Remove osaka-vultr-01
This commit is contained in:
parent
8298a0b060
commit
ecb8127788
11 changed files with 1 additions and 443 deletions
|
@ -4,7 +4,6 @@ keys:
|
||||||
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
|
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
|
||||||
- &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a
|
- &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a
|
||||||
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
|
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
|
||||||
- &host_osaka-vultr-01 54725007eb252f47efa3b93afb98edf5617c8fc4
|
|
||||||
- &host_nixos-framework 11727dab3f62daaf7f92fc1143e3f07ef88bd5a4
|
- &host_nixos-framework 11727dab3f62daaf7f92fc1143e3f07ef88bd5a4
|
||||||
- &host_framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b
|
- &host_framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b
|
||||||
- &host_osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
|
- &host_osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
|
||||||
|
@ -18,7 +17,6 @@ creation_rules:
|
||||||
- *host_nixos-rpi4-02
|
- *host_nixos-rpi4-02
|
||||||
- *host_nixos-rpi4-03
|
- *host_nixos-rpi4-03
|
||||||
- *host_nixos-vm-01
|
- *host_nixos-vm-01
|
||||||
- *host_osaka-vultr-01
|
|
||||||
- *host_osaka-linode-01
|
- *host_osaka-linode-01
|
||||||
- *host_nixos-framework
|
- *host_nixos-framework
|
||||||
- *host_framework-server
|
- *host_framework-server
|
||||||
|
@ -31,7 +29,6 @@ creation_rules:
|
||||||
- *host_nixos-rpi4-02
|
- *host_nixos-rpi4-02
|
||||||
- *host_nixos-rpi4-03
|
- *host_nixos-rpi4-03
|
||||||
- *host_nixos-vm-01
|
- *host_nixos-vm-01
|
||||||
- *host_osaka-vultr-01
|
|
||||||
- *host_osaka-linode-01
|
- *host_osaka-linode-01
|
||||||
- *host_nixos-framework
|
- *host_nixos-framework
|
||||||
- *host_framework-server
|
- *host_framework-server
|
||||||
|
@ -41,6 +38,5 @@ creation_rules:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *user_albert
|
- *user_albert
|
||||||
- *host_nixos-rpi4-03
|
- *host_nixos-rpi4-03
|
||||||
- *host_osaka-vultr-01
|
|
||||||
- *host_osaka-linode-01
|
- *host_osaka-linode-01
|
||||||
- *host_framework-server
|
- *host_framework-server
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
in {
|
in {
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
# Virtual
|
# Virtual
|
||||||
osaka-vultr-01 = libx.mkHost { hostname = "osaka-vultr-01"; type = "small";};
|
|
||||||
osaka-linode-01 = libx.mkHost { hostname = "osaka-linode-01"; type = "small";};
|
osaka-linode-01 = libx.mkHost { hostname = "osaka-linode-01"; type = "small";};
|
||||||
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
|
||||||
# Physical
|
# Physical
|
||||||
|
@ -50,7 +49,6 @@
|
||||||
};
|
};
|
||||||
homeConfigurations = {
|
homeConfigurations = {
|
||||||
# Virtual
|
# Virtual
|
||||||
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
|
|
||||||
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; };
