diff --git a/flake.lock b/flake.lock index 4f0d4b6..552c532 100644 --- a/flake.lock +++ b/flake.lock @@ -19,21 +19,6 @@ "type": "github" } }, - "cluster-module": { - "locked": { - "lastModified": 1635790675, - "narHash": "sha256-hWwS/sX46dEIw+swRfB8KZq0T/gDpryswTkZy5n0BAc=", - "owner": "mrvandalo", - "repo": "module.cluster", - "rev": "299f5e9f4d9faa2abce40ae853601e11eecd7383", - "type": "github" - }, - "original": { - "owner": "mrvandalo", - "repo": "module.cluster", - "type": "github" - } - }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -895,7 +880,6 @@ }, "root": { "inputs": { - "cluster-module": "cluster-module", "colmena": "colmena", "doom-emacs-nix": "doom-emacs-nix", "emacs-overlay": "emacs-overlay_2", diff --git a/flake.nix b/flake.nix index d2fbeeb..7f56cc4 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,6 @@ url = "github:mrvandalo/home-manager-utils"; inputs.home-manager.follows = "home-manager"; }; - cluster-module = { - url = "github:mrvandalo/module.cluster"; - #url = "git+file:///home/palo/dev/nixos/module.cluster"; - }; nixpkgs-fmt = { url = "github:nix-community/nixpkgs-fmt"; inputs.nixpkgs.follows = "nixpkgs"; @@ -75,7 +71,6 @@ outputs = { self - , cluster-module , colmena , doom-emacs-nix , emacs-overlay @@ -170,7 +165,6 @@ ]; imports = [ ./nixos/machines/${name}/configuration.nix - cluster-module.nixosModules.tinc (sopsModule name) home-manager.nixosModules.home-manager permown.nixosModules.permown diff --git a/nixos/assets/tinc/bobi_host_file b/nixos/assets/tinc/bobi_host_file deleted file mode 100644 index 0969327..0000000 --- a/nixos/assets/tinc/bobi_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA4N0Pm09nePnlTUtmJLVTxEP41i+9kd4tke6KjG+PIbGI0xrgZJBX -sP6wK3vf5q3PZp6U3a452SjzSWKQtjXA94Zmr4HaWqYQJPtJlJcsNeWbx/I0WoaA -918iltvgkLkPKITZ1Gp6iYtKjIn2vxOKv+Pm/YYSRGB4RE3GE5M7TVcitnC89lxm -bK8GAnUs4xUXE4DWund0h81j7XWJpF6T3N3+rlCrfmEfYYmSYg2DRkprGHvAVP26 -kWzjei9sIfPVgL0iSprOxqfAw/3Sz0uk3Ny6YvsJU+N4e8QTKQTi75XlkAWbG9OF -P1+1xFDX3d0MdPPNq2c6hHI4VmTMDYVqMPztZNOOKKe+GWBtz/Mlbb55cccNECYA -eVrAkhgUqjFF2lOFK1j7Ivf8ogETUcYRCEaLEZyf5Q+DuHkGzct1DBVEKn23dR2E -B8eDm4ap4YxmrZymPbbl5IUyc/d9pmm04MFWMOifDlw5KEH3+ia93ma3ByBI3UjP -kAg8po3rh3WWjpI26E8icjSjkJ7f1rRsEWmNAf54JwPHkWBZIoUufVxvMNZ9PXn9 -7GdP2Z7z+Tn6zUDA62Z9DRDmRGEnuDio450dNMP6ZNWj6leYBbnkP5JtfpRymVKW -GVJfpMwSlf/qP00Jd0WQQyICKQOIns+4jzCvRcOLzSaPj7OvgVUnx00CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/mobi_host_file b/nixos/assets/tinc/mobi_host_file deleted file mode 100644 index 32ace85..0000000 --- a/nixos/assets/tinc/mobi_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAxubIDrvtrZ6fKPkuwQ+sK6YlToTfVtg3HCTOR7iDf47arkuG3dTb -BgnkbB/8+KzztaYLQoLnGFugxKKtMGBvMGCo6YLtxrjuaz3aDmhpmGCJh80r80/i -8WWg1CAkboKHmaiFpS/LBxAWQUGP+YJSoTLuDwtd794wX9MxLh4x5uGRp4rCj9+4 -DdGemLZkZz6Je+cBkf8qrw1Dr8CPiJk47a7bZhyKVnQ3PyvrGOjFolfcI22xp8j3 -7y55DIMWhVsm6EWFK4/pzAqi9JdRd7xy8c9WRIcAHJDlSdf+ERbIjUDJC8fgMlNl -UII0SqLnBscIbqz2dMuoldeqg9S1fOiTekReLJqpLmAIn+iwpT8KW5QaESu2eh6M -Ok0sJ8A+aphuZ+FDd2FUmWQiENnPzFGYQ/SuNAA7hR5plSCbjpodulNQFY93I8y3 -vRru6rm/ac+7SehWPBgHGl12UJluvHn32Q85bJ2vdtn9ONgcOdjSLA58nzfc1hv/ -OA5MzIJTvDJqwjZew8A/pyz6kxrGBqnXCzzt46tvj0yZ/VhIgL3qDTR/wzRV3N14 -3Z7TToIQKBPSYNxxCEHXxVQb8oWdGzeE7X52iFeYKhxj+ikZxkoXhCgIRYrDBQ0k -lnpJU+fbeFddZ4bAdqPxVT+perK33Wzgp9s4+KLh8ldpcRm8S29sNIcCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/pepe_host_file b/nixos/assets/tinc/pepe_host_file deleted file mode 100644 index 0a9d3ed..0000000 --- a/nixos/assets/tinc/pepe_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAmAyz71GoQq2Mn4XeUVcN9yfgxeWT57li7i6Te9lq7OVAXQ+CBtD3 -puTMrW3/LXOIS678E2iMYPmdQzMZLmADi8+ZrXOqX98uceNv5bPrTJF0z/RA9Tif -kfh78GcJCGHmZz+GGWu1ExtSa5ekBdamEtehW6vAGbrPM6Umu9B2UCn8zaSx+RGe -Y7Z81wO21+ywUorMPTbHeuPYZW+Z8L+QKHO9NdYhzZ9zMPeVMi0x/mwIZqXJ57Wz -57nx0rrPh+e+5cj3Jh+i4HC76mxPGCyCdvf+60d7W87UZxPqRiTLt2SwgltEKf56 -jBsVeOb5Fjzb6LcNGWfF8zNh0w6rAQsG4W7l93VlerTd46GtG2XW42JkGhuKb8JJ -L1olPUmbcDbxlQGGUNaI7thAzubszAzinqyat3oU8NjgDJJIueHLmo752RW+yHUY -giyRSBYtDRM9cE3s848WsToO5BtjXLkg/rC4WIWX2MNJFsAZXzfHWDmae+ajpoVy -Gl6tGYbLhjd8KtSWB9kB0OWsV56f4KmWeRxHwTgylMO30l6v+XRdnoRUAp9wj8dV -c6HJHnn5b2q4dk+qwWOYgwvpRFnSixbCCT4PoedEU9xVOzLmzxRtGmkzPsOXEOj5 -6r4Jvk0jw2LTkhEVX1CPblTrGpms9NO02SXNHkF/Akw7PGuJu+w3HZUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/porani_host_file b/nixos/assets/tinc/porani_host_file deleted file mode 100644 index b6c8e00..0000000 --- a/nixos/assets/tinc/porani_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = 9JI8y56NWiKMRS6g/k2H3VgTEw0q+8UEDDJdiCjOl8O ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA4Ff6XRvf83XSuWUkb70Yz+cWo1/dq4LBh5ZG7SJypdIXYnWQpQJc -sLRfAS6nJZ6VixNADx7A03c8TdADVaAgl591rLd4CSzM22EgaOFstU2VO/MfMKHf -v+WUQsrTE6CQ48SW+MDbSZZ7M7FRa/A6hwqZc5qygxdG/tgTei9pmTfqW+ZdQBWl -IeCCINiNSA/fD+FjWXslZIFRZ5sQ7AYZJgL2nFAueY+cKtRZy3tcDL1v6mhDdIrE -h8JjEUiayQDGnWmBlflLqE3ODqEsEKoL6W7epqK6PcwvZQxSNwrZe/wzH3oTC43m -Yg7TQGr0v3SnSziXv3cJvcHfwr9+huo37wTbUJNmozGpI8nLszfUTEIfhbu2ODQv -R2iM7FJcE4wV48y9aybEnESKA0vsjgI23RIQfxkN0oii7L6NAZVHgl/JJBOtCMXf -V5uXAdOtkv9UvfofrrV0uahncvbz5efPTSPF8fS5EiwzWfDUW6KHrp/9+gDcnirn -H8HvmmNVeOGWA1xlrKgi8kiBHv5BxCXfurD0aD6ZIlxdLjJCvGfnLnJZ6gr//GAf -1BJJVei98uZzihNe4VbRF6Iaphns1KezsdygMsEV9gDIJw3IIqTukcUK7AcBXhb4 -IJ792j2iRwUOyiAcUYLeVYzAt3xFN6wPNcC/Opdo6TVbdMZu2uS1ZN8CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/retiolum/host_file b/nixos/assets/tinc/retiolum/host_file deleted file mode 100644 index ec35af7..0000000 --- a/nixos/assets/tinc/retiolum/host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = kc1SACqsoYjk5GimZfP+eszfJmUzZkMQhWeW42UKjfL ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE -8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4 -oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/ -ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD -ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ -ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu -MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL -rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo -sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1 -EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH -yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/robi_host_file b/nixos/assets/tinc/robi_host_file deleted file mode 100644 index b5ea6ab..0000000 --- a/nixos/assets/tinc/robi_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1wwdd6+Qgn7fiC5C5ueeAsgfG6LlP+5zfb2r8/RZzFkKK+wX0QRx -6i3Dm0SwAvkKYKowEHhpDg941CrkuTGN2wnKvxoUNvaAe+RBK2EZM3xPh0eTP33T -igNEHAcdHlgwd3aaNRmYxC41uUlAjD8JPkQ14yAvi4ZMeDRGQxw3on7Mx8NBwgDp -V2F45c9WpYzaocPCREQE7xLpY3prYpOljqd3hGnBQjdruxnAtIh7nb1SSlMci4RT -Y2d6aOCiDKgtqrPtMSWp0RkuhIlT17AK1b/5+TE4vzcFNkt6xQJnH2rm7D9niXZ2 -+yzl5DsVONk4z29MnEInqzcVY8m6iypjjntBTkHtFWJc4ZMnJC9FBt7il4V2NL+/ -T7uHV1KDFwRZOtfd0WWlgpg3HsZLc+pmZNl77bggcc56+t3FC5UPZKMEEmU7TYtp -jIPYnOV9C7ReaOpYvHJi/6NrtYUjBd2XbtD959cTFR9PpXMaNWh2R8+K7r/tFZrG -q252aCc51J+JegfnhtTfOfPPn7BHV+ZsSQBjMrxz29igOlMPnyOvaxB4mxf6ipoX -HDY7QnQ82HTZCGQ3vPVEgNz0MfsZU0VocazOYOh3RpKBbKaYqo1i8PqKpqfjC7aR -AdbrqBXGFcBbXkna3BQDS4xmK35sUG08OR1g24uiNFKzy8rK+xcp790CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/sputnik_host_file b/nixos/assets/tinc/sputnik_host_file deleted file mode 100644 index 3904379..0000000 --- a/nixos/assets/tinc/sputnik_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = ZK9iznseTpMqjaMgDJ7MdjYaq62QlEOFquLfVxlLpFK ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAzBU8x9aB7F3sPJlcg9avJiSrsAoTHsMkfk6uRKFVjUjuNJgb3rjW -gyQ7krftLAyxLkTYJzpD+4D+qWiudEgju7W+BU65/hudMIvBmbRYqXmcQlD9B9Pv -0bVAazHJ80wN8GJD060Wq6XTtkrtAJhPmQSyMt0xU4WmWw/39QBX9rWtOTy75813 -qrfuv1I11YcVQ3jegPLUIzlZqz6LeouCXiP7IRIa+WUXIwAdAYtO/RJC+tty6zyI -BXNd0Mkvpf0Qaw5joQJRXkdb1sWHOZYh75JW1QWqFMWCclkGG7/Dve4KzuO9N5XZ -ZMs/MCtDkJQpweNDT3aaiqZa8Oj29OXs4HR4FFrvYkY+qqmKCUqS70FYLo45uNx1 -sRb7GKX8/dsPyOGHfXDuFTSXsKLh9gNLMlF/kuTQ2yJMfeMKdC5jDClL145Fm0ux -akH/PWSS9DENxSu0GH1sTQnLyhc4mVzOehu1XfR9EALjYY0BNBUir7aAaiLTCbq9 -LKwMaF/D467W3j3Zp5xEAsf8xYC2CyMl1Df43zxcxLY+3K8/kUM2rkU7ocl2VT3o -7yNC+JqQz41n4SDOXBZc6cfxUXj2MqqEw9Ywgs+aXZiSCaVOulhyXj0TSE1mX1NI -woDHEzyx7q4AryQOWQsLq5JimI0v2/xN2yz+cNXoetDypjEWnws4e/ECAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/sternchen_host_file b/nixos/assets/tinc/sternchen_host_file deleted file mode 100644 index ebb806b..0000000 --- a/nixos/assets/tinc/sternchen_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA1vhCFsFK0QSYDlXSS6ngpZbilplYtaPBzbxWYGAxa5vNtwoaO2Tz -BZ4ptvE26TR2+Jygvlk5xdoNYAL/yhNI9p86vs/pA+sJmBlsYAWOA5qAnXoIL2u4 -1CBB9t+uMnQKhyPoBoDq6QXmM1HlFhxtkKVlLyEHxARxu7g/inFtghPqYD/HyjVJ -V6h9OdKEgY+wcn6GGLXGjrSMAsIZP2w8fPQfS45UAtjK+cFODFKElxGZrjqgJP1w -/Jw6nB03yKMGsMHNkiwC2BJbK3+pT92JfyqXRg3REw0hVMZghcsoNtWfBoNYLvFY -qwk+bvf5bVdLxLMEv33+B3F8SScXuwMUpBwCeMi58ltt+OuOVhh8PLA9ncA6tGa9 -tzyUo7i8qjGTremSilWIdRYqOexriPKCdnYcJcw/L9Vl2H3QbIj7uVxbszQbqDGS -KM43U5cXgpMIYI9CwxnWB8np7n/IXZFG5E+9afd4kYTLShzaObzu2I1yom0O4Ks7 -HsdvlsBgv4iT6ctquHtU6IFsa/Wfm4ntDiAcczoQEXs0F2v839FH62TPTY70xzyd -wQhAdCegb6MYVmVmQL9jv8QDfxwUxtsohbW3ncBDYrdy2rmeiZDGaRJVEbyf6MKI -OfaobRGXY0NnOURX9/fkXSydDKd3rIhOMubfUq0+Smm3YrsHWeZVvNMCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/sterni_host_file b/nixos/assets/tinc/sterni_host_file deleted file mode 100644 index c9e8262..0000000 --- a/nixos/assets/tinc/sterni_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = Hm+YwSe6XiRNQD4HfJPgTB8UFVMyVi0vy+3ofMnW6jD ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEAu7Ajx9+mEaDK/ASZ5hoVj3X3IkWl+8MAhmj7dwnhqc4YrPrvwKE4 -cOnVcEUp4K4pyIHUG8zhsesstfpu/0owLQaz8Cekr4CyQWsjDfi7K/QiAN+v2O2m -DQOjrYzDvRyBa20A2MnO1kZU/aFHE9qcIHefZhQUZyv97j+QcsE/FDuIH/RAua6/ -p+br2tfecePGH6f0fMk8dp+YbxcjjVyhJkjyaYF2r+n+YflDl5y3ngxUFJ0UnNE0 -RfYJf2NE1wzt4rIdnYobFP3vifDIeYj6M0LGHnURPsT6zP+zStZ81MYZKrNlTJ37 -sbZhorVmO6x46xEWaDUd7UqcKJBpb7u8iSAE4S3tHLFRxBs60dPS+3UEraiTvTHr -FvWTq1Q+t/FivTxXEkVt74N5auOKbT5AAkztak21Izx6enspdx6da2aLuJD5I0OU -3F4kd8lW5PqEZubkYziDwcVoNsx88hQzHi5l2aRdzY57o82+ltWw4xXmAFR2o605 -SwVJ4AUmORHuIoDYSR+UgbtKHguxVaTLVggdfvHzlDQ1VERwEU58awMwPLU1k+jP -3QW7ehPLKRN+StB6LBlnmRD1ltkaPY5iy+NMXj17hJx0trpz3qoCuv+5TRvsGvQ7 -Je/G7c6suIGd4HbA9TvCinW6/JLbJQlDiG7MD2oCOPS1pdayUuB9Jw0CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/workhorse_host_file b/nixos/assets/tinc/workhorse_host_file deleted file mode 100644 index c74cb52..0000000 --- a/nixos/assets/tinc/workhorse_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = sPs48jzCdtTv0Viy2Of3HlXipfxH5Y8bA+KYVkOrSiK ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA01HJ49zxmnixWC9YMP0c3UFxZc4Hl5UK9nJvhMRBOuxm75kpzZsz -3v6mSy1YrVE9rrGXYjZ76wKrRhchMpvrMKKD8/DRjVqTkuFwtGgUEigzpSFoSLtC -u2Wis7Z6GW3nLgAS79NU9IUUEoeevND1zzglDb0HdERuiImiZVg3I+VXLyA31X3L -Z/B7T4QLmZGIRvFw0y1TawMjFMJZmDBtzMqfO7behkms2O1ORAciGhGxmZ9gd7yk -n/NKCpSSzeC6sJ28i33LRrWF3hRUXAEJFgq8YRxm6mjRoPLsJVsw2S98DvTcxmjN -eyVnqPVQi7JuKrOQsewQvwV2KiqI9ibEYH1zZNXwy+l05b3QSaAcyRtDpwRW7FCY -H4B3S0vjte75D4bEuYTFgT3wCzlAjdB7fPZ4jyZXdrP8G3IfbMmgsdECz5uIMwam -UaSZISlHkSJv+erA8TMJLBnqAO7ERKYI7PRIDdIun0VtX2QjRJpWIdVpxEcL4fZU -w6gzX8lOQe5NnoH/MFUfU0LyBuUH1k6WX7xdwrynUVS087vwaQN+H/VTp0QSX6PQ -oCLYPCGKS2B/St954uaPanzeG7QZQpWbvttaFVmUSkilx78xqqu3zDm9pSofFKCX -08TGlluy8JAwUqAxekQVKey2PdLmKjlMCcoUeNYbJybGplc9gv2hYhsCAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/assets/tinc/workout_host_file b/nixos/assets/tinc/workout_host_file deleted file mode 100644 index f211232..0000000 --- a/nixos/assets/tinc/workout_host_file +++ /dev/null @@ -1,14 +0,0 @@ -Ed25519PublicKey = r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O ------BEGIN RSA PUBLIC KEY----- -MIICCgKCAgEA7/bur2JIXzNrsgjQ7kfoaLUVCC9S7HNNdDrlnSdum0sWvN9urdxS -1OfzqG+kjDhQ0sS4fEeYyLMU8W3/aHkSbMjfKBiZS70bg5yHRepUEPZNqDqR3+rO -LTAGWMi/IQQQmnfcN5SjaNY/ZyXoaPd1emlpV2UXBvXo/bQTl+pmOt7AIAh7Z7M6 -X5KAwU23kUwrfn/7zFCw98euNEPcCKpdF5oD4+G+S0PGfFvBmE6Xoi2blM1rcjJ4 -39IGVCsKAlW1Vg48yj7FypSSjaFvIW+kyRcNNTEZ4V5p50Vm7DfylfW96NqAOeuz -2aSVaLhvmu8fU9z+g95MdGZOJYd57jFt76GbkwcLCF8KBCP9NhMfOQu0i1glk+AP -CcJcDa/Oj7lLQVB2+holJhw5fkHH2Yi+L+UsjIF0iLiOSTjGJp4yRT9Al9pgMCj2 -O1JUMYxQ490mSFHBomNv1fq+f5VJnytEwAkJH6AgH+RIcAC5/r+sowfLv+Gy0ga8 -jKG6t9d/x6lRNv0x5sUhYkiUD9Naq0NncaZz1GtkBAyu+hUZx2+zg3r8He4XoiXx -zWAQEgcW3X1/9VC7IBvaK9cdLG5pbeGCBaDv8S0Ue332mM0XNDlffjdC7Sg9f/TG -YV8MHpR3RwwUqdi6WFPQqVz5Hv1pE02v/Uw6tby1UgAnzskrufPh+m8CAwEAAQ== ------END RSA PUBLIC KEY----- diff --git a/nixos/components/network/sshd/known-hosts-private.nix b/nixos/components/network/sshd/known-hosts-private.nix index 804e1b0..1f23b61 100644 --- a/nixos/components/network/sshd/known-hosts-private.nix +++ b/nixos/components/network/sshd/known-hosts-private.nix @@ -1,4 +1,3 @@ -# generated by updateSshKeys.sh { config, lib, ... }: { services.openssh.knownHosts = { @@ -22,43 +21,5 @@ ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; }; - "sternchen.secret" = { - hostNames = [ - "sternchen.secret" - config.module.cluster.services.tinc.secret.hosts.sternchen.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; - }; - "sterni.private" = { - hostNames = [ - "sterni.private" - "sterni.secret" - config.module.cluster.services.tinc.private.hosts.sterni.tincIp - config.module.cluster.services.tinc.secret.hosts.sterni.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; - }; - "pepe.private" = { - hostNames = [ - "pepe.private" - "pepe.lan" - config.module.cluster.services.tinc.private.hosts.pepe.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; - }; - "bobi.private" = { - hostNames = [ - "bobi.private" - config.module.cluster.services.tinc.private.hosts.bobi.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk"; - }; - "mobi.private" = { - hostNames = [ - "mobi.private" - config.module.cluster.services.tinc.private.hosts.mobi.tincIp - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk"; - }; }; } diff --git a/nixos/components/network/tinc/default.nix b/nixos/components/network/tinc/default.nix index 485d247..d6d232c 100644 --- a/nixos/components/network/tinc/default.nix +++ b/nixos/components/network/tinc/default.nix @@ -1,14 +1,37 @@ +{ lib, config, ... }: +with lib; { - imports = [ - ./private.nix - ./retiolum.nix - ./secret.nix + options.tinc = { + private = { + enable = mkEnableOption "private tinc setup"; + ipv4 = mkOption { type = types.str; }; + subnet = mkOption { + type = types.str; + default = "10.23.42.0/24"; + }; + }; + secret = { + enable = mkEnableOption "secret tinc setup"; + ipv4 = mkOption { + type = types.str; + }; + }; + }; + + config = mkMerge [ + (mkIf config.tinc.private.enable (import ./private.nix { + ipv4 = config.tinc.private.ipv4; + ipv6 = null; + inherit (lib) optionalString concatStringsSep mapAttrsToList; + inherit config; + })) + (mkIf config.tinc.secret.enable (import ./secret.nix { + ipv4 = config.tinc.secret.ipv4; + ipv6 = null; + inherit (lib) optionalString concatStringsSep mapAttrsToList; + inherit config; + })) ]; - - # keys for secret and private tinc network - sops.secrets.tinc_ed25519_key = { }; - sops.secrets.tinc_rsa_key = { }; - } diff --git a/nixos/components/network/tinc/private.nix b/nixos/components/network/tinc/private.nix index 14988e1..03f7da8 100644 --- a/nixos/components/network/tinc/private.nix +++ b/nixos/components/network/tinc/private.nix @@ -1,46 +1,100 @@ -{ config, lib, pkgs, ... }: - -{ - - networking.firewall.trustedInterfaces = [ "tinc.private" ]; - - users.groups."tinc.private" = { }; - users.users."tinc.private" = { - group = "tinc.private"; - isSystemUser = lib.mkDefault true; +{ ipv4 +, ipv6 +, config +, optionalString +, concatStringsSep +, mapAttrsToList +, ... +}: +let + hosts = { + mobi = "10.23.42.23"; + sterni = "10.23.42.24"; + bobi = "10.23.42.25"; + pepe = "10.23.42.26"; + robi = "10.23.42.111"; }; + subDomains = { + "transmission.robi" = hosts.robi; + "transmission2.robi" = hosts.robi; + }; + network = "private"; +in +{ + networking.firewall.trustedInterfaces = [ "tinc.