diff --git a/.sops.yaml b/.sops.yaml index dc064f7b..5d445e12 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -4,7 +4,6 @@ keys: - &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78 - &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a - &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171 - - &host_osaka-vultr-01 54725007eb252f47efa3b93afb98edf5617c8fc4 - &host_nixos-framework 11727dab3f62daaf7f92fc1143e3f07ef88bd5a4 - &host_framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b - &host_osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa @@ -18,7 +17,6 @@ creation_rules: - *host_nixos-rpi4-02 - *host_nixos-rpi4-03 - *host_nixos-vm-01 - - *host_osaka-vultr-01 - *host_osaka-linode-01 - *host_nixos-framework - *host_framework-server @@ -31,7 +29,6 @@ creation_rules: - *host_nixos-rpi4-02 - *host_nixos-rpi4-03 - *host_nixos-vm-01 - - *host_osaka-vultr-01 - *host_osaka-linode-01 - *host_nixos-framework - *host_framework-server @@ -41,6 +38,5 @@ creation_rules: - pgp: - *user_albert - *host_nixos-rpi4-03 - - *host_osaka-vultr-01 - *host_osaka-linode-01 - *host_framework-server diff --git a/flake.nix b/flake.nix index 74bc2b2f..b1d7a875 100644 --- a/flake.nix +++ b/flake.nix @@ -37,7 +37,6 @@ in { nixosConfigurations = { # Virtual - osaka-vultr-01 = libx.mkHost { hostname = "osaka-vultr-01"; type = "small";}; osaka-linode-01 = libx.mkHost { hostname = "osaka-linode-01"; type = "small";}; nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; }; # Physical @@ -50,7 +49,6 @@ }; homeConfigurations = { # Virtual - "albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; }; "albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; }; "albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; }; # Physical diff --git a/keys/hosts/osaka-vultr-01.asc b/keys/hosts/osaka-vultr-01.asc deleted file mode 100644 index e4a15335..00000000 --- a/keys/hosts/osaka-vultr-01.asc +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- - -xsFNBAAAAAABEADAjr3DINKlXTSpoQlzNV5mhAjafnlqa0s8vMYltRFWKxmFzUvT -5zL2FmrlWt4RvI7ecB/7URBcp68WLo3NE3H2bmOM0iUkT4jCNGjSAbl36373xePy -TsrnfLFh2y5G5z8Xn7ZbycyRNqFfCOXMmICOykPRzY/R4g3THZoXL0Sf6r5FbODF -sWXscvW04O1fD9UZFeemJ87pAZ5ZAPVv7Cxa9SeSyFlE4LY6isSTY7taHGIqIayl -G5kAXxQhgdfJlZgBnKWrLM850bXzmE9/K0nXUKWdzih4bVJVAhkrpeBzoi7tkZw1 -bYTxi1WqKkS+QWoHuMNREvX3zgA1FEeYyVn9wUhtrKno4B58hMPpKOkxvz+QLt9Q -dlvkAVlCXZdbSMcuxjwqY4dEQ8q3I/9c9Hk5kiWVvszIsrXxR68Xauz7rwSd2UUM -4PRYAay9cZe539V0ZgL6N7QJcDl23v5ZdsbMYS49mnRUl+jAKBWCQT67NKWdAwR0 -+UqYH3AedoM5oits5rjfYVvhguNosKjOGYF0mmXVb7FoXjpRF1Z1CO7KTUEca9Y0 -qzZZbRerorhf4zwraS2mQ3EkJuAZbpNUYbyxFY3FrrHZB5XQ0JRz1HF6SZpeLUCk -vTYBKcANd+DrgUjDcDLmqIi9eiX/hls1UTuCdXCE1L6vwGqSHBhWn97powARAQAB -zTFyb290IChHZW5lcmF0ZWQgMjAyMy4xMC4wNikgPHJvb3RAb3Nha2EtdnVsdHIt -MDE+wsFiBBMBCAAWBQIAAAAACRD7mO31YXyPxAIbDwIZAQAAVyQQADpMVpMSc+Pe -OnEP/iBgyOYaDXZJLDPre8YwXU0B5bYUzTz2W6ra5WchX4D59XoFeQZztZrYhBcI -Q3J30dgWKGaaUOC4SHVOLL9KK1RzJjSMGmC/fGmhUH22932zHChfhRDnpMPvaai0 -sEZqBDoq6O+RF/P54LoI5f1Bk7w2dR1SaFd9xrlgc/PYhf2D+Q6jlDjTL7osSP7S -nTiSmVjGRys4xPbfA6USEF6V4TufnKO61rFdhd6R2+O4B7J0ckI+xLPEwiis73XG -WA1Cc10k6YD2uOzhnAo2yH8IRMiW/9qU9ACl2yyfkNjt9K8tNhTfwUeNvmCulPiw -Dupn5SfFCbh1AhGbYsQq7ZAmZhNyqJxP6iM4txYpe5KeuVkCSLhFe7hd4buGux8r -GEaMmU3LNsgzja96os5Hcao/WL1Xf9SaFGJM1xhVBHvMtOi5V8YOuL3nqjYyC2rK -zu0KcmBdAJ2hIZIuNoimIyrelqSVNIPy9WqAYS8tIReLaxZmIWbKn74fTIfPmDKx -sHhP6toM08dcPG5UKMd9yygpalJNMu6qobFikPvWqRvDOXXfzvNOwm00tOnjCkPl -Ijyyw+9oS1BqOrVHbsB9Lp/7Q7Bu4QBKkksXhoUIhEE5R5JzSqxhGWaFK69H1sbJ -gNejXTo+4tcdvFVObyWeyKIhHNekXfSj -=/MqA ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/keys/ssh/builder-keys.txt b/keys/ssh/builder-keys.txt index e077fcaf..16338c6f 100644 --- a/keys/ssh/builder-keys.txt +++ b/keys/ssh/builder-keys.txt @@ -7,9 +7,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCakakYFPSysSzIe3a97SEBAajWk7XfKA9R3JPuGl2Y # root@nixos-rpi4-03 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03 -# root@osaka-vultr-01 -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCnWVvX6iHHQ2fFhrKyjdPHQeq9OnGDnVLy4CauHeWk47KrZ6b/QSGw7y+jR7RYUkhviAnLP7b25W0Sl1cPNcfrRc8jGpzVny1bh0dOR9VCgxr/+SWSB2Noiq330eDPerhFm0X9YzOXuocTMUIsziZ06GDGNqAm11hyBWTEF40/xjSnK9IqRPt1+jhtjgta0YnZq9F+m3v1MUV1FKxv8LlxbwOrIEJa8trx8DkNekStK5rbho6TOU0TKzU+tpeRxgyXyqtb+k2CMdSRIMZIaYQ7Dw6Vom71/+/A7YtOH6Plx3gJXNp3ebWXZFoY4bFnLje2jmIxde9402H/t5DsbF7nVhecIC/+4pjkp30/fS8ecI2CG9FNujjTP+hF/81QFo+TQriudpfBI6HAartNfmF0UiDTSztJ8JT2Use9R0KdS9m65SSWHX4qyySBd+gsgTipGpPpOqx9gqLtn163Pxq25XqavsUD/6GFJBAB6yG08+rOFUcZJQELZCbq6DAm44vT6pfTi0S21dN5OP7PmIpyqpZnXl3DSL5vwgKTy49tlmH5vI7aeGmqbwaLtFQecPHflQIHbx7oZJoJeB4PlNAL8w0Kuz6j1XTjbUneQL/xNasfsaa7JsfjLs7QhzC5PCImqCBw3PnpsKxBrb/OMocEKkcCAGs72fFKa2ex5wDeLA71vBNe0zfRIYZyKgEAgiuTnJefYlreV92Cisf9Oh1HEXweNj/VnmkLlLCx62toXRn7HJ2LIN0/J6zXgDW7rVRSHRhWiHqz58F5X2MiD1o+aPxZ9bapjV9cWcfd8Yak7M+ef/80VaSx3gsT3jE3X8mqjJdzCY0EhxQTyq1gqJwNeo9HBCw4z1/nxn+mhzSS3FvaFHH4CETfYrf4A7cfIgPsb0rzA0g/de9lAkhxUiO/b1OJHwHuO4+TaSq4bc4IFhkfASpMtsKv0Ee7hRob3NWWjSdMPvHyd/G4DCjPr8RcTUtzz/99BBdaRMFDjaDVxz0tSQXSgO9eWu4tQ/59DKg1fRdTYLUeiI9XCaMNZjV6AQJUfTt2h7x5VFbROGoeMz/qm16wwUpIaQ/XCnEviMHKPQ7KUavFV5HBQlxPv+HzjGJh+VgywVgrPxEkxHcuOTlIceodvnqfD9wunT1fzXCl5oDf0zEXqEpV9TlczBT0TaBvlKf227hDOsRwjF7HJFUSsW63SgFHnsGPLg2auZZ062zdqIWVBShzuzH4S5e7qHW5Qar/2iudwckZFx5iRMvFllo3MGxhQ77YqQ09WZmiNlDHM0yG/ZSGHjJ/Nf+w3kqIlwVYuW7HFCe0EEIS5bFfIyetfS7ozwPhaMrRy0HZXxOiZa4HGRA+44SZeK6T root@osaka-vultr-01 - # root@nixos-framework ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDm4Jnyxhc4YEnDVKFjj5OBp4/lAyU2kP1PgkCWTLRzxvw7TWiNH6uyRglFLcDXrunIOmxOrA1tsbMxr7z//rSXWb2w6VQPs8OEIIyv4j/6OI7KGNT6/gNdAvKYaakKYcveE+y2gif8DQvWoKpbMcCIrrliiBac5B8VpvzS+X9iQ+2BQHOjKeios3tHoTGem8MetOjIzPWRP2/sC+Ru2dv8ln8TLoWScQpDDJtSgSkI3XTZNzhCH7toYSmSlnGDZxn687FeYgRGPgA85ndXF1BQp0MYfeYpJi4QSkkk38NgvZSSfP46uKyk3u8KJvG9e6eZ7isSq9jZBNHICil+P3zQsxW3Xc7Wfs5Ttuitkdo6nmU1BYf6VK/nzf4YPgXUWuZFWen6RCKQK3BySQWmMmT2BF+NJzjGI/qy4i7vKfF//fS2Do63cIc0FDKQf/veTDkvB0bep56w2sG9qcPv2YUgJ0Sf/gOJxMuIUcuJ/wfVgwmKLTHt/0tgHKyOWY+4V6w+XdRPm/Fo5cVO+Cjh7h527JuVAlbSCQyKrB4FONg5A2uv3rMPGejY3jO4aTVhsQfU0hAzf0Zw6xJaMjlp3qyJQsZz4pJyg2iS3CbDF9RTCWZ37EDsvK8XcOBatiGL01c/YPecePcSKCohRWJ0My4bsxkjk4mdPWINrl1IKJDD8nqY8DTUGXEFDYx22+rzWg7lnrRJcsJ/IEkptaMVRbp3ThEzJ55czQcQinw3q+K6nwqN4BaXy+yQykftzX23Oxs54dZYuIO/uaoURo9sygOBRZCsjglBoLY7VAG9cO6jDsp2zqS+xIvNEmNjubUeLI+bTLpHn+LVTp2HL/rNvvYUwYVwISWg0ChoViVubipkQ0vTF9HvodcGuDOu3FAqWC+3Xpw1uA/Dw62iTKP/5dqGqV0qzDS2sChoXOpAhLfFn0YFoBlO6WA9Sx7V735MpYs/3ZGRzDJzgpC/0HgAPALoKqFSYkVLwvFvoLRJQ8P8Yw7VPd52oVO9LY99Q9bDqe41v30alO1aqyVLuvBPLdn9Ye6RuyL0c63o0pt+M0Aelu/VMZMWwrBBqjN55PnECwnyiCM+tSK2gmBxcXMXFe5ItZMlqd421MJg83Mo61Q+lqXssUy6zhbBqCJjmIoodflQ+KBW/NRQz9CJmSNB3kt6LG5ipEsneYZqOG6esMCkacSqvw3E2er2F2F655qmzpgunf6YbYVQ7Lbi3O+pLV9L1TxeRsT+Jy3z87ZnhXRIda/POINHJYeJViuniLqhj4EerGFJfEUoVY37lBT1XEPS3HMlPSAkxiAZ0tu8mCi+HrMn0zHqo/RY/xVOBMAgL2sCAufQe5zTlh0wPBxJiHhV