|
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; };
|
||||||
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
|
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
|
||||||
# Physical
|
# Physical
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
||||||
|
|
||||||
xsFNBAAAAAABEADAjr3DINKlXTSpoQlzNV5mhAjafnlqa0s8vMYltRFWKxmFzUvT
|
|
||||||
5zL2FmrlWt4RvI7ecB/7URBcp68WLo3NE3H2bmOM0iUkT4jCNGjSAbl36373xePy
|
|
||||||
TsrnfLFh2y5G5z8Xn7ZbycyRNqFfCOXMmICOykPRzY/R4g3THZoXL0Sf6r5FbODF
|
|
||||||
sWXscvW04O1fD9UZFeemJ87pAZ5ZAPVv7Cxa9SeSyFlE4LY6isSTY7taHGIqIayl
|
|
||||||
G5kAXxQhgdfJlZgBnKWrLM850bXzmE9/K0nXUKWdzih4bVJVAhkrpeBzoi7tkZw1
|
|
||||||
bYTxi1WqKkS+QWoHuMNREvX3zgA1FEeYyVn9wUhtrKno4B58hMPpKOkxvz+QLt9Q
|
|
||||||
dlvkAVlCXZdbSMcuxjwqY4dEQ8q3I/9c9Hk5kiWVvszIsrXxR68Xauz7rwSd2UUM
|
|
||||||
4PRYAay9cZe539V0ZgL6N7QJcDl23v5ZdsbMYS49mnRUl+jAKBWCQT67NKWdAwR0
|
|
||||||
+UqYH3AedoM5oits5rjfYVvhguNosKjOGYF0mmXVb7FoXjpRF1Z1CO7KTUEca9Y0
|
|
||||||
qzZZbRerorhf4zwraS2mQ3EkJuAZbpNUYbyxFY3FrrHZB5XQ0JRz1HF6SZpeLUCk
|
|
||||||
vTYBKcANd+DrgUjDcDLmqIi9eiX/hls1UTuCdXCE1L6vwGqSHBhWn97powARAQAB
|
|
||||||
zTFyb290IChHZW5lcmF0ZWQgMjAyMy4xMC4wNikgPHJvb3RAb3Nha2EtdnVsdHIt
|
|
||||||
MDE+wsFiBBMBCAAWBQIAAAAACRD7mO31YXyPxAIbDwIZAQAAVyQQADpMVpMSc+Pe
|
|
||||||
OnEP/iBgyOYaDXZJLDPre8YwXU0B5bYUzTz2W6ra5WchX4D59XoFeQZztZrYhBcI
|
|
||||||
Q3J30dgWKGaaUOC4SHVOLL9KK1RzJjSMGmC/fGmhUH22932zHChfhRDnpMPvaai0
|
|
||||||
sEZqBDoq6O+RF/P54LoI5f1Bk7w2dR1SaFd9xrlgc/PYhf2D+Q6jlDjTL7osSP7S
|
|
||||||
nTiSmVjGRys4xPbfA6USEF6V4TufnKO61rFdhd6R2+O4B7J0ckI+xLPEwiis73XG
|
|
||||||
WA1Cc10k6YD2uOzhnAo2yH8IRMiW/9qU9ACl2yyfkNjt9K8tNhTfwUeNvmCulPiw
|
|
||||||
Dupn5SfFCbh1AhGbYsQq7ZAmZhNyqJxP6iM4txYpe5KeuVkCSLhFe7hd4buGux8r
|
|
||||||
GEaMmU3LNsgzja96os5Hcao/WL1Xf9SaFGJM1xhVBHvMtOi5V8YOuL3nqjYyC2rK
|
|
||||||
zu0KcmBdAJ2hIZIuNoimIyrelqSVNIPy9WqAYS8tIReLaxZmIWbKn74fTIfPmDKx
|
|
||||||
sHhP6toM08dcPG5UKMd9yygpalJNMu6qobFikPvWqRvDOXXfzvNOwm00tOnjCkPl
|
|
||||||
Ijyyw+9oS1BqOrVHbsB9Lp/7Q7Bu4QBKkksXhoUIhEE5R5JzSqxhGWaFK69H1sbJ
|
|
||||||
gNejXTo+4tcdvFVObyWeyKIhHNekXfSj
|
|
||||||
=/MqA
|
|
||||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
|
@ -7,9 +7,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCakakYFPSysSzIe3a97SEBAajWk7XfKA9R3JPuGl2Y
|
||||||
# root@nixos-rpi4-03
|
# root@nixos-rpi4-03
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03
|
||||||
|
|
||||||
# root@osaka-vultr-01
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCnWVvX6iHHQ2fFhrKyjdPHQeq9OnGDnVLy4CauHeWk47KrZ6b/QSGw7y+jR7RYUkhviAnLP7b25W0Sl1cPNcfrRc8jGpzVny1bh0dOR9VCgxr/+SWSB2Noiq330eDPerhFm0X9YzOXuocTMUIsziZ06GDGNqAm11hyBWTEF40/xjSnK9IqRPt1+jhtjgta0YnZq9F+m3v1MUV1FKxv8LlxbwOrIEJa8trx8DkNekStK5rbho6TOU0TKzU+tpeRxgyXyqtb+k2CMdSRIMZIaYQ7Dw6Vom71/+/A7YtOH6Plx3gJXNp3ebWXZFoY4bFnLje2jmIxde9402H/t5DsbF7nVhecIC/+4pjkp30/fS8ecI2CG9FNujjTP+hF/81QFo+TQriudpfBI6HAartNfmF0UiDTSztJ8JT2Use9R0KdS9m65SSWHX4qyySBd+gsgTipGpPpOqx9gqLtn163Pxq25XqavsUD/6GFJBAB6yG08+rOFUcZJQELZCbq6DAm44vT6pfTi0S21dN5OP7PmIpyqpZnXl3DSL5vwgKTy49tlmH5vI7aeGmqbwaLtFQecPHflQIHbx7oZJoJeB4PlNAL8w0Kuz6j1XTjbUneQL/xNasfsaa7JsfjLs7QhzC5PCImqCBw3PnpsKxBrb/OMocEKkcCAGs72fFKa2ex5wDeLA71vBNe0zfRIYZyKgEAgiuTnJefYlreV92Cisf9Oh1HEXweNj/VnmkLlLCx62toXRn7HJ2LIN0/J6zXgDW7rVRSHRhWiHqz58F5X2MiD1o+aPxZ9bapjV9cWcfd8Yak7M+ef/80VaSx3gsT3jE3X8mqjJdzCY0EhxQTyq1gqJwNeo9HBCw4z1/nxn+mhzSS3FvaFHH4CETfYrf4A7cfIgPsb0rzA0g/de9lAkhxUiO/b1OJHwHuO4+TaSq4bc4IFhkfASpMtsKv0Ee7hRob3NWWjSdMPvHyd/G4DCjPr8RcTUtzz/99BBdaRMFDjaDVxz0tSQXSgO9eWu4tQ/59DKg1fRdTYLUeiI9XCaMNZjV6AQJUfTt2h7x5VFbROGoeMz/qm16wwUpIaQ/XCnEviMHKPQ7KUavFV5HBQlxPv+HzjGJh+VgywVgrPxEkxHcuOTlIceodvnqfD9wunT1fzXCl5oDf0zEXqEpV9TlczBT0TaBvlKf227hDOsRwjF7HJFUSsW63SgFHnsGPLg2auZZ062zdqIWVBShzuzH4S5e7qHW5Qar/2iudwckZFx5iRMvFllo3MGxhQ77YqQ09WZmiNlDHM0yG/ZSGHjJ/Nf+w3kqIlwVYuW7HFCe0EEIS5bFfIyetfS7ozwPhaMrRy0HZXxOiZa4HGRA+44SZeK6T root@osaka-vultr-01
|
|
||||||
|
|
||||||
# root@nixos-framework
|
# root@nixos-framework
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDm4Jnyxhc4YEnDVKFjj5OBp4/lAyU2kP1PgkCWTLRzxvw7TWiNH6uyRglFLcDXrunIOmxOrA1tsbMxr7z//rSXWb2w6VQPs8OEIIyv4j/6OI7KGNT6/gNdAvKYaakKYcveE+y2gif8DQvWoKpbMcCIrrliiBac5B8VpvzS+X9iQ+2BQHOjKeios3tHoTGem8MetOjIzPWRP2/sC+Ru2dv8ln8TLoWScQpDDJtSgSkI3XTZNzhCH7toYSmSlnGDZxn687FeYgRGPgA85ndXF1BQp0MYfeYpJi4QSkkk38NgvZSSfP46uKyk3u8KJvG9e6eZ7isSq9jZBNHICil+P3zQsxW3Xc7Wfs5Ttuitkdo6nmU1BYf6VK/nzf4YPgXUWuZFWen6RCKQK3BySQWmMmT2BF+NJzjGI/qy4i7vKfF//fS2Do63cIc0FDKQf/veTDkvB0bep56w2sG9qcPv2YUgJ0Sf/gOJxMuIUcuJ/wfVgwmKLTHt/0tgHKyOWY+4V6w+XdRPm/Fo5cVO+Cjh7h527JuVAlbSCQyKrB4FONg5A2uv3rMPGejY3jO4aTVhsQfU0hAzf0Zw6xJaMjlp3qyJQsZz4pJyg2iS3CbDF9RTCWZ37EDsvK8XcOBatiGL01c/YPecePcSKCohRWJ0My4bsxkjk4mdPWINrl1IKJDD8nqY8DTUGXEFDYx22+rzWg7lnrRJcsJ/IEkptaMVRbp3ThEzJ55czQcQinw3q+K6nwqN4BaXy+yQykftzX23Oxs54dZYuIO/uaoURo9sygOBRZCsjglBoLY7VAG9cO6jDsp2zqS+xIvNEmNjubUeLI+bTLpHn+LVTp2HL/rNvvYUwYVwISWg0ChoViVubipkQ0vTF9HvodcGuDOu3FAqWC+3Xpw1uA/Dw62iTKP/5dqGqV0qzDS2sChoXOpAhLfFn0YFoBlO6WA9Sx7V735MpYs/3ZGRzDJzgpC/0HgAPALoKqFSYkVLwvFvoLRJQ8P8Yw7VPd52oVO9LY99Q9bDqe41v30alO1aqyVLuvBPLdn9Ye6RuyL0c63o0pt+M0Aelu/VMZMWwrBBqjN55PnECwnyiCM+tSK2gmBxcXMXFe5ItZMlqd421MJg83Mo61Q+lqXssUy6zhbBqCJjmIoodflQ+KBW/NRQz9CJmSNB3kt6LG5ipEsneYZqOG6esMCkacSqvw3E2er2F2F655qmzpgunf6YbYVQ7Lbi3O+pLV9L1TxeRsT+Jy3z87ZnhXRIda/POINHJYeJViuniLqhj4EerGFJfEUoVY37lBT1XEPS3HMlPSAkxiAZ0tu8mCi+HrMn0zHqo/RY/xVOBMAgL2sCAufQe5zTlh0wPBxJiHhV root@nixos-framework
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDm4Jnyxhc4YEnDVKFjj5OBp4/lAyU2kP1PgkCWTLRzxvw7TWiNH6uyRglFLcDXrunIOmxOrA1tsbMxr7z//rSXWb2w6VQPs8OEIIyv4j/6OI7KGNT6/gNdAvKYaakKYcveE+y2gif8DQvWoKpbMcCIrrliiBac5B8VpvzS+X9iQ+2BQHOjKeios3tHoTGem8MetOjIzPWRP2/sC+Ru2dv8ln8TLoWScQpDDJtSgSkI3XTZNzhCH7toYSmSlnGDZxn687FeYgRGPgA85ndXF1BQp0MYfeYpJi4QSkkk38NgvZSSfP46uKyk3u8KJvG9e6eZ7isSq9jZBNHICil+P3zQsxW3Xc7Wfs5Ttuitkdo6nmU1BYf6VK/nzf4YPgXUWuZFWen6RCKQK3BySQWmMmT2BF+NJzjGI/qy4i7vKfF//fS2Do63cIc0FDKQf/veTDkvB0bep56w2sG9qcPv2YUgJ0Sf/gOJxMuIUcuJ/wfVgwmKLTHt/0tgHKyOWY+4V6w