${network}" ]; - # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" - module.cluster.services.tinc."private" = { - networkSubnet = "10.23.42.0/24"; - extraConfig = '' - LocalDiscovery = yes - ''; - privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; - privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; - hosts = { - pepe = { - tincIp = "10.23.42.26"; - publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file; - }; - sterni = { - tincIp = "10.23.42.24"; - publicKey = lib.fileContents ../../../assets/tinc/workout_host_file; - }; - mobi = { - tincIp = "10.23.42.23"; - publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file; - }; - bobi = { - tincIp = "10.23.42.25"; - publicKey = lib.fileContents ../../../assets/tinc/bobi_host_file; - }; - robi = { - realAddress = [ "144.76.13.147" ]; - tincIp = "10.23.42.111"; - publicKey = lib.fileContents ../../../assets/tinc/robi_host_file; + sops.secrets.tinc_ed25519_key = { }; + + services.tinc.networks = { + ${network} = { + ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path; + interfaceType = "tap"; + extraConfig = '' + LocalDiscovery = yes + ''; + hostSettings = { + mobi = { + subnets = [{ address = hosts.mobi; }]; + settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB"; + }; + sterni = { + subnets = [{ address = hosts.sterni; }]; + settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; + }; + bobi = { + subnets = [{ address = hosts.bobi; }]; + settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; + }; + pepe = { + subnets = [{ address = hosts.pepe; }]; + settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI"; + }; + robi = { + addresses = [{ address = "144.76.13.147"; }]; + subnets = [{ address = hosts.robi; }]; + settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; + }; }; }; }; + systemd.network.enable = true; + systemd.network.networks.${network}.extraConfig = '' + [Match] + Name = tinc.${network} + [Link] + # tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be + MTUBytes=1377 + [Network] + ${optionalString (ipv4 != null) "Address=${ipv4}/24"} + ${optionalString (ipv6 != null) "Address=${ipv6}/28"} + RequiredForOnline = no + LinkLocalAddressing = no + ''; + + networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); + + services.openssh.knownHosts = { + "robi" = { + hostNames = [ "robi.${network}" hosts.robi ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; + }; + "sterni.${network}" = { + hostNames = [ "sterni.${network}" hosts.sterni ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; + }; + "pepe.${network}" = { + hostNames = [ "pepe.${network}" hosts.pepe ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; + }; + "bobi.${network}" = { + hostNames = [ "bobi.${network}" hosts.bobi ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk"; + }; + "mobi.${network}" = { + hostNames = [ "mobi.${network}" hosts.mobi ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk"; + }; + }; + } diff --git a/nixos/components/network/tinc/secret.nix b/nixos/components/network/tinc/secret.nix index 96e5c56..f44cca1 100644 --- a/nixos/components/network/tinc/secret.nix +++ b/nixos/components/network/tinc/secret.nix @@ -1,33 +1,77 @@ -{ config, pkgs, lib, ... }: +{ ipv4 +, ipv6 +, config +, optionalString +, concatStringsSep +, mapAttrsToList +, ... +}: +let + port = 721; + hosts = { + sternchen = "10.123.42.25"; + sterni = "10.123.42.24"; + robi = "10.123.42.123"; + }; + network = "secret"; +in { + sops.secrets.tinc_ed25519_key = { }; - - # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" - module.cluster.services.tinc."secret" = { - networkSubnet = "10.123.42.0/24"; - port = 721; - extraConfig = '' - LocalDiscovery = yes - AutoConnect = yes - ''; - privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; - privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; - hosts = { - sternchen = { - tincIp = "10.123.42.25"; - publicKey = lib.fileContents ../../../assets/tinc/sternchen_host_file; - }; - sterni = { - tincIp = "10.123.42.24"; - publicKey = lib.fileContents ../../../assets/tinc/workout_host_file; - }; - robi = { - realAddress = [ "144.76.13.147" ]; - tincIp = "10.123.42.123"; - publicKey = lib.fileContents ../../../assets/tinc/robi_host_file; + services.tinc.networks = { + ${network} = { + ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path; + extraConfig = '' + LocalDiscovery = yes + Port = ${toString port} + ''; + hostSettings = { + sternchen = { + subnets = [{ address = hosts.sterni; }]; + settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; + }; + sterni = { + subnets = [{ address = hosts.sterni; }]; + settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; + }; + robi = { + addresses = [{ address = "144.76.13.147"; port = port; }]; + subnets = [{ address = hosts.robi; }]; + settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; + }; }; }; }; -} + systemd.network.enable = true; + systemd.network.networks.${network}.extraConfig = '' + [Match] + Name = tinc.${network} + [Link] + # tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be + MTUBytes=1377 + [Network] + ${optionalString (ipv4 != null) "Address=${ipv4}/24"} + ${optionalString (ipv6 != null) "Address=${ipv6}/28"} + RequiredForOnline = no + LinkLocalAddressing = no + ''; + networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts); + + services.openssh.knownHosts = { + "sternchen.${network}" = { + hostNames = [ "sterni.${network}" hosts.sterni ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; + }; + "sterni.${network}" = { + hostNames = [ "sterni.${network}" hosts.sterni ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; + }; + "robi" = { + hostNames = [ "robi.${network}" hosts.robi ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; + }; + }; + +} diff --git a/nixos/machines/pepe/configuration.nix b/nixos/machines/pepe/configuration.nix index b2f3154..d4e7b71 100644 --- a/nixos/machines/pepe/configuration.nix +++ b/nixos/machines/pepe/configuration.nix @@ -53,13 +53,13 @@ networking.dhcpcd.allowInterfaces = [ "enp0s25" ]; # nix-shell -p speedtest_cli --run speedtest - configuration.fireqos = { - enable = false; - interface = "enp0s25"; - input = 200000; - output = 2000; - balance = false; - }; + #configuration.fireqos = { + # enable = false; + # interface = "enp0s25"; + # input = 200000; + # output = 2000; + # balance = false; + #}; services.printing.enable = false; services.smartd.enable = true; diff --git a/nixos/machines/pepe/neo4j.nix b/nixos/machines/pepe/neo4j.nix deleted file mode 100644 index afcd0e9..0000000 --- a/nixos/machines/pepe/neo4j.nix +++ /dev/null @@ -1,89 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - # neo4j container managment - # ------------------------- - - virtualisation.oci-containers.containers = - let - neo4j_config = { - image = "neo4j"; - environment = { - NEO4J_AUTH = "none"; # for development purpose - NEO4J_apoc_export_file_enabled = "true"; - NEO4J_apoc_import_file_enabled = "true"; - NEO4J_apoc_import_file_use__neo4j__config = "true"; - NEO4JLABS_PLUGINS = ''["apoc","n10s"]''; - }; - ports = [ - "127.0.0.1:7474:7474" # http port - "127.0.0.1:17687:7687" # bolt port - ]; - volumes = [ - "/var/lib/neo4j/data:/data" - "/var/lib/neo4j/logs:/logs" - "/var/lib/neo4j/conf:/conf" - "/var/lib/neo4j/import:/import" # for database imports - "/var/lib/neo4j/plugins:/plugins" - - ]; - }; - in - { - neo4j = neo4j_config; - #neo4jbackup = neo4j_config // { - # autoStart = false; - # volumes = [ - # "/var/lib/neo4j/data:/data" - # "/var/lib/neo4j/backups:/backups" - # ]; - # cmd = ["neo4j-admin" "dump" "--verbose" "--to=/backups/neo4j.dump"]; - #}; - }; - - #systemd.services."docker-neo4jbackup" = { - # preStart = "systemctrl stop docker-neo4j"; - # postStop = "systemctrl start docker-neo4j"; - #}; - - - # backups - # ------- - backup.dirs = [ "/var/lib/neo4j/backups" ]; - - # todo run frequently : - # docker exec --interactive --tty neo4j neo4j-admin dump --verbose --to /dump/neo4j.dump - # https://neo4j.com/docs/operations-manual/current/docker/maintenance/ - - - # nginx publishing - # ---------------- - services.nginx.streamConfig = '' - # configure neo4j bolt port - server { - allow 192.168.0.0/16; # allow private ip range class c - allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network - deny all; - listen 7687; - proxy_pass localhost:17687; - } - ''; - - services.nginx.virtualHosts."neo4j.