root@nixos-framework diff --git a/keys/ssh/keys.txt b/keys/ssh/keys.txt index aa39052b..357976ef 100644 --- a/keys/ssh/keys.txt +++ b/keys/ssh/keys.txt @@ -25,9 +25,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCgGLJfc04/koTVvbT8wUJ2N40Q6RMHCTkFvnfRmhiH # albert@nixos-rpi4-01 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01 -# albert@osaka-vultr-01 -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDTDzvT1cWqDbTKr5Zqt/jyrX+8P3jZUP5KfyG4FdLSnsJnAXwvQtAc3q5wJoRbo+xT0iSWEYPQ0pautZbN+g1WnpjZxpXxc0J7buZfcqElnz642SxXav/5ZMRtJqZfoAVBUVjZEag/fApVypFGTpeIKg7KkS2OuOn5RxOQPZ8VTmY4ep9Uyse8BN6MIXoZ+6GxGmxJ7wXRogBCL/BnCtHHnZ0rE2kF8tC7YbacROKf0CgVObVHh+VJ37F+ZTI4Hto7d/0ikU+ljgr2QJBo7v9MbsoKgK6ZCUTIoiMzyHto3qpuBYozzS8G9PgneCfpW2aI5I3G7dGPguKctTiXF25CyzVn2ldwmdYe5oeUxhaDLA88rqxqlZz3s8Im7NT7UroRFKbZQm/uj99Si2RUsQsYrkU+0lSJmOZlTBbiExH04L3BbjCHAO+iADr/20Yd3v6OGgCC5BU/7G9F+ViQuKQ14L0Yn/P8KbQN6eyH8JSnODZBg02PssjMBhpjqF7TWpt1UGwiniKbQfVSbReCTv5RL/JUiYCP6f+bZ/+34wsiouBkpMgy3A7lyaw7XAc7tgxrSdUzoBfo35KMeM1BVQKu7Rqj4RgMxApT1dYggUlhjjNSJnpjzevETJcSEtKX3deUi5OaE24/HSXEO825BRni8KvhYZCXP3xjYwwx8YJLVDvoc0+Ly9mipsbdJVrpoucM0kggNc1qKQ4gM+I3BAfGWpcoHXl6B6FEkmfxKPDGYbBYQfbYD0Ux8NDKznqMO0iXPsDsDifDL8NxK5jMxAg2H2UDr5E7eAqwtq1DqB824Mwnd7S16Uo4iPNazWVQbKKH3yp23Pp2bHp/Zf67WrM4D+UiO5i21aLNVte4cnMY71/mVJ5c5SwqbOtpSm0XeZrDuziLCrLe0cNrYHPN/EBEEDQaHLbPrGwA69Q6qW7zXGliE+TaLpvLVfSeB9JRIf01th37Fllze2zOifI4+aSEo82l2q4pzNJqCkbeIbiIhBlyvzsDGD9DP/Fhl7nTPhbExRNWWlbAc+BLkSskHtSd4XOVxnWG6ev9pWqrssOuDSeNXYPSSGK3Hiof5rWHFBf4rJarTLcjzcSJ5mL1vhtnHMMqIqSKKR2ErEmeL0+SyHfUt2hUtGPRNg1+42PLEFeBFK+SwSjvu89v7QkUi56/5hZhH/867QgWmDdkdn2qSi2OjunFruzQDk97ncdHntJIrfCPrPDV+pxNgJVXlP6+Gp4xVa77xexvJ2j5FcQkTgmOf8YnQx6LsgGDsBgizLJP/CgnmJPAt0BTAvc4V1Xg4awpDcPX13mlxmQC13qI0CAsjFdTF+NuA/nBVOP/WaRyLnzsHEqmYBxjRkrN1yfR albert@osaka-vultr-01 - # albert@nixos-vm-01 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01 diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index cf1439cc..f00160e6 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -55,6 +55,7 @@ # Forward mail port 25 to sysctl.io / linode networking.firewall.extraCommands = '' iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25 + iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25 ''; boot.initrd.services.udev.rules = '' diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix deleted file mode 100644 index c586ee66..00000000 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, modulesPath, desktop, username, ... }: { - imports = [ - ./disks.nix - ./firewall.nix - ./wireguard.nix - ]; - - # Distributed Builds - nix.distributedBuilds = true; - nixpkgs.config.allowUnfree = false; - - boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "iptable_nat" "iptable_filter" "xt_nat" ]; - boot.extraModulePackages = [ ]; - virtualisation.hypervGuest.enable = true; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - time.timeZone = "Asia/Tokyo"; - networking.hostName = "osaka-vultr-01"; - - # networking.firewall.allowedTCPPorts = [ 22 ]; - - # Generic Tailscale configs are in /nixos/common/services/tailscale.nix - # Set up the secrets file: - sops.secrets."tailscale_keys/osaka-vultr-01" = { - owner = "root"; - sopsFile = ../../../secrets/tailscale.yaml; - restartUnits = [ - "tailscaled.service" - "tailscaled-autoconnect.service" - ]; - }; - services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-vultr-01"; - services.tailscale.extraUpFlags = [ "--advertise-exit-node" ]; -} \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/disks.nix b/nixos/hosts/osaka-vultr-01/disks.nix deleted file mode 100644 index ebdd2834..00000000 --- a/nixos/hosts/osaka-vultr-01/disks.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - boot.loader.grub.enableCryptodisk = true; - disko.devices.disk.vda = { - device = "/dev/vda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; # partitions.boot - ESP = { - size = "500M"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - }; - }; # ESP - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - extraOpenArgs = [ "--allow-discards" ]; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; # content - }; # content - }; # luks.partitions - }; # partitions - }; # content - }; # disko.devices.disk.vda -} \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/firewall.nix b/nixos/hosts/osaka-vultr-01/firewall.nix deleted file mode 100644 index 67f09f10..00000000 --- a/nixos/hosts/osaka-vultr-01/firewall.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ config, lib, pkgs, ... }: { - networking.firewall.allowedUDPPorts = [ - 3478 # Headscale DERP UDP - 10000 # Jitsi - ]; - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPS - 25 # SMTP (explicit TLS => STARTTLS) - 465 # ESMTP (implicit TLS) - 587 # ESMTP (explicit TLS => STARTTLS) - 143 # IMAP4 (explicit TLS => STARTTLS) - 993 # IMAP4 (implicit TLS) - 4190 # Sieve support - 42420 # Vintage Story - 25565 # Minecraft - 1443 # Headscale DERP - 4443 # jitsi-jvb - 5222 # Jitsi - 5347 # Jitsi - 5280 # Jitsi - ]; - - networking.firewall.extraCommands = '' - iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT - iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT - - # TCP PORTS ################################################################################################## - # PORT 80 - iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE - - # PORT 443 - iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE - - # PORT 25 - iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE - - # PORT 465 - iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 465 -j MASQUERADE - - # PORT 587 - iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 587 -j MASQUERADE - - # PORT 143 - iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 143 -j MASQUERADE - - # PORT 993 - iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 993 -j MASQUERADE - - # PORT 4190 - iptables -t nat -A PREROUTING -p tcp --dport 4190 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 4190 -j MASQUERADE - - # PORT 42420 - iptables -t nat -A PREROUTING -p tcp --dport 42420 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 42420 -j MASQUERADE - - # PORT 25565 - iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 25565 -j MASQUERADE - - # PORT 1443 - iptables -t nat -A PREROUTING -p tcp --dport 1443 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 1443 -j MASQUERADE - - # PORT 4443 - iptables -t nat -A PREROUTING -p tcp --dport 4443 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 4443 -j MASQUERADE - - # PORT 5222 - iptables -t nat -A PREROUTING -p tcp --dport 5222 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 5222 -j MASQUERADE - - # PORT 5347 - iptables -t nat -A PREROUTING -p tcp --dport 5347 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 5347 -j MASQUERADE - - # PORT 5280 - iptables -t nat -A PREROUTING -p tcp --dport 5280 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p tcp --dport 5280 -j MASQUERADE - - # UDP PORTS ################################################################################################## - # PORT 10000 - iptables -t nat -A PREROUTING -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE - - # PORT 3478 - iptables -t nat -A PREROUTING -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2 - iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE - ''; -} \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/wireguard.nix b/nixos/hosts/osaka-vultr-01/wireguard.nix deleted file mode 100644 index f2f63cb6..00000000 --- a/nixos/hosts/osaka-vultr-01/wireguard.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, config, lib, ... }: { - networking.firewall.allowedUDPPorts = [ 51820 ]; - networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ]; - - # Set up the secrets file: - sops.secrets."wireguard_keys/osaka-vultr-01" = { - owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; - }; - - sops.secrets."wireguard_keys/preshared_key" = { - owner = "root"; - sopsFile = ../../../secrets/wireguard.yaml; - }; - - # Wireguard Forwarder - boot.kernel.sysctl = { - "net.ipv4.ip_forward" = true; - "net.ipv4.conf.all.forwarding" = 1; - "net.ipv4.conf.default.forwarding" = 1; - }; - - networking.wireguard = { - enable = true; - interfaces = { - "wireguard0" = { - ips = [ "10.100.0.1/24" ]; - listenPort = 51820; - privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; - postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; - postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE''; - peers = [ - { # nixos-rpi4-03 - publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek="; - presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; - persistentKeepalive = 5; - allowedIPs = [ "10.100.0.2/32" ]; - } - ]; - }; - }; - }; - - networking.nat = { - enable = true; - internalInterfaces = [ "wireguard0" ]; - externalInterface = "eno3"; - }; -} \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/xinetd.nix b/nixos/hosts/osaka-vultr-01/xinetd.nix deleted file mode 100644 index a3548a21..00000000 --- a/nixos/hosts/osaka-vultr-01/xinetd.nix +++ /dev/null @@ -1,181 +0,0 @@ -{ config, lib, pkgs, ... }: { - networking.firewall.allowedUDPPorts = [ - 3478 # Headscale DERP UDP - 10000 # Jitsi - ]; - networking.firewall.allowedTCPPorts = [ - 80 # HTTP - 443 # HTTPS - 25 # SMTP (explicit TLS => STARTTLS) - 465 # ESMTP (implicit TLS) - 587 # ESMTP (explicit TLS => STARTTLS) - 143 # IMAP4 (explicit TLS => STARTTLS) - 993 # IMAP4 (implicit TLS) - 4190 # Sieve support - 42420 # Vintage Story - 25565 # Minecraft - 1443 # Headscale DERP - 4443 # jitsi-jvb - 5222 # Jitsi - 5347 # Jitsi - 5280 # Jitsi - ]; - - networking.firewall.extraCommands = '' - ${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT - ${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT - ${pkgs.iptables}/bin/iptables -A FORWARD -i wireguard0 -o ens3 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2 - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 80 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1 - ${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2 - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 443 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1 - ${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 443 -m conntrack --ctstate NEW -j ACCEPT - ''; - - services.xinetd = { - enable = false; - services = [ - { - name = "http"; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 80"; - } - { - name = "https"; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 443"; - } - { - name = "jitsi-jvb 4443 tcp"; - port = 4443; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 4443"; - } - { - name = "jitsi-jvb 5222 tcp"; - port = 5222; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 5222"; - } - { - name = "jitsi-jvb 5347 tcp"; - port = 5347; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 5347"; - } - { - name = "jitsi-jvb 5280 tcp"; - port = 5280; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 5280"; - } - { - name = "minecraft"; - port = 25565; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 25565"; - } - { - name = "vintage-story"; - port = 42420; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 42420"; - } - - ################################################ mail - { - name = "mail 25"; - port = 25; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 25"; - } - { - name = "mail 465"; - port = 465; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 465"; - } - { - name = "mail 587"; - port = 587; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 587"; - } - { - name = "mail 143"; - port = 143; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 143"; - } - { - name = "mail 993"; - port = 993; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 993"; - } - { - name = "mail 4190"; - port = 4190; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 4190"; - } - ################################################ mail - ################################################ headscale-derp - { - name = "headscale-derp 3478 udp"; - port = 3478; - protocol = "udp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 3478"; - } - { - name = "headscale-derp 1443 tcp"; - port = 1443; - protocol = "tcp"; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = 10.100.0.2 1443"; - } - { - name = "piaware"; - port = 8080; - unlisted = true; - server = "/usr/bin/env"; # Placeholder. - extraConfig = "redirect = piaware-rpi4 8080"; - } - # { - # name = "ssh"; - # port = 2282; - # unlisted = true; - # server = "/usr/bin/env"; # Placeholder. - # extraConfig = "redirect = 10.100.0.2 22"; - # } - ]; - }; -} \ No newline at end of file