+XdRPm/Fo5cVO+Cjh7h527JuVAlbSCQyKrB4FONg5A2uv3rMPGejY3jO4aTVhsQfU0hAzf0Zw6xJaMjlp3qyJQsZz4pJyg2iS3CbDF9RTCWZ37EDsvK8XcOBatiGL01c/YPecePcSKCohRWJ0My4bsxkjk4mdPWINrl1IKJDD8nqY8DTUGXEFDYx22+rzWg7lnrRJcsJ/IEkptaMVRbp3ThEzJ55czQcQinw3q+K6nwqN4BaXy+yQykftzX23Oxs54dZYuIO/uaoURo9sygOBRZCsjglBoLY7VAG9cO6jDsp2zqS+xIvNEmNjubUeLI+bTLpHn+LVTp2HL/rNvvYUwYVwISWg0ChoViVubipkQ0vTF9HvodcGuDOu3FAqWC+3Xpw1uA/Dw62iTKP/5dqGqV0qzDS2sChoXOpAhLfFn0YFoBlO6WA9Sx7V735MpYs/3ZGRzDJzgpC/0HgAPALoKqFSYkVLwvFvoLRJQ8P8Yw7VPd52oVO9LY99Q9bDqe41v30alO1aqyVLuvBPLdn9Ye6RuyL0c63o0pt+M0Aelu/VMZMWwrBBqjN55PnECwnyiCM+tSK2gmBxcXMXFe5ItZMlqd421MJg83Mo61Q+lqXssUy6zhbBqCJjmIoodflQ+KBW/NRQz9CJmSNB3kt6LG5ipEsneYZqOG6esMCkacSqvw3E2er2F2F655qmzpgunf6YbYVQ7Lbi3O+pLV9L1TxeRsT+Jy3z87ZnhXRIda/POINHJYeJViuniLqhj4EerGFJfEUoVY37lBT1XEPS3HMlPSAkxiAZ0tu8mCi+HrMn0zHqo/RY/xVOBMAgL2sCAufQe5zTlh0wPBxJiHhV root@nixos-framework
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCgGLJfc04/koTVvbT8wUJ2N40Q6RMHCTkFvnfRmhiH
|
||||||
# albert@nixos-rpi4-01
|
# albert@nixos-rpi4-01
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01
|
||||||
|
|
||||||
# albert@osaka-vultr-01
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDTDzvT1cWqDbTKr5Zqt/jyrX+8P3jZUP5KfyG4FdLSnsJnAXwvQtAc3q5wJoRbo+xT0iSWEYPQ0pautZbN+g1WnpjZxpXxc0J7buZfcqElnz642SxXav/5ZMRtJqZfoAVBUVjZEag/fApVypFGTpeIKg7KkS2OuOn5RxOQPZ8VTmY4ep9Uyse8BN6MIXoZ+6GxGmxJ7wXRogBCL/BnCtHHnZ0rE2kF8tC7YbacROKf0CgVObVHh+VJ37F+ZTI4Hto7d/0ikU+ljgr2QJBo7v9MbsoKgK6ZCUTIoiMzyHto3qpuBYozzS8G9PgneCfpW2aI5I3G7dGPguKctTiXF25CyzVn2ldwmdYe5oeUxhaDLA88rqxqlZz3s8Im7NT7UroRFKbZQm/uj99Si2RUsQsYrkU+0lSJmOZlTBbiExH04L3BbjCHAO+iADr/20Yd3v6OGgCC5BU/7G9F+ViQuKQ14L0Yn/P8KbQN6eyH8JSnODZBg02PssjMBhpjqF7TWpt1UGwiniKbQfVSbReCTv5RL/JUiYCP6f+bZ/+34wsiouBkpMgy3A7lyaw7XAc7tgxrSdUzoBfo35KMeM1BVQKu7Rqj4RgMxApT1dYggUlhjjNSJnpjzevETJcSEtKX3deUi5OaE24/HSXEO825BRni8KvhYZCXP3xjYwwx8YJLVDvoc0+Ly9mipsbdJVrpoucM0kggNc1qKQ4gM+I3BAfGWpcoHXl6B6FEkmfxKPDGYbBYQfbYD0Ux8NDKznqMO0iXPsDsDifDL8NxK5jMxAg2H2UDr5E7eAqwtq1DqB824Mwnd7S16Uo4iPNazWVQbKKH3yp23Pp2bHp/Zf67WrM4D+UiO5i21aLNVte4cnMY71/mVJ5c5SwqbOtpSm0XeZrDuziLCrLe0cNrYHPN/EBEEDQaHLbPrGwA69Q6qW7zXGliE+TaLpvLVfSeB9JRIf01th37Fllze2zOifI4+aSEo82l2q4pzNJqCkbeIbiIhBlyvzsDGD9DP/Fhl7nTPhbExRNWWlbAc+BLkSskHtSd4XOVxnWG6ev9pWqrssOuDSeNXYPSSGK3Hiof5rWHFBf4rJarTLcjzcSJ5mL1vhtnHMMqIqSKKR2ErEmeL0+SyHfUt2hUtGPRNg1+42PLEFeBFK+SwSjvu89v7QkUi56/5hZhH/867QgWmDdkdn2qSi2OjunFruzQDk97ncdHntJIrfCPrPDV+pxNgJVXlP6+Gp4xVa77xexvJ2j5FcQkTgmOf8YnQx6LsgGDsBgizLJP/CgnmJPAt0BTAvc4V1Xg4awpDcPX13mlxmQC13qI0CAsjFdTF+NuA/nBVOP/WaRyLnzsHEqmYBxjRkrN1yfR albert@osaka-vultr-01
|
|
||||||
|
|
||||||
# albert@nixos-vm-01
|
# albert@nixos-vm-01
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01
|
||||||
|
|
||||||
|
|
|
@ -55,6 +55,7 @@
|
||||||
# Forward mail port 25 to sysctl.io / linode
|
# Forward mail port 25 to sysctl.io / linode
|
||||||
networking.firewall.extraCommands = ''
|
networking.firewall.extraCommands = ''
|
||||||
