJ7rbgLTZZzIPCJTD8yBPXNxWjHqo=,tag:zGQXrE066SDMCwgZpC9/Pg==,type:str]
- lia.sinanmohd.com: ENC[AES256_GCM,data:d2lDCckpWwMtGu8Ra249NnUVt4OtP7JqtVZG8YD9oLtLmAbTi4kLZnYU+0EN7Fs/Z6dxNaSkYLnvJQO08Hr1AlVT12z2TXoWKHokzgMXYKPIBhioHLXg31BAwC9T/qPraxxzY+Jo6zSuv2RK1Xi6+74w6llE9t/eY1U2nJb9VnmtsB+ae9O5BgkxSkdGL/rhnXZNk9p8OhOcmtOnm6kPHVXG0DzszpvWmalsJE3nPmyxe5zB+7+UFj8rFgcktKRoY0bhN5SOMZfFSly7nRkr3WL2mbaVZgZD2g+kvzanYU64NKF0+rbVdKf9lCgVRMSS5z22QSuKOLuZjLlCRml9y254iIVxfV+BC2Y35QMk+Aa14jlHcRowFN5KxZ3dAeuH8TfVuSg/8gfSXwTMAHTBbEDeVvomD09vmuZoVCckrAZzSEiA8alcxKyaHGw4ZiAb1e+DWRSxDDeS9iibHsKrZgZ/RstRdT2qyqF0prbY+wFbajblGrUZhbIhfkPNe67iiTD7HI0Trg3PcC8Z1m+k/gWlhERpi+74TRzHrN1/dAokLBI/j+9I3YRTWR1qNScEr5RJNZP4UQh2TlH4G//3+0J3PM8Nv0DF7cfuOFpOLrob6SAaSRv3Ctn5ZmQM4Ib8uMluFB3MFkwqD/j67EINR+OD3VShdy6ydrIuaWREejhCR3SHnoZp1OhXTNdVzXwKYwFIkjHNGs3uj4jhW37xA+8zvuuqVZUGaXbbETsgIwPrwpFaPsxORkDREVhLxTtXsuHtzASzV7GfQvtArlM1bk5Ne3S75IeSc3ZnJUuAk5fPWjuHHuMDv7FxddNHctgE/V1gmzA/w3FtfYeaG8K2ZUeh1cCxGmou6aRv7aacAB9AdKeLtzr899VYC4bnPCpWBEMgN3Nqhdo/YR3bW+3pLbV3S1M4O2FxrZHjlgS4sffHMe+kNuzVV1GEpc8xybPIS5AAeWuOankmflf+CWg6fVSinHvlwILjRrK7cMCroypPv2p4dtn4IMaJ6MGQsNzDMF7CN6H3XOmOONsnJ8h/dUL6EwJCW87gp5lC8BXcuE93LgUHAVx9SttygpaAmTIWN48BsJosWbvK5Zw7nCaCce7WtxeUuAKtHdhLsLH7WhfQL5aj3aF8xgDDM3b2qOp6gkNI0q/8L0yEGRRg70c3jAu6ojZVD4iq9hS8ct06jVzLdi4U4jTk53NAGEiMbGiSaHTlmPvjwcV1+RYUut7G/a9YVvAgbtw2TKK00EaCUNHefuzd4oWc0jiMUK8OSH9l9gT5usWXOPeexyNNLWHniMympqVoudQXSj1PEvEixXYZYZ6Vp4LuHsdTtLCsTu17J0/7Ob/PdSGXU+BtJGS+EnLbxMgMHHiWk4hd2z5h64DgC9vrSVHqFvd68gGL91bsKw6rnmtEOcuTdY4DLzP2HSGtN6Erxb52XZrVS+fm4zJO0ZR45bN29NBB1rvhUe//ln+ny6tbgJ/mQ1wJIpXtLMOeBsKZqN2x5eaCw2bFqJE+yOwFFcbwTvuyDSsCeJh40LL0Dypfc5FvYmta8rChNw+MpwC2++T/t2xgGcHpvh0o5WcdbtlUm+7H8PAqsK18DhF9GSLxEpCTS14FT5M3GFNKOYGub+Vt+jCWSPrvnZXCITNdBXR6PD47iyqY1Ot00+f