6 files changed, 102 insertions, 70 deletions

diff --git a/os/lia/configuration.nix b/os/lia/configuration.nix
index e720cb0..6e5323e 100644
--- a/os/lia/configuration.nix
+++ b/os/lia/configuration.nix
@@ -11,4 +11,3 @@
     ./modules/sshfwd.nix
   ];
 }
-
diff --git a/os/lia/modules/lxc.nix b/os/lia/modules/lxc.nix
index 259c316..012695d 100644
--- a/os/lia/modules/lxc.nix
+++ b/os/lia/modules/lxc.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: let
+{ pkgs, ... }:
+let
   container = {
     name = "ubu";
     distro = "ubuntu";
@@ -6,7 +7,8 @@
   };
 
   bridge = "lan";
-in {
+in
+{
   virtualisation.lxc.enable = true;
 
   environment.systemPackages = with pkgs; [ wget ];
@@ -22,7 +24,14 @@ in {
       RemainAfterExit = true;
     };
 
-    path = with pkgs; [ wget lxc util-linux gnutar xz gawk ];
+    path = with pkgs; [
+      wget
+      lxc
+      util-linux
+      gnutar
+      xz
+      gawk
+    ];
     script = ''
       if ! lxc-ls | grep -q ${container.name}; then
           lxc-create -n ${container.name} -t download  -- \
diff --git a/os/lia/modules/network/default.nix b/os/lia/modules/network/default.nix
index c8d9059..3d58636 100644
--- a/os/lia/modules/network/default.nix
+++ b/os/lia/modules/network/default.nix
@@ -1,4 +1,5 @@
-{ ... }: let
+{ ... }:
+let
   wan = "enp9s0";
 in
 {
@@ -7,10 +8,12 @@ in
   ];
 
   networking = {
-    interfaces.${wan}.ipv4.addresses = [{
-      address = "172.16.148.20";
-      prefixLength = 22;
-    }];
+    interfaces.${wan}.ipv4.addresses = [
+      {
+        address = "172.16.148.20";
+        prefixLength = 22;
+      }
+    ];
     defaultGateway = {
       address = "172.16.148.1";
       interface = wan;
diff --git a/os/lia/modules/network/router.nix b/os/lia/modules/network/router.nix
index b8cac8c..4f22e31 100644
--- a/os/lia/modules/network/router.nix
+++ b/os/lia/modules/network/router.nix
@@ -1,6 +1,10 @@
-{ ... }: let
+{ ... }:
+let
   wanInterface = "enp9s0";
-  lanInterfaces = [ "enp1s0f0" "enp1s0f1" ];
+  lanInterfaces = [
+    "enp1s0f0"
+    "enp1s0f1"
+  ];
 
   prefix = 24;
   subnet = "192.168.1.0";
@@ -8,7 +12,10 @@
 
   leaseRangeStart = "192.168.1.100";
   leaseRangeEnd = "192.168.1.254";
-  nameServer = [ "10.0.0.2" "10.0.0.3" ];
+  nameServer = [
+    "10.0.0.2"
+    "10.0.0.3"
+  ];
 in
 {
   networking = {
@@ -21,17 +28,21 @@ in
     };
 
     interfaces.lan = {
-      ipv4.addresses = [{ 
-        address = host;
-        prefixLength  = prefix;
-      }];
+      ipv4.addresses = [
+        {
+          address = host;
+          prefixLength = prefix;
+        }
+      ];
     };
 
     firewall = {
-      allowedUDPPorts = [ 53 67 ];
+      allowedUDPPorts = [
+        53
+        67
+      ];
       allowedTCPPorts = [ 53 ];
-      extraCommands = 
-        "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE";
+      extraCommands = "iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE";
     };
   };
 