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25
|
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25
|
||||||
|
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25
|
||||||
'';
|
'';
|
||||||
|
|
||||||
boot.initrd.services.udev.rules = ''
|
boot.initrd.services.udev.rules = ''
|
||||||
|
|
|
@ -1,37 +0,0 @@
|
||||||
{ config, lib, pkgs, modulesPath, desktop, username, ... }: {
|
|
||||||
imports = [
|
|
||||||
./disks.nix
|
|
||||||
./firewall.nix
|
|
||||||
./wireguard.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Distributed Builds
|
|
||||||
nix.distributedBuilds = true;
|
|
||||||
nixpkgs.config.allowUnfree = false;
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "iptable_nat" "iptable_filter" "xt_nat" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
virtualisation.hypervGuest.enable = true;
|
|
||||||
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
time.timeZone = "Asia/Tokyo";
|
|
||||||
networking.hostName = "osaka-vultr-01";
|
|
||||||
|
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."tailscale_keys/osaka-vultr-01" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/tailscale.yaml;
|
|
||||||
restartUnits = [
|
|
||||||
"tailscaled.service"
|
|
||||||
"tailscaled-autoconnect.service"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-vultr-01";
|
|
||||||
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
|
|
||||||
}
|
|
|
@ -1,38 +0,0 @@
|
||||||
{
|
|
||||||
boot.loader.grub.enableCryptodisk = true;
|
|
||||||
disko.devices.disk.vda = {
|
|
||||||
device = "/dev/vda";
|
|
||||||
type = "disk";
|
|
||||||
content = {
|
|
||||||
type = "gpt";
|
|
||||||
partitions = {
|
|
||||||
boot = {
|
|
||||||
size = "1M";
|
|
||||||
type = "EF02";
|
|
||||||
}; # partitions.boot
|
|
||||||
ESP = {
|
|
||||||
size = "500M";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
}; # ESP
|
|
||||||
luks = {
|
|
||||||
size = "100%";
|
|
||||||
content = {
|
|
||||||
type = "luks";
|
|
||||||
name = "crypted";
|
|
||||||
extraOpenArgs = [ "--allow-discards" ];
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "ext4";
|
|
||||||
mountpoint = "/";
|
|
||||||
}; # content
|
|
||||||
}; # content
|
|
||||||
}; # luks.partitions
|
|
||||||
}; # partitions
|
|
||||||
}; # content
|
|
||||||
}; # disko.devices.disk.vda
|
|
||||||
}
|
|
|
@ -1,98 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
|
||||||
networking.firewall.allowedUDPPorts = [
|
|
||||||
3478 # Headscale DERP UDP
|
|
||||||
10000 # Jitsi
|
|
||||||
];
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
80 # HTTP
|
|
||||||
443 # HTTPS
|
|
||||||
25 # SMTP (explicit TLS => STARTTLS)
|
|
||||||
465 # ESMTP (implicit TLS)
|
|
||||||
587 # ESMTP (explicit TLS => STARTTLS)
|
|
||||||
143 # IMAP4 (explicit TLS => STARTTLS)
|
|
||||||
993 # IMAP4 (implicit TLS)
|
|
||||||
4190 # Sieve support
|
|
||||||
42420 # Vintage Story
|
|
||||||
25565 # Minecraft
|
|
||||||
1443 # Headscale DERP
|
|
||||||
4443 # jitsi-jvb
|
|
||||||
