summaryrefslogtreecommitdiff
path: root/hosts/lia/modules
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/lia/modules')
-rw-r--r--hosts/lia/modules/lxc.nix41
-rw-r--r--hosts/lia/modules/network/default.nix19
-rw-r--r--hosts/lia/modules/network/router.nix47
-rw-r--r--hosts/lia/modules/sshfwd.nix53
-rw-r--r--hosts/lia/modules/users.nix10
5 files changed, 0 insertions, 170 deletions
diff --git a/hosts/lia/modules/lxc.nix b/hosts/lia/modules/lxc.nix
deleted file mode 100644
index 259c316..0000000
--- a/hosts/lia/modules/lxc.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ pkgs, ... }: let
- container = {
- name = "ubu";
- distro = "ubuntu";
- release = "jammy";
- };
-
- bridge = "lan";
-in {
- virtualisation.lxc.enable = true;
-
- environment.systemPackages = with pkgs; [ wget ];
- systemd.services."lxc-${container.name}-provision" = {
- description = "auto provision ${container.name} lxc container";
- wantedBy = [ "multi-user.target" ];
- after = [ "network-online.target" ];
- wants = [ "network-online.target" ];
- stopIfChanged = false;
-
- serviceConfig = {
- Type = "oneshot";
- RemainAfterExit = true;
- };
-
- path = with pkgs; [ wget lxc util-linux gnutar xz gawk ];
- script = ''
- if ! lxc-ls | grep -q ${container.name}; then
- lxc-create -n ${container.name} -t download -- \
- --arch amd64 \
- --release ${container.release} \
- --dist ${container.distro}
-
- sed 's/lxcbr0/${bridge}/g' -i /var/lib/lxc/${container.name}/config
- fi
-
- lxc-start -n ${container.name}
- '';
-
- preStop = "lxc-stop --name ${container.name}";
- };
-}
diff --git a/hosts/lia/modules/network/default.nix b/hosts/lia/modules/network/default.nix
deleted file mode 100644
index 927b2b5..0000000
--- a/hosts/lia/modules/network/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ ... }: let
- wan = "enp4s0f2";
-in
-{
- imports = [
- ./router.nix
- ];
-
- networking = {
- interfaces.${wan}.ipv4.addresses = [{
- address = "172.16.148.20";
- prefixLength = 22;
- }];
- defaultGateway = {
- address = "172.16.148.1";
- interface = wan;
- };
- };
-}
diff --git a/hosts/lia/modules/network/router.nix b/hosts/lia/modules/network/router.nix
deleted file mode 100644
index a6aef80..0000000
--- a/hosts/lia/modules/network/router.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ ... }: let
- wanInterface = "enp4s0f2";
- lanInterfaces = [ "enp4s0f1" "enp4s0f3" ];
-
- prefix = 24;
- subnet = "192.168.1.0";
- host = "192.168.1.1";
-
- leaseRangeStart = "192.168.1.100";
- leaseRangeEnd = "192.168.1.254";
- nameServer = [ "10.0.0.2" "10.0.0.3" ];
-in
-{
- networking = {
- bridges."lan".interfaces = lanInterfaces;
-
- nat = {
- enable = true;
- externalInterface = wanInterface;
- internalInterfaces = [ "lan" ];
- };
-
- interfaces.lan = {
- ipv4.addresses = [{
- address = host;
- prefixLength = prefix;
- }];
- };
-
- firewall = {
- allowedUDPPorts = [ 53 67 ];
- allowedTCPPorts = [ 53 ];
- extraCommands =
- "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE";
- };
- };
-
- services.dnsmasq = {
- enable = true;
-
- settings = {
- server = nameServer;
- dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ];
- interface = [ "lan" ];
- };
- };
-}
diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix
deleted file mode 100644
index 3c7c006..0000000
--- a/hosts/lia/modules/sshfwd.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ pkgs, config, ... }: let
- mkFwdSrv = {
- local_port,
- remote_port,
- remote_user,
- remote ? "sinanmohd.com",
- ssh_port ? 22,
- key ? config.sops.secrets."sshfwd/${remote}".path,
- }: {
- "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
- description = "Forwarding port ${toString local_port} to ${remote}";
-
- wantedBy = [ "multi-user.target" ];
- after = [ "network-online.target" ];
- wants = [ "network-online.target" ];
- # restart rather than stop+start this unit to prevent
- # the ssh from dying during switch-to-configuration.
- stopIfChanged = false;
-
- serviceConfig = {
- ExecStart = ''
- ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
- -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
- -o ServerAliveInterval=15 \
- -o ExitOnForwardFailure=yes \
- -i ${key}
- '';
-
- RestartSec = 3;
- Restart = "always";
- };
-
- };
- };
-in {
- sops.secrets."sshfwd/sinanmohd.com" = {};
- sops.secrets."sshfwd/lia.sinanmohd.com" = {};
-
- environment.systemPackages = with pkgs; [ openssh ];
- systemd.services
- = (mkFwdSrv {
- local_port = 22;
- remote_user = "lia";
- remote_port = 2222;
- }) //
- (mkFwdSrv {
- local_port = 22;
- remote_port = 22;
- ssh_port = 23;
- remote_user = "root";
- remote = "lia.sinanmohd.com";
- });
-}
diff --git a/hosts/lia/modules/users.nix b/hosts/lia/modules/users.nix
deleted file mode 100644
index 13617ff..0000000
--- a/hosts/lia/modules/users.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ pkgs, ... }: {
- users.users."rohit" = {
- isNormalUser = true;
- extraGroups = [ "wheel" ];
-
- packages = with pkgs; [ git htop ];
- openssh.authorizedKeys.keys =
- [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus" ];
- };
-}