diff options
Diffstat (limited to 'hosts/lia')
-rw-r--r-- | hosts/lia/configuration.nix | 13 | ||||
-rw-r--r-- | hosts/lia/hardware-configuration.nix | 29 | ||||
-rw-r--r-- | hosts/lia/modules/lxc.nix | 41 | ||||
-rw-r--r-- | hosts/lia/modules/network/default.nix | 19 | ||||
-rw-r--r-- | hosts/lia/modules/network/router.nix | 47 | ||||
-rw-r--r-- | hosts/lia/modules/sshfwd.nix | 53 | ||||
-rw-r--r-- | hosts/lia/modules/users.nix | 10 | ||||
-rw-r--r-- | hosts/lia/secrets.yaml | 32 |
8 files changed, 0 insertions, 244 deletions
diff --git a/hosts/lia/configuration.nix b/hosts/lia/configuration.nix deleted file mode 100644 index 4cc057e..0000000 --- a/hosts/lia/configuration.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: - -{ - imports = [ - ./hardware-configuration.nix - ../../common.nix - ./modules/network - ./modules/users.nix - ./modules/lxc.nix - ./modules/sshfwd.nix - ]; -} - diff --git a/hosts/lia/hardware-configuration.nix b/hosts/lia/hardware-configuration.nix deleted file mode 100644 index 6f4c6a4..0000000 --- a/hosts/lia/hardware-configuration.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - kernelModules = [ "kvm-intel" ]; - initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ata_piix" - "hpsa" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; - }; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/99fc38a8-9003-4ae2-98f4-e08afd9b4114"; - fsType = "ext4"; - }; -} diff --git a/hosts/lia/modules/lxc.nix b/hosts/lia/modules/lxc.nix deleted file mode 100644 index 259c316..0000000 --- a/hosts/lia/modules/lxc.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, ... }: let - container = { - name = "ubu"; - distro = "ubuntu"; - release = "jammy"; - }; - - bridge = "lan"; -in { - virtualisation.lxc.enable = true; - - environment.systemPackages = with pkgs; [ wget ]; - systemd.services."lxc-${container.name}-provision" = { - description = "auto provision ${container.name} lxc container"; - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - stopIfChanged = false; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - }; - - path = with pkgs; [ wget lxc util-linux gnutar xz gawk ]; - script = '' - if ! lxc-ls | grep -q ${container.name}; then - lxc-create -n ${container.name} -t download -- \ - --arch amd64 \ - --release ${container.release} \ - --dist ${container.distro} - - sed 's/lxcbr0/${bridge}/g' -i /var/lib/lxc/${container.name}/config - fi - - lxc-start -n ${container.name} - ''; - - preStop = "lxc-stop --name ${container.name}"; - }; -} diff --git a/hosts/lia/modules/network/default.nix b/hosts/lia/modules/network/default.nix deleted file mode 100644 index 927b2b5..0000000 --- a/hosts/lia/modules/network/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: let - wan = "enp4s0f2"; -in -{ - imports = [ - ./router.nix - ]; - - networking = { - interfaces.