213ZEfVNZayfoxr4I3JzwNLJOvdHdxIza2qAyKW+tm+2N9tp0TtGoHUE2vUc9Cm0rxw84rllywqrehwi9039bS5mn72pRtN06ZnFKQrVrx355PsAyYlQ3VkZ2wpuxVOB2i8ko0ujebgO411XjgOQBeV8lNy02AcduavRNQ5z41rBnbhuj+sI5u8xli4kPrpfqeuLACaT+eWeYSZtCy7qY75BYaguhcqKAvRUfUTMxDUyGBkUySKydcNL3ErVU47jLB8uMm8RFjzkRAEKjraR+1PH8GQ+qhTA3e6ZtzNTZ0i9c2hFT+6vrLZ7gNrpC53s3wrkK43yU5MC8JaSe3mRx9v00EqUaUYOnrJZWs5H6LXj6T2OIhQgaTs6ikvGpY4rRE7lkn2jqQAXf/9aCDuMj9fiWanCXgJ7LFSwuAESLe7CmwdNqOl2cyEns8DuChrAq7zdykBv9VbLYfijlzrD6ezcmHGImNTTG+uX2PifuvK4JphOFbmK0YWGPK6//7gJfNtUMReKuINvPZg1X8U8ayQ8btYjmzIpxJeJ2/NvZ+WoKYewttAZhSHbo75I8K1cBEjUvrevwXmPeYvG+iWYyZkYENx7gGCNGyHpdSEEYBL4QdsgkbQWJDRQ=,iv:t825d9WWByfMZXwrtKs2JBFVoEAoAXfYOBmlhWN45hU=,tag:ZVPiwtKwhdYzh4IQyzeb9Q==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZzlrOEpXQmdLVyt1MFRS
- Q2JUU0N1MVNzLzVLcWhMb25uL3VsLzJrdFRNCnI1OWZFTnpqc056M0RYd3gvS1Nr
- N2VEU1kyU3JuYjhhaUtuajg2cjQ4LzQKLS0tIE5qZmlqVGN1WXhZWkw3dGwyNTdF
- QTd0V2V3QVVHbnhRUUt6MkRzYm5zeEEKFkqGe6Eg1BEPLqMkxUg56hc+sn0p4KZV
- kThyib3g0KsrHpQM05v4CK0h6qlf8HXwvwJVx9tis8Nck1IW3zS8Pw==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QzhPYXcxQ0lRS2VwaXQ4
- V3JUVDJyenowSzhFenBKYlBEbGNXTFIxUjFNCjhmWm5aQ1lTcTJidzFiT2J4R2Ux
- b2ZjTWQ5WWtOY1BpZHVJYzN4clNlU0kKLS0tIHpBWU5zQWNVTWZ0TTdSNFZodkVq
- RG9hL2hlYjdaYTVJWVFlSE4xN1poUHcKe4BPaVEyc3W1hyu0jOQcEdZ1kl2aQLgZ
- fHDs4kDeCcfJI/s5Cb/YD3cIp7HB6FBoe7LHiNiJbyJGR0wJecLqxg==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-11T16:35:02Z"
- mac: ENC[AES256_GCM,data:nsLGZ5wvmj25COI4G3BsS8dzwpa59zs85Ztm4eZaXITAdMjEgfmHR8eHItzchSijH+PRaJH+pZZNN3kpkDeujGYTiOzfc1t2dGA3Vx6XACCNaZs35vmvbB45VV07a5mjw/Wy3k0ZDOcRCHXQOQccaPshUMzU7FkXudm7PkvoyTM=,iv:Rgfaab+egy2/AwlM6ZMVA+7E5cqb/r9mI4ptMit/SKo=,tag:LVSYkTzTxBRAIFxDkB1asA==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.8.1