${config.networking.hostName}.private" = { - serverAliases = [ config.networking.hostName ]; - locations."/" = { - extraConfig = '' - allow 192.168.0.0/16; # allow private ip range class c - allow ${config.module.cluster.services.tinc."private".networkSubnet}; # allow private tinc network - deny all; - ''; - proxyPass = "http://localhost:7474"; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 7687 ]; - #networking.firewall.allowedUDPPorts = [ 80 ]; - - -} diff --git a/nixos/machines/pepe/tinc.nix b/nixos/machines/pepe/tinc.nix index fb0ee96..4ff71fd 100644 --- a/nixos/machines/pepe/tinc.nix +++ b/nixos/machines/pepe/tinc.nix @@ -1,23 +1,6 @@ -{ config, lib, pkgs, ... }: - -with lib; - { - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ "robi" ]; - }; - "retiolum" = { - enable = true; - openPort = true; - }; - }; - sops.secrets.tinc_retiolum_ed25519_key = { }; - sops.secrets.tinc_retiolum_rsa_key = { }; + tinc.private.enable = true; + tinc.private.ipv4 = "10.23.42.26"; - users.users."tinc.retiolum".group = "tinc.retiolum"; - users.groups."tinc.retiolum" = { }; } diff --git a/nixos/machines/robi/configuration.nix b/nixos/machines/robi/configuration.nix index 3baa093..82c0800 100644 --- a/nixos/machines/robi/configuration.nix +++ b/nixos/machines/robi/configuration.nix @@ -35,7 +35,6 @@ #./hardware-configuration.nix #./finance.nix - #./grafana.nix #./graylog.nix #./kibana.nix #./mysql.nix diff --git a/nixos/machines/robi/grafana.nix b/nixos/machines/robi/grafana.nix deleted file mode 100644 index c9c6390..0000000 --- a/nixos/machines/robi/grafana.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, ... }: { - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "grafana.${config.networking.hostName}.private" = { - serverAliases = [ ]; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.grafana.port - }"; - }; - }; - }; - }; - - services.grafana = { - enable = true; - port = 5656; - addr = - config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp; - auth.anonymous = { - enable = true; - org_role = "Editor"; - org_name = "AWESOME"; - }; - provision = { - enable = true; - datasources = [{ - type = "prometheus"; - isDefault = true; - name = "Prometheus Workhorse"; - url = "http://workhorse.private:9090"; - }]; - }; - }; - -} diff --git a/nixos/machines/robi/tinc.nix b/nixos/machines/robi/tinc.nix index e8c0f03..84a23c1 100644 --- a/nixos/machines/robi/tinc.nix +++ b/nixos/machines/robi/tinc.nix @@ -1,19 +1,15 @@ -{ config, lib, pkgs, ... }: { +{ - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ ]; - }; - "secret" = { - enable = true; - openPort = true; - connectTo = [ ]; - }; + + networking.firewall = { + allowedTCPPorts = [ 655 712 ]; + allowedUDPPorts = [ 655 712 ]; }; - users.users."tinc.secret".group = "tinc.secret"; - users.groups."tinc.secret" = { }; + tinc.private.enable = true; + tinc.private.ipv4 = "10.23.42.111"; + + tinc.secret.enable = true; + tinc.secret.ipv4 = "10.123.42.123"; } diff --git a/nixos/machines/robi/transmission.nix b/nixos/machines/robi/transmission.nix index 4d55cd6..94918c4 100644 --- a/nixos/machines/robi/transmission.nix +++ b/nixos/machines/robi/transmission.nix @@ -296,7 +296,7 @@ in virtualHosts = { "transmission.${config.networking.hostName}.private" = { extraConfig = '' - allow ${config.module.cluster.services.tinc.private.networkSubnet}; + allow ${config.tinc.private.subnet}; deny all; ''; locations."/" = { diff --git a/nixos/machines/robi/transmission2.nix b/nixos/machines/robi/transmission2.nix index 5d8eca4..e60ec24 100644 --- a/nixos/machines/robi/transmission2.nix +++ b/nixos/machines/robi/transmission2.nix @@ -174,7 +174,7 @@ in virtualHosts = { "transmission2.${config.networking.hostName}.private" = { extraConfig = '' - allow ${config.module.cluster.services.tinc.private.networkSubnet}; + allow ${config.tinc.private.subnet}; deny all; ''; locations."