${wan}.ipv4.addresses = [{ - address = "172.16.148.20"; - prefixLength = 22; - }]; - defaultGateway = { - address = "172.16.148.1"; - interface = wan; - }; - }; -} diff --git a/hosts/lia/modules/network/router.nix b/hosts/lia/modules/network/router.nix deleted file mode 100644 index a6aef80..0000000 --- a/hosts/lia/modules/network/router.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ ... }: let - wanInterface = "enp4s0f2"; - lanInterfaces = [ "enp4s0f1" "enp4s0f3" ]; - - prefix = 24; - subnet = "192.168.1.0"; - host = "192.168.1.1"; - - leaseRangeStart = "192.168.1.100"; - leaseRangeEnd = "192.168.1.254"; - nameServer = [ "10.0.0.2" "10.0.0.3" ]; -in -{ - networking = { - bridges."lan".interfaces = lanInterfaces; - - nat = { - enable = true; - externalInterface = wanInterface; - internalInterfaces = [ "lan" ]; - }; - - interfaces.lan = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; - }]; - }; - - firewall = { - allowedUDPPorts = [ 53 67 ]; - allowedTCPPorts = [ 53 ]; - extraCommands = - "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE"; - }; - }; - - services.dnsmasq = { - enable = true; - - settings = { - server = nameServer; - dhcp-range = [ "${leaseRangeStart},${leaseRangeEnd}" ]; - interface = [ "lan" ]; - }; - }; -} diff --git a/hosts/lia/modules/sshfwd.nix b/hosts/lia/modules/sshfwd.nix deleted file mode 100644 index 3c7c006..0000000 --- a/hosts/lia/modules/sshfwd.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ pkgs, config, ... }: let - mkFwdSrv = { - local_port, - remote_port, - remote_user, - remote ? "sinanmohd.com", - ssh_port ? 22, - key ? config.sops.secrets."sshfwd/${remote}".path, - }: { - "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = { - description = "Forwarding port ${toString local_port} to ${remote}"; - - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - # restart rather than stop+start this unit to prevent - # the ssh from dying during switch-to-configuration. - stopIfChanged = false; - - serviceConfig = { - ExecStart = '' - ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \ - -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \ - -o ServerAliveInterval=15 \ - -o ExitOnForwardFailure=yes \ - -i ${key} - ''; - - RestartSec = 3; - Restart = "always"; - }; - - }; - }; -in { - sops.secrets."sshfwd/sinanmohd.com" = {}; - sops.secrets."sshfwd/lia.sinanmohd.com" = {}; - - environment.systemPackages = with pkgs; [ openssh ]; - systemd.services - = (mkFwdSrv { - local_port = 22; - remote_user = "lia"; - remote_port = 2222; - }) // - (mkFwdSrv { - local_port = 22; - remote_port = 22; - ssh_port = 23; - remote_user = "root"; - remote = "lia.sinanmohd.com"; - }); -} diff --git a/hosts/lia/modules/users.nix b/hosts/lia/modules/users.nix deleted file mode 100644 index 13617ff..0000000 --- a/hosts/lia/modules/users.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: { - users.users."rohit" = { - isNormalUser = true; - extraGroups = [ "wheel" ]; - - packages = with pkgs; [ git htop ]; - openssh.authorizedKeys.keys = - [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus" ]; - }; -} diff --git a/hosts/lia/secrets.yaml b/hosts/lia/secrets.yaml deleted file mode 100644 index b2b5218..0000000 --- a/hosts/lia/secrets.yaml +++ /dev/null @@ -1,32 +0,0 @@ -sshfwd: - sinanmohd.com: ENC[AES256_GCM,data:ZB2qbUA4+AcYlIY6IaPf9aUdMV0ltdKveqVSNS2Nhq8h6kWheqWiaXgIK6vuN7oDHKomgVXWaVdxTf6OFvFQHCHMMqtm0KfvSJW+cdORpfZkEZuji5Ob/yQiNllyS8oAw9iT5YdyifLi7XkfD+dHbt+XWLQCMFPirJ8Lz6ynTYxV+N7Pu7yOhfCzPDYfqexW7Ymrjk0PI32OVgo+sE0obnASGW645dP4ydKOZM5xx9NGr/Oao2W5C61qdr2gUCoYQKZXkfItGRfCuWuCeh0ZmbxumS6Q1WeWUW09SY5NN24025TBoZgE+UdJIXuczAQy5wzpXYsDWwBXNod4gAhe76YgLydlYBpBHe6xN6OBgCewHkjCGkirHawmbYxkmJ40L6/lMFPjRmMV7yhj94Vsyx7NAW1H8yKVE/9typXUrIyxbxAOGrwy0TjlGYogAcZ7YYZ+ipmkqNlQ1pliA2Kha+2ZzPG0hV8NKhydNr0cz5ylfL4cQaAXxxg6YHOUYL0DGbfMXMpZKTt47TJcY72RWDaUr2RsmhJ+k2vNBDY3I01n9syWnlk80h2bs1ILJ5Ad3PP8Em8yGaXJLM+3,iv:VoDyy+h3UHL0YJPJ7rbgLTZZzIPCJTD8yBPXNxWjHqo=,tag:zGQXrE066SDMCwgZpC9/Pg==,type:str] - lia.sinanmohd.com: ENC[AES256_GCM,data:d2lDCckpWwMtGu8Ra249NnUVt4OtP7JqtVZG8YD9oLtLmAbTi4kLZnYU+0EN7Fs/Z6dxNaSkYLnvJQO08Hr1AlVT12z2TXoWKHokzgMXYKPIBhioHLXg31BAwC9T/qPraxxzY+Jo6zSuv2RK1Xi6+74w6llE9t/eY1U2nJb9VnmtsB+ae9O5BgkxSkdGL/rhnXZNk9p8OhOcmtOnm6kPHVXG0DzszpvWmalsJE3nPmyxe5zB+7+UFj8rFgcktKRoY0bhN5SOMZfFSly7nRkr3WL2mbaVZgZD2g+kvzanYU64NKF0+rbVdKf9lCgVRMSS5z22QSuKOLuZjLlCRml9y254iIVxfV+BC2Y35QMk+Aa14jlHcRowFN5KxZ3dAeuH8TfVuSg/8gfSXwTMAHTBbEDeVvomD09vmuZoVCckrAZzSEiA8alcxKyaHGw4ZiAb1e+DWRSxDDeS9iibHsKrZgZ/RstRdT2qyqF0prbY+wFbajblGrUZhbIhfkPNe67iiTD7HI0Trg3PcC8Z1m+k/gWlhERpi+74TRzHrN1/dAokLBI/j+9I3YRTWR1qNScEr5RJNZP4UQh2TlH4G//3+0J3PM8Nv0DF7cfuOFpOLrob6SAaSRv3Ctn5ZmQM4Ib8uMluFB3MFkwqD/j67EINR+OD3VShdy6ydrIuaWREejhCR3SHnoZp1OhXTNdVzXwKYwFIkjHNGs3uj4jhW37xA+8zvuuqVZUGaXbbETsgIwPrwpFaPsxORkDREVhLxTtXsuHtzASzV7GfQvtArlM1bk5Ne3S75IeSc3ZnJUuAk5fPWjuHHuMDv7FxddNHctgE/V1gmzA/w3FtfYeaG8K2ZUeh1cCxGmou6aRv7aacAB9AdKeLtzr899VYC4bnPCpWBEMgN3Nqhdo/YR3bW+3pLbV3S1M4O2FxrZHjlgS4sffHMe+