diff --git a/os/lia/modules/sshfwd.nix b/os/lia/modules/sshfwd.nix
index 3c7c006..b7e8d17 100644
--- a/os/lia/modules/sshfwd.nix
+++ b/os/lia/modules/sshfwd.nix
@@ -1,53 +1,57 @@
-{ pkgs, config, ... }: let
-  mkFwdSrv = {
-    local_port,
-    remote_port,
-    remote_user,
-    remote ? "sinanmohd.com",
-    ssh_port ? 22,
-    key ? config.sops.secrets."sshfwd/${remote}".path,
-  }: {
-    "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
-      description = "Forwarding port ${toString local_port} to ${remote}";
+{ pkgs, config, ... }:
+let
+  mkFwdSrv =
+    {
+      local_port,
+      remote_port,
+      remote_user,
+      remote ? "sinanmohd.com",
+      ssh_port ? 22,
+      key ? config.sops.secrets."sshfwd/${remote}".path,
+    }:
+    {
+      "sshfwd-${toString local_port}-${remote}:${toString remote_port}" = {
+        description = "Forwarding port ${toString local_port} to ${remote}";
 
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ];
-      # restart rather than stop+start this unit to prevent
-      # the ssh from dying during switch-to-configuration.
-      stopIfChanged = false;
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
+        # restart rather than stop+start this unit to prevent
+        # the ssh from dying during switch-to-configuration.
+        stopIfChanged = false;
 
-      serviceConfig = {
-        ExecStart = ''
-          ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
-              -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
-              -o ServerAliveInterval=15 \
-              -o ExitOnForwardFailure=yes \
-              -i ${key}
-        '';
+        serviceConfig = {
+          ExecStart = ''
+            ${pkgs.openssh}/bin/ssh -N ${remote_user}@${remote} -p ${toString ssh_port} \
+                -R '[::]:${toString remote_port}:127.0.0.1:${toString local_port}' \
+                -o ServerAliveInterval=15 \
+                -o ExitOnForwardFailure=yes \
+                -i ${key}
+          '';
 
-        RestartSec = 3;
-        Restart = "always";
-      };
+          RestartSec = 3;
+          Restart = "always";
+        };
 
+      };
     };
-  };
-in {
-  sops.secrets."sshfwd/sinanmohd.com" = {};
-  sops.secrets."sshfwd/lia.sinanmohd.com" = {};
+in
+{
+  sops.secrets."sshfwd/sinanmohd.com" = { };
+  sops.secrets."sshfwd/lia.sinanmohd.com" = { };
 
   environment.systemPackages = with pkgs; [ openssh ];
-  systemd.services
-    = (mkFwdSrv {
-        local_port = 22;
-        remote_user = "lia";
-        remote_port = 2222;
-      }) //
-      (mkFwdSrv {
-        local_port = 22;
-        remote_port = 22;
-        ssh_port = 23;
-        remote_user = "root";
-        remote = "lia.sinanmohd.com";
-      });
+  systemd.services =
+    (mkFwdSrv {
+      local_port = 22;
+      remote_user = "lia";
+      remote_port = 2222;
+    })
+    // (mkFwdSrv {
+      local_port = 22;
+      remote_port = 22;
+      ssh_port = 23;
+      remote_user = "root";
+      remote = "lia.sinanmohd.com";
+    });
 }
diff --git a/os/lia/modules/users.nix b/os/lia/modules/users.nix
index 26f5dc8..3a44104 100644
--- a/os/lia/modules/users.nix
+++ b/os/lia/modules/users.nix
@@ -1,18 +1,24 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
   users.users = {
     "rohit" = {
       isNormalUser = true;
       extraGroups = [ "wheel" ];
 
-      packages = with pkgs; [ git htop ];
-      openssh.authorizedKeys.keys =
-        [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus" ];
+      packages = with pkgs; [
+        git
+        htop
+      ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZcWF1zVyxsCdZ/j+h+RlHZlyhgY2Bky03847bxFNSH rohit@victus"
+      ];
     };
 
     "sharu" = {
       isNormalUser = true;
-      openssh.authorizedKeys.keys =
-        [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAAaAUTiM3YY7E/7lq44aX+2U0IYhp2Qntu7hINcTjF sharu@lappie" ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAAaAUTiM3YY7E/7lq44aX+2U0IYhp2Qntu7hINcTjF sharu@lappie"
+      ];
     };
   };
 }