/" = { diff --git a/nixos/machines/sterni/tinc.nix b/nixos/machines/sterni/tinc.nix index 8f6c5f4..c7f55b7 100644 --- a/nixos/machines/sterni/tinc.nix +++ b/nixos/machines/sterni/tinc.nix @@ -1,33 +1,9 @@ -{ config, lib, pkgs, ... }: - -with lib; - { - module.cluster.services.tinc = { - "private" = { - enable = true; - openPort = true; - connectTo = [ "robi" ]; - }; - "retiolum" = { - enable = true; - openPort = true; - }; - "secret" = { - enable = true; - openPort = true; - connectTo = [ "robi" ]; - }; - }; + tinc.private.enable = true; + tinc.private.ipv4 = "10.23.42.24"; - sops.secrets.tinc_retiolum_ed25519_key = { }; - sops.secrets.tinc_retiolum_rsa_key = { }; - - users.users."tinc.retiolum".group = "tinc.retiolum"; - users.groups."tinc.retiolum" = { }; - - users.users."tinc.secret".group = "tinc.secret"; - users.groups."tinc.secret" = { }; + tinc.secret.enable = true; + tinc.secret.ipv4 = "10.123.42.24"; } diff --git a/nixos/system/all/default.nix b/nixos/system/all/default.nix index f5ad531..de0bf74 100644 --- a/nixos/system/all/default.nix +++ b/nixos/system/all/default.nix @@ -14,7 +14,7 @@ # ./grub.nix - ./networking-qos.nix + #./networking-qos.nix ./nginx-landingpage.nix ./nginx.nix ./packages.nix diff --git a/nixos/system/all/defaults.nix b/nixos/system/all/defaults.nix index 3d947ec..688d9a3 100644 --- a/nixos/system/all/defaults.nix +++ b/nixos/system/all/defaults.nix @@ -49,12 +49,4 @@ # ----------------------------- programs.vim.defaultEditor = true; - # extra hosts - # /etc/hosts - networking.extraHosts = '' - ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission.robi.private - ${config.module.cluster.services.tinc.private.hosts.robi.tincIp} transmission2.robi.private - ''; - - } diff --git a/nixos/system/all/networking-qos.nix b/nixos/system/all/networking-qos.nix index 82c6213..2a57816 100644 --- a/nixos/system/all/networking-qos.nix +++ b/nixos/system/all/networking-qos.nix @@ -39,9 +39,9 @@ tincOutput = kbits (config.configuration.fireqos.output * 0.7); useBalancedForExperimenting = false; - tincPorts = - lib.mapAttrsToList (name: configuration: toString configuration.port) - config.module.cluster.services.tinc; + #tincPorts = + # lib.mapAttrsToList (name: configuration: toString configuration.port) + # config.module.cluster.services.tinc; in { @@ -63,8 +63,8 @@ class http commit 80% match tcp port 80,443 - class tinc commit 80% - match port ${lib.concatStringsSep "," tincPorts} + #class tinc commit 80% + # match port ${lib.concatStringsSep "," tincPorts} class surfing commit 30% match tcp sports 0:1023 # include TCP traffic from port 0-1023 diff --git a/nixos/system/all/nginx-landingpage.nix b/nixos/system/all/nginx-landingpage.nix index 2f178a6..22fb117 100644 --- a/nixos/system/all/nginx-landingpage.nix +++ b/nixos/system/all/nginx-landingpage.nix @@ -14,8 +14,8 @@ href = "http://${host}:8384/"; image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif"; }) - (map (name: { inherit name; }) (lib.attrNames - config.module.cluster.services.tinc."private".hosts)); + (lib.flatten (lib.mapAttrsToList (name: { ... }: { inherit name; }) + config.services.tinc.networks."private".hostSettings)); } { text = "netdata"; diff --git a/nixos/system/desktop/default.nix b/nixos/system/desktop/default.nix index 0b489b1..aa91263 100644 --- a/nixos/system/desktop/default.nix +++ b/nixos/system/desktop/default.nix @@ -10,7 +10,6 @@ ./cachix.nix ./direnv.nix ./hoard.nix - #./dnsmasq.nix ./home-manager.nix ./mail-stuff.nix #./mc.nix diff --git a/nixos/system/desktop/dnsmasq.nix b/nixos/system/desktop/dnsmasq.nix deleted file mode 100644 index e32ccd9..0000000 --- a/nixos/system/desktop/dnsmasq.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -{ - services.dnsmasq = { - enable = mkDefault true; - extraConfig = '' - ${concatStringsSep "\n" - (flip mapAttrsToList config.module.cluster.services.tinc."private".hosts - (name: attrs: "address=/.${name}.private/${attrs.tincIp}"))} - ''; - }; -}