5222 # Jitsi
|
|
||||||
5347 # Jitsi
|
|
||||||
5280 # Jitsi
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.extraCommands = ''
|
|
||||||
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
|
|
||||||
# TCP PORTS ##################################################################################################
|
|
||||||
# PORT 80
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 443
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 25
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 465
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 465 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 587
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 587 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 143
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 143 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 993
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 993 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 4190
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 4190 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 4190 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 42420
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 42420 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 42420 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 25565
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 25565 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 1443
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 1443 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 1443 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 4443
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 4443 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 4443 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 5222
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 5222 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 5222 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 5347
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 5347 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 5347 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 5280
|
|
||||||
iptables -t nat -A PREROUTING -p tcp --dport 5280 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p tcp --dport 5280 -j MASQUERADE
|
|
||||||
|
|
||||||
# UDP PORTS ##################################################################################################
|
|
||||||
# PORT 10000
|
|
||||||
iptables -t nat -A PREROUTING -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE
|
|
||||||
|
|
||||||
# PORT 3478
|
|
||||||
iptables -t nat -A PREROUTING -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2
|
|
||||||
iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }: {
|
|
||||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
|
||||||
networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
# Set up the secrets file:
|
|
||||||
sops.secrets."wireguard_keys/osaka-vultr-01" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
sops.secrets."wireguard_keys/preshared_key" = {
|
|
||||||
owner = "root";
|
|
||||||
sopsFile = ../../../secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Wireguard Forwarder
|
|
||||||
boot.kernel.sysctl = {
|
|
||||||
"net.ipv4.ip_forward" = true;
|
|
||||||
"net.ipv4.conf.all.forwarding" = 1;
|
|
||||||
"net.ipv4.conf.default.forwarding" = 1;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireguard = {
|
|
||||||
enable = true;
|
|
||||||
interfaces = {
|
|
||||||
"wireguard0" = {
|
|
||||||
ips = [ "10.100.0.1/24" ];
|
|
||||||
listenPort = 51820;
|
|
||||||
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
|
||||||
postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
|
|
||||||
postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
|
|
||||||
peers = [
|
|
||||||
{ # nixos-rpi4-03
|
|
||||||
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
|
|
||||||
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
|
|
||||||
persistentKeepalive = 5;
|
|
||||||
allowedIPs = [ "10.100.0.2/32" ];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.nat = {
|
|
||||||
enable = true;
|
|
||||||
internalInterfaces = [ "wireguard0" ];
|
|
||||||
externalInterface = "eno3";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,181 +0,0 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
|
||||||
networking.firewall.allowedUDPPorts = [
|
|
||||||
3478 # Headscale DERP UDP
|
|
||||||
10000 # Jitsi
|
|
||||||
];
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
80 # HTTP
|
|
||||||
443 # HTTPS
|
|
||||||
25 # SMTP (explicit TLS => STARTTLS)
|
|
||||||
465 # ESMTP (implicit TLS)
|
|
||||||
587 # ESMTP (explicit TLS => STARTTLS)
|
|
||||||
143 # IMAP4 (explicit TLS => STARTTLS)
|
|
||||||
993 # IMAP4 (implicit TLS)
|
|
||||||
4190 # Sieve support
|
|
||||||
42420 # Vintage Story
|
|
||||||
25565 # Minecraft
|
|
||||||
1443 # Headscale DERP
|
|
||||||
4443 # jitsi-jvb
|
|
||||||
5222 # Jitsi
|
|
||||||
5347 # Jitsi
|
|
||||||
5280 # Jitsi
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.extraCommands = ''
|
|
||||||
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
|
|
||||||
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
${pkgs.iptables}/bin/iptables -A FORWARD -i wireguard0 -o ens3 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 80 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1
|
|
||||||
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 443 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1
|
|
||||||
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 443 -m conntrack --ctstate NEW -j ACCEPT
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.xinetd = {
|
|
||||||
enable = false;
|
|
||||||
services = [
|
|
||||||
{
|
|
||||||
name = "http";
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 80";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "https";