kNuzVV1GEpc8xybPIS5AAeWuOankmflf+CWg6fVSinHvlwILjRrK7cMCroypPv2p4dtn4IMaJ6MGQsNzDMF7CN6H3XOmOONsnJ8h/dUL6EwJCW87gp5lC8BXcuE93LgUHAVx9SttygpaAmTIWN48BsJosWbvK5Zw7nCaCce7WtxeUuAKtHdhLsLH7WhfQL5aj3aF8xgDDM3b2qOp6gkNI0q/8L0yEGRRg70c3jAu6ojZVD4iq9hS8ct06jVzLdi4U4jTk53NAGEiMbGiSaHTlmPvjwcV1+RYUut7G/a9YVvAgbtw2TKK00EaCUNHefuzd4oWc0jiMUK8OSH9l9gT5usWXOPeexyNNLWHniMympqVoudQXSj1PEvEixXYZYZ6Vp4LuHsdTtLCsTu17J0/7Ob/PdSGXU+BtJGS+EnLbxMgMHHiWk4hd2z5h64DgC9vrSVHqFvd68gGL91bsKw6rnmtEOcuTdY4DLzP2HSGtN6Erxb52XZrVS+fm4zJO0ZR45bN29NBB1rvhUe//ln+ny6tbgJ/mQ1wJIpXtLMOeBsKZqN2x5eaCw2bFqJE+yOwFFcbwTvuyDSsCeJh40LL0Dypfc5FvYmta8rChNw+MpwC2++T/t2xgGcHpvh0o5WcdbtlUm+7H8PAqsK18DhF9GSLxEpCTS14FT5M3GFNKOYGub+Vt+jCWSPrvnZXCITNdBXR6PD47iyqY1Ot00+f213ZEfVNZayfoxr4I3JzwNLJOvdHdxIza2qAyKW+tm+2N9tp0TtGoHUE2vUc9Cm0rxw84rllywqrehwi9039bS5mn72pRtN06ZnFKQrVrx355PsAyYlQ3VkZ2wpuxVOB2i8ko0ujebgO411XjgOQBeV8lNy02AcduavRNQ5z41rBnbhuj+sI5u8xli4kPrpfqeuLACaT+eWeYSZtCy7qY75BYaguhcqKAvRUfUTMxDUyGBkUySKydcNL3ErVU47jLB8uMm8RFjzkRAEKjraR+1PH8GQ+qhTA3e6ZtzNTZ0i9c2hFT+6vrLZ7gNrpC53s3wrkK43yU5MC8JaSe3mRx9v00EqUaUYOnrJZWs5H6LXj6T2OIhQgaTs6ikvGpY4rRE7lkn2jqQAXf/9aCDuMj9fiWanCXgJ7LFSwuAESLe7CmwdNqOl2cyEns8DuChrAq7zdykBv9VbLYfijlzrD6ezcmHGImNTTG+uX2PifuvK4JphOFbmK0YWGPK6//7gJfNtUMReKuINvPZg1X8U8ayQ8btYjmzIpxJeJ2/NvZ+WoKYewttAZhSHbo75I8K1cBEjUvrevwXmPeYvG+iWYyZkYENx7gGCNGyHpdSEEYBL4QdsgkbQWJDRQ=,iv:t825d9WWByfMZXwrtKs2JBFVoEAoAXfYOBmlhWN45hU=,tag:ZVPiwtKwhdYzh4IQyzeb9Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZzlrOEpXQmdLVyt1MFRS - Q2JUU0N1MVNzLzVLcWhMb25uL3VsLzJrdFRNCnI1OWZFTnpqc056M0RYd3gvS1Nr - N2VEU1kyU3JuYjhhaUtuajg2cjQ4LzQKLS0tIE5qZmlqVGN1WXhZWkw3dGwyNTdF - QTd0V2V3QVVHbnhRUUt6MkRzYm5zeEEKFkqGe6Eg1BEPLqMkxUg56hc+sn0p4KZV - kThyib3g0KsrHpQM05v4CK0h6qlf8HXwvwJVx9tis8Nck1IW3zS8Pw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1l9kd320xj89vdr06u7ej8fhjrxl470t04trgwd3jwzczknf05aesv2pp8x - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6QzhPYXcxQ0lRS2VwaXQ4 - V3JUVDJyenowSzhFenBKYlBEbGNXTFIxUjFNCjhmWm5aQ1lTcTJidzFiT2J4R2Ux - b2ZjTWQ5WWtOY1BpZHVJYzN4clNlU0kKLS0tIHpBWU5zQWNVTWZ0TTdSNFZodkVq - RG9hL2hlYjdaYTVJWVFlSE4xN1poUHcKe4BPaVEyc3W1hyu0jOQcEdZ1kl2aQLgZ - fHDs4kDeCcfJI/s5Cb/YD3cIp7HB6FBoe7LHiNiJbyJGR0wJecLqxg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-11T16:35:02Z" - mac: ENC[AES256_GCM,data:nsLGZ5wvmj25COI4G3BsS8dzwpa59zs85Ztm4eZaXITAdMjEgfmHR8eHItzchSijH+PRaJH+pZZNN3kpkDeujGYTiOzfc1t2dGA3Vx6XACCNaZs35vmvbB45VV07a5mjw/Wy3k0ZDOcRCHXQOQccaPshUMzU7FkXudm7PkvoyTM=,iv:Rgfaab+egy2/AwlM6ZMVA+7E5cqb/r9mI4ptMit/SKo=,tag:LVSYkTzTxBRAIFxDkB1asA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 |