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 443";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "jitsi-jvb 4443 tcp";
|
|
||||||
port = 4443;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 4443";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "jitsi-jvb 5222 tcp";
|
|
||||||
port = 5222;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 5222";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "jitsi-jvb 5347 tcp";
|
|
||||||
port = 5347;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 5347";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "jitsi-jvb 5280 tcp";
|
|
||||||
port = 5280;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 5280";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "minecraft";
|
|
||||||
port = 25565;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 25565";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "vintage-story";
|
|
||||||
port = 42420;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 42420";
|
|
||||||
}
|
|
||||||
|
|
||||||
################################################ mail
|
|
||||||
{
|
|
||||||
name = "mail 25";
|
|
||||||
port = 25;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 25";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "mail 465";
|
|
||||||
port = 465;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 465";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "mail 587";
|
|
||||||
port = 587;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 587";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "mail 143";
|
|
||||||
port = 143;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 143";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "mail 993";
|
|
||||||
port = 993;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 993";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "mail 4190";
|
|
||||||
port = 4190;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 4190";
|
|
||||||
}
|
|
||||||
################################################ mail
|
|
||||||
################################################ headscale-derp
|
|
||||||
{
|
|
||||||
name = "headscale-derp 3478 udp";
|
|
||||||
port = 3478;
|
|
||||||
protocol = "udp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 3478";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "headscale-derp 1443 tcp";
|
|
||||||
port = 1443;
|
|
||||||
protocol = "tcp";
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = 10.100.0.2 1443";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "piaware";
|
|
||||||
port = 8080;
|
|
||||||
unlisted = true;
|
|
||||||
server = "/usr/bin/env"; # Placeholder.
|
|
||||||
extraConfig = "redirect = piaware-rpi4 8080";
|
|
||||||
}
|
|
||||||
# {
|
|
||||||
# name = "ssh";
|
|
||||||
# port = 2282;
|
|
||||||
# unlisted = true;
|
|
||||||
# server = "/usr/bin/env"; # Placeholder.
|
|
||||||
# extraConfig = "redirect = 10.100.0.2 22";
|
|
||||||
# }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue