Remove osaka-vultr-01

This commit is contained in:
iFargle 2023-12-06 09:09:18 +09:00
parent 8298a0b060
commit ecb8127788
11 changed files with 1 additions and 443 deletions

View file

@ -4,7 +4,6 @@ keys:
- &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78 - &host_nixos-rpi4-01 b8313b59194b577cb5a0187bbfd686dae3a80e78
- &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a - &host_nixos-rpi4-02 166ed206738ba44b3428629dc1f2ed98cbef1a6a
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171 - &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
- &host_osaka-vultr-01 54725007eb252f47efa3b93afb98edf5617c8fc4
- &host_nixos-framework 11727dab3f62daaf7f92fc1143e3f07ef88bd5a4 - &host_nixos-framework 11727dab3f62daaf7f92fc1143e3f07ef88bd5a4
- &host_framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b - &host_framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b
- &host_osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa - &host_osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
@ -18,7 +17,6 @@ creation_rules:
- *host_nixos-rpi4-02 - *host_nixos-rpi4-02
- *host_nixos-rpi4-03 - *host_nixos-rpi4-03
- *host_nixos-vm-01 - *host_nixos-vm-01
- *host_osaka-vultr-01
- *host_osaka-linode-01 - *host_osaka-linode-01
- *host_nixos-framework - *host_nixos-framework
- *host_framework-server - *host_framework-server
@ -31,7 +29,6 @@ creation_rules:
- *host_nixos-rpi4-02 - *host_nixos-rpi4-02
- *host_nixos-rpi4-03 - *host_nixos-rpi4-03
- *host_nixos-vm-01 - *host_nixos-vm-01
- *host_osaka-vultr-01
- *host_osaka-linode-01 - *host_osaka-linode-01
- *host_nixos-framework - *host_nixos-framework
- *host_framework-server - *host_framework-server
@ -41,6 +38,5 @@ creation_rules:
- pgp: - pgp:
- *user_albert - *user_albert
- *host_nixos-rpi4-03 - *host_nixos-rpi4-03
- *host_osaka-vultr-01
- *host_osaka-linode-01 - *host_osaka-linode-01
- *host_framework-server - *host_framework-server

View file

@ -37,7 +37,6 @@
in { in {
nixosConfigurations = { nixosConfigurations = {
# Virtual # Virtual
osaka-vultr-01 = libx.mkHost { hostname = "osaka-vultr-01"; type = "small";};
osaka-linode-01 = libx.mkHost { hostname = "osaka-linode-01"; type = "small";}; osaka-linode-01 = libx.mkHost { hostname = "osaka-linode-01"; type = "small";};
nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; }; nixos-vm-01 = libx.mkHost { hostname = "nixos-vm-01"; };
# Physical # Physical
@ -50,7 +49,6 @@
}; };
homeConfigurations = { homeConfigurations = {
# Virtual # Virtual
"albert@osaka-vultr-01" = libx.mkHome { hostname = "osaka-vultr-01"; };
"albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; }; "albert@osaka-linode-01" = libx.mkHome { hostname = "osaka-linode-01"; };
"albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; }; "albert@nixos-vm-01" = libx.mkHome { hostname = "nixos-vm-01"; };
# Physical # Physical

View file

@ -1,28 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEADAjr3DINKlXTSpoQlzNV5mhAjafnlqa0s8vMYltRFWKxmFzUvT
5zL2FmrlWt4RvI7ecB/7URBcp68WLo3NE3H2bmOM0iUkT4jCNGjSAbl36373xePy
TsrnfLFh2y5G5z8Xn7ZbycyRNqFfCOXMmICOykPRzY/R4g3THZoXL0Sf6r5FbODF
sWXscvW04O1fD9UZFeemJ87pAZ5ZAPVv7Cxa9SeSyFlE4LY6isSTY7taHGIqIayl
G5kAXxQhgdfJlZgBnKWrLM850bXzmE9/K0nXUKWdzih4bVJVAhkrpeBzoi7tkZw1
bYTxi1WqKkS+QWoHuMNREvX3zgA1FEeYyVn9wUhtrKno4B58hMPpKOkxvz+QLt9Q
dlvkAVlCXZdbSMcuxjwqY4dEQ8q3I/9c9Hk5kiWVvszIsrXxR68Xauz7rwSd2UUM
4PRYAay9cZe539V0ZgL6N7QJcDl23v5ZdsbMYS49mnRUl+jAKBWCQT67NKWdAwR0
+UqYH3AedoM5oits5rjfYVvhguNosKjOGYF0mmXVb7FoXjpRF1Z1CO7KTUEca9Y0
qzZZbRerorhf4zwraS2mQ3EkJuAZbpNUYbyxFY3FrrHZB5XQ0JRz1HF6SZpeLUCk
vTYBKcANd+DrgUjDcDLmqIi9eiX/hls1UTuCdXCE1L6vwGqSHBhWn97powARAQAB
zTFyb290IChHZW5lcmF0ZWQgMjAyMy4xMC4wNikgPHJvb3RAb3Nha2EtdnVsdHIt
MDE+wsFiBBMBCAAWBQIAAAAACRD7mO31YXyPxAIbDwIZAQAAVyQQADpMVpMSc+Pe
OnEP/iBgyOYaDXZJLDPre8YwXU0B5bYUzTz2W6ra5WchX4D59XoFeQZztZrYhBcI
Q3J30dgWKGaaUOC4SHVOLL9KK1RzJjSMGmC/fGmhUH22932zHChfhRDnpMPvaai0
sEZqBDoq6O+RF/P54LoI5f1Bk7w2dR1SaFd9xrlgc/PYhf2D+Q6jlDjTL7osSP7S
nTiSmVjGRys4xPbfA6USEF6V4TufnKO61rFdhd6R2+O4B7J0ckI+xLPEwiis73XG
WA1Cc10k6YD2uOzhnAo2yH8IRMiW/9qU9ACl2yyfkNjt9K8tNhTfwUeNvmCulPiw
Dupn5SfFCbh1AhGbYsQq7ZAmZhNyqJxP6iM4txYpe5KeuVkCSLhFe7hd4buGux8r
GEaMmU3LNsgzja96os5Hcao/WL1Xf9SaFGJM1xhVBHvMtOi5V8YOuL3nqjYyC2rK
zu0KcmBdAJ2hIZIuNoimIyrelqSVNIPy9WqAYS8tIReLaxZmIWbKn74fTIfPmDKx
sHhP6toM08dcPG5UKMd9yygpalJNMu6qobFikPvWqRvDOXXfzvNOwm00tOnjCkPl
Ijyyw+9oS1BqOrVHbsB9Lp/7Q7Bu4QBKkksXhoUIhEE5R5JzSqxhGWaFK69H1sbJ
gNejXTo+4tcdvFVObyWeyKIhHNekXfSj
=/MqA
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -7,9 +7,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCakakYFPSysSzIe3a97SEBAajWk7XfKA9R3JPuGl2Y
# root@nixos-rpi4-03 # root@nixos-rpi4-03
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03
# root@osaka-vultr-01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCnWVvX6iHHQ2fFhrKyjdPHQeq9OnGDnVLy4CauHeWk47KrZ6b/QSGw7y+jR7RYUkhviAnLP7b25W0Sl1cPNcfrRc8jGpzVny1bh0dOR9VCgxr/+SWSB2Noiq330eDPerhFm0X9YzOXuocTMUIsziZ06GDGNqAm11hyBWTEF40/xjSnK9IqRPt1+jhtjgta0YnZq9F+m3v1MUV1FKxv8LlxbwOrIEJa8trx8DkNekStK5rbho6TOU0TKzU+tpeRxgyXyqtb+k2CMdSRIMZIaYQ7Dw6Vom71/+/A7YtOH6Plx3gJXNp3ebWXZFoY4bFnLje2jmIxde9402H/t5DsbF7nVhecIC/+4pjkp30/fS8ecI2CG9FNujjTP+hF/81QFo+TQriudpfBI6HAartNfmF0UiDTSztJ8JT2Use9R0KdS9m65SSWHX4qyySBd+gsgTipGpPpOqx9gqLtn163Pxq25XqavsUD/6GFJBAB6yG08+rOFUcZJQELZCbq6DAm44vT6pfTi0S21dN5OP7PmIpyqpZnXl3DSL5vwgKTy49tlmH5vI7aeGmqbwaLtFQecPHflQIHbx7oZJoJeB4PlNAL8w0Kuz6j1XTjbUneQL/xNasfsaa7JsfjLs7QhzC5PCImqCBw3PnpsKxBrb/OMocEKkcCAGs72fFKa2ex5wDeLA71vBNe0zfRIYZyKgEAgiuTnJefYlreV92Cisf9Oh1HEXweNj/VnmkLlLCx62toXRn7HJ2LIN0/J6zXgDW7rVRSHRhWiHqz58F5X2MiD1o+aPxZ9bapjV9cWcfd8Yak7M+ef/80VaSx3gsT3jE3X8mqjJdzCY0EhxQTyq1gqJwNeo9HBCw4z1/nxn+mhzSS3FvaFHH4CETfYrf4A7cfIgPsb0rzA0g/de9lAkhxUiO/b1OJHwHuO4+TaSq4bc4IFhkfASpMtsKv0Ee7hRob3NWWjSdMPvHyd/G4DCjPr8RcTUtzz/99BBdaRMFDjaDVxz0tSQXSgO9eWu4tQ/59DKg1fRdTYLUeiI9XCaMNZjV6AQJUfTt2h7x5VFbROGoeMz/qm16wwUpIaQ/XCnEviMHKPQ7KUavFV5HBQlxPv+HzjGJh+VgywVgrPxEkxHcuOTlIceodvnqfD9wunT1fzXCl5oDf0zEXqEpV9TlczBT0TaBvlKf227hDOsRwjF7HJFUSsW63SgFHnsGPLg2auZZ062zdqIWVBShzuzH4S5e7qHW5Qar/2iudwckZFx5iRMvFllo3MGxhQ77YqQ09WZmiNlDHM0yG/ZSGHjJ/Nf+w3kqIlwVYuW7HFCe0EEIS5bFfIyetfS7ozwPhaMrRy0HZXxOiZa4HGRA+44SZeK6T root@osaka-vultr-01
# root@nixos-framework # root@nixos-framework
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDm4Jnyxhc4YEnDVKFjj5OBp4/lAyU2kP1PgkCWTLRzxvw7TWiNH6uyRglFLcDXrunIOmxOrA1tsbMxr7z//rSXWb2w6VQPs8OEIIyv4j/6OI7KGNT6/gNdAvKYaakKYcveE+y2gif8DQvWoKpbMcCIrrliiBac5B8VpvzS+X9iQ+2BQHOjKeios3tHoTGem8MetOjIzPWRP2/sC+Ru2dv8ln8TLoWScQpDDJtSgSkI3XTZNzhCH7toYSmSlnGDZxn687FeYgRGPgA85ndXF1BQp0MYfeYpJi4QSkkk38NgvZSSfP46uKyk3u8KJvG9e6eZ7isSq9jZBNHICil+P3zQsxW3Xc7Wfs5Ttuitkdo6nmU1BYf6VK/nzf4YPgXUWuZFWen6RCKQK3BySQWmMmT2BF+NJzjGI/qy4i7vKfF//fS2Do63cIc0FDKQf/veTDkvB0bep56w2sG9qcPv2YUgJ0Sf/gOJxMuIUcuJ/wfVgwmKLTHt/0tgHKyOWY+4V6w+XdRPm/Fo5cVO+Cjh7h527JuVAlbSCQyKrB4FONg5A2uv3rMPGejY3jO4aTVhsQfU0hAzf0Zw6xJaMjlp3qyJQsZz4pJyg2iS3CbDF9RTCWZ37EDsvK8XcOBatiGL01c/YPecePcSKCohRWJ0My4bsxkjk4mdPWINrl1IKJDD8nqY8DTUGXEFDYx22+rzWg7lnrRJcsJ/IEkptaMVRbp3ThEzJ55czQcQinw3q+K6nwqN4BaXy+yQykftzX23Oxs54dZYuIO/uaoURo9sygOBRZCsjglBoLY7VAG9cO6jDsp2zqS+xIvNEmNjubUeLI+bTLpHn+LVTp2HL/rNvvYUwYVwISWg0ChoViVubipkQ0vTF9HvodcGuDOu3FAqWC+3Xpw1uA/Dw62iTKP/5dqGqV0qzDS2sChoXOpAhLfFn0YFoBlO6WA9Sx7V735MpYs/3ZGRzDJzgpC/0HgAPALoKqFSYkVLwvFvoLRJQ8P8Yw7VPd52oVO9LY99Q9bDqe41v30alO1aqyVLuvBPLdn9Ye6RuyL0c63o0pt+M0Aelu/VMZMWwrBBqjN55PnECwnyiCM+tSK2gmBxcXMXFe5ItZMlqd421MJg83Mo61Q+lqXssUy6zhbBqCJjmIoodflQ+KBW/NRQz9CJmSNB3kt6LG5ipEsneYZqOG6esMCkacSqvw3E2er2F2F655qmzpgunf6YbYVQ7Lbi3O+pLV9L1TxeRsT+Jy3z87ZnhXRIda/POINHJYeJViuniLqhj4EerGFJfEUoVY37lBT1XEPS3HMlPSAkxiAZ0tu8mCi+HrMn0zHqo/RY/xVOBMAgL2sCAufQe5zTlh0wPBxJiHhV root@nixos-framework ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDm4Jnyxhc4YEnDVKFjj5OBp4/lAyU2kP1PgkCWTLRzxvw7TWiNH6uyRglFLcDXrunIOmxOrA1tsbMxr7z//rSXWb2w6VQPs8OEIIyv4j/6OI7KGNT6/gNdAvKYaakKYcveE+y2gif8DQvWoKpbMcCIrrliiBac5B8VpvzS+X9iQ+2BQHOjKeios3tHoTGem8MetOjIzPWRP2/sC+Ru2dv8ln8TLoWScQpDDJtSgSkI3XTZNzhCH7toYSmSlnGDZxn687FeYgRGPgA85ndXF1BQp0MYfeYpJi4QSkkk38NgvZSSfP46uKyk3u8KJvG9e6eZ7isSq9jZBNHICil+P3zQsxW3Xc7Wfs5Ttuitkdo6nmU1BYf6VK/nzf4YPgXUWuZFWen6RCKQK3BySQWmMmT2BF+NJzjGI/qy4i7vKfF//fS2Do63cIc0FDKQf/veTDkvB0bep56w2sG9qcPv2YUgJ0Sf/gOJxMuIUcuJ/wfVgwmKLTHt/0tgHKyOWY+4V6w+XdRPm/Fo5cVO+Cjh7h527JuVAlbSCQyKrB4FONg5A2uv3rMPGejY3jO4aTVhsQfU0hAzf0Zw6xJaMjlp3qyJQsZz4pJyg2iS3CbDF9RTCWZ37EDsvK8XcOBatiGL01c/YPecePcSKCohRWJ0My4bsxkjk4mdPWINrl1IKJDD8nqY8DTUGXEFDYx22+rzWg7lnrRJcsJ/IEkptaMVRbp3ThEzJ55czQcQinw3q+K6nwqN4BaXy+yQykftzX23Oxs54dZYuIO/uaoURo9sygOBRZCsjglBoLY7VAG9cO6jDsp2zqS+xIvNEmNjubUeLI+bTLpHn+LVTp2HL/rNvvYUwYVwISWg0ChoViVubipkQ0vTF9HvodcGuDOu3FAqWC+3Xpw1uA/Dw62iTKP/5dqGqV0qzDS2sChoXOpAhLfFn0YFoBlO6WA9Sx7V735MpYs/3ZGRzDJzgpC/0HgAPALoKqFSYkVLwvFvoLRJQ8P8Yw7VPd52oVO9LY99Q9bDqe41v30alO1aqyVLuvBPLdn9Ye6RuyL0c63o0pt+M0Aelu/VMZMWwrBBqjN55PnECwnyiCM+tSK2gmBxcXMXFe5ItZMlqd421MJg83Mo61Q+lqXssUy6zhbBqCJjmIoodflQ+KBW/NRQz9CJmSNB3kt6LG5ipEsneYZqOG6esMCkacSqvw3E2er2F2F655qmzpgunf6YbYVQ7Lbi3O+pLV9L1TxeRsT+Jy3z87ZnhXRIda/POINHJYeJViuniLqhj4EerGFJfEUoVY37lBT1XEPS3HMlPSAkxiAZ0tu8mCi+HrMn0zHqo/RY/xVOBMAgL2sCAufQe5zTlh0wPBxJiHhV root@nixos-framework

View file

@ -25,9 +25,6 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCgGLJfc04/koTVvbT8wUJ2N40Q6RMHCTkFvnfRmhiH
# albert@nixos-rpi4-01 # albert@nixos-rpi4-01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCzIkWmNJ5KGV1F4zME/u+B+LXjW8TI3+sTkcNAJrbsPrp6N8LcxR4a+uwfqJv/Cf6i97Z2WPvUyWTX25X3fEB/jgpS8az5fpxkJ2BvzNho5iHJAg0pIv6+1x5WkKZhqUbB7zc7pdHZvl1ElSgUgzgp2uxuvy5XNm2xqrxS337dG/pFEuK+sg8uZ5bRXbv1ATJ5451aHM49mzbTFxl8J09AKu3U189dofnqQLhyQv08X9n7kbitNaLHjsgv2FMP5pUSI8ysQliOtsQ7FV76OoetJmtEp/1LTSzYffgXtrNqayTninZAUyIORjKVyyGVVb/siz/rsQqWQcx2eneq1ZEGg7nWNsjEoGMsaZFO+FQc6TJIV9aTmh9N7vcVLEFfvUO7F62P1H2y9h2OCaSsYwekLbDw2Gel1FZmL4iVLzETy2NwOXiGWkYtUy+uvMdGtdLQjvhRu6AmwpMGXtG+z3YyjzYb6tUgYuY7EvDFiC+LhY8PBI30ozHHXRD4v2CyD0xdHteq4Yi6y2hcytvcohGd8dg5v7L6DCeLt07/B3kcRfrxOUBa84hcFOHtauhyNVSFk5RGfDg38yVv5XgZMGNvYuUQFdlrkPyP54hbLZ+QXUQt+BuI7uoGa9ezecF6abAfPODGbmP8DqgVD8BmLcv7nMlEcXu+sK0h8H41DnWkhvPZ+ET/JIXAHxpfbFJ9XVCrv9e+bWh2JegJD0fjpWX8KYRpJmhObrz4DqveXdhx1zVQvCEln6+IlRfM1zvNEnX1yV8Oj4VPah2p1TtAyB+Npk5ccErONrvfAaYChWg6EoNFX08AeMaU7AR0q2Yan9ZEaUT+D1ngo0mM0V77s1BKLvEnDklwUxDo87+Wp+H1wOS+nWQV9MRyJoFgZJmZ3iecutSddju5xhfu4Y6PmVXXrWAXxHJxQElDt2RqodyDjSELoua1OiHQDkupK9JSevP2m/G2xFWEcgFtcV2jErHOWSNudqqLv398TN4xrSTKAmPyO70lyMM94tURbVH/dlAq5inoCWPTdv9bK1UuCv/D4jVAnLoKLh9Er75egYgypKcUbMFohsn8Bn0GbLX0jOb8F2nAlIlAc4BRDpuT+jLD0hD6LMK7VyBKWGTUa7IkrdfGI/u1c4i+MD34rnxBu63Oas3RgMh7eFEVZeUslYCSh1aH2usMhGEboyovacvNNsrrd2O+HmbmTfmZtpcKAe+6a0PfkkTCNo+pib6SqOUMJsKqe62POA8lPixpQXcgHua56BdYl12Knf3pVhHb5KVKVFtv7B7FcjFaNj67I8yezsY9j41nAynlJyNV2AQXU9/UIqWltIiKwRoGSxLXMMId0ymHd8qlRVV9kVSPN0AV albert@nixos-rpi4-01
# albert@osaka-vultr-01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDTDzvT1cWqDbTKr5Zqt/jyrX+8P3jZUP5KfyG4FdLSnsJnAXwvQtAc3q5wJoRbo+xT0iSWEYPQ0pautZbN+g1WnpjZxpXxc0J7buZfcqElnz642SxXav/5ZMRtJqZfoAVBUVjZEag/fApVypFGTpeIKg7KkS2OuOn5RxOQPZ8VTmY4ep9Uyse8BN6MIXoZ+6GxGmxJ7wXRogBCL/BnCtHHnZ0rE2kF8tC7YbacROKf0CgVObVHh+VJ37F+ZTI4Hto7d/0ikU+ljgr2QJBo7v9MbsoKgK6ZCUTIoiMzyHto3qpuBYozzS8G9PgneCfpW2aI5I3G7dGPguKctTiXF25CyzVn2ldwmdYe5oeUxhaDLA88rqxqlZz3s8Im7NT7UroRFKbZQm/uj99Si2RUsQsYrkU+0lSJmOZlTBbiExH04L3BbjCHAO+iADr/20Yd3v6OGgCC5BU/7G9F+ViQuKQ14L0Yn/P8KbQN6eyH8JSnODZBg02PssjMBhpjqF7TWpt1UGwiniKbQfVSbReCTv5RL/JUiYCP6f+bZ/+34wsiouBkpMgy3A7lyaw7XAc7tgxrSdUzoBfo35KMeM1BVQKu7Rqj4RgMxApT1dYggUlhjjNSJnpjzevETJcSEtKX3deUi5OaE24/HSXEO825BRni8KvhYZCXP3xjYwwx8YJLVDvoc0+Ly9mipsbdJVrpoucM0kggNc1qKQ4gM+I3BAfGWpcoHXl6B6FEkmfxKPDGYbBYQfbYD0Ux8NDKznqMO0iXPsDsDifDL8NxK5jMxAg2H2UDr5E7eAqwtq1DqB824Mwnd7S16Uo4iPNazWVQbKKH3yp23Pp2bHp/Zf67WrM4D+UiO5i21aLNVte4cnMY71/mVJ5c5SwqbOtpSm0XeZrDuziLCrLe0cNrYHPN/EBEEDQaHLbPrGwA69Q6qW7zXGliE+TaLpvLVfSeB9JRIf01th37Fllze2zOifI4+aSEo82l2q4pzNJqCkbeIbiIhBlyvzsDGD9DP/Fhl7nTPhbExRNWWlbAc+BLkSskHtSd4XOVxnWG6ev9pWqrssOuDSeNXYPSSGK3Hiof5rWHFBf4rJarTLcjzcSJ5mL1vhtnHMMqIqSKKR2ErEmeL0+SyHfUt2hUtGPRNg1+42PLEFeBFK+SwSjvu89v7QkUi56/5hZhH/867QgWmDdkdn2qSi2OjunFruzQDk97ncdHntJIrfCPrPDV+pxNgJVXlP6+Gp4xVa77xexvJ2j5FcQkTgmOf8YnQx6LsgGDsBgizLJP/CgnmJPAt0BTAvc4V1Xg4awpDcPX13mlxmQC13qI0CAsjFdTF+NuA/nBVOP/WaRyLnzsHEqmYBxjRkrN1yfR albert@osaka-vultr-01
# albert@nixos-vm-01 # albert@nixos-vm-01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCkT7gLh5pATYzR4chWNerYt5OcQplgkEVVMgSCNzKpHTjG7vJeA2iSN+rV602rdO9Z9XZ67XpNWsZVKyB8PBxyTk9U/d29OJRnSVhuyKodnxXXQSwAhbOhEYa+PcTqSpRHjJMpFNrww8wCrZ3RJ6tu8MroaUSCl0b1aNB3HD2GDbGOgb8k/3Q722eRCYUe9JHzr2y8/f0ajLp7Z//8DSYTr3I8N+ILZuq+UxXV58S2LmUV4F0omzn6FQKpXpPaeHCEIzI50GoQxXaaInSsiBxauJ4Q0kh4Bu++juIKsNSBN6IU0t1ynk8MGd04dC78APx276Q+KXkm4aIpkUQBoR6HpgZ56Y/XR0/2p0x9Cs8xxhnyR7MKE4dY/j5l7BLVSY6q5uFL1FP7jHFtNC68tLYG2nJ081TsCVaZ7mJfXrdSBS9hy6Tsa4AkAwrTkDGAQF7EV/3WZ+fhQSq1HvB/K/VuqX29hx3C1LyzH9kQNNWBxXzVV0IldLgXFFOzTGwwIHVZQqL0qzDVE5hMa1HQkMCPtpKbUiPXe68GDMcB8hQL9M1bCjFpfkfszFKn2jfv0u+ikY5ZDuMPCOV6lcBtiAS0FB04jhZKDbEqbneKMBYXlF6hYmvPcX0Xhm+OlAitN52Fy3OppgOVmOjci370tOOROk5FTW1wehTfGGRMnm8MCDX7X0omtvIwTSrJw/voJN8R3F7YD4QAd3yPv9y7Om5dMAD+o1a+83segQy8LGS55IITsZ+4hMILjQelJwEmyALpCWDMtfGhL529U44paVqCj4NJKI+EKqJdkajUYDzHhHTe2airUiqpfBHoIXAqB5eKn+MAVtbzVIY5lXc62HOSUAqVjxS/C8ZCsomO54q7cVAkd0tKjAaSPEZBMHGUhrDYXcXrpYA55V72lYzQMMX+RG3IuGkNJjnwJ6GQD4NjtX31MAsHbheu4tx788bnmE7uKmNgnSJW0Lg14CmnJsBSlU4HEbgNixV7o5tltYuIVQHmhjmbk9GGEHmEO/32vriznyHsO6m0lrby836e/vXg2Xsv3T+k7XxkFL8rGG6/b+elGt/8+w4ppfH4nJIFljNnSTBbddrDDMPaOv0qywT4VNLmFKRw2lOT0aL0DKMA1WCs37Sg5eqKLB4/8KBQek5P0wMK1876JHoh1924h4uvHyWhUTogSGFQAAKjMLXqEFKlhySEz8MFPybiCdme8mANMPIVjDyY0uR+FijRxjB72a9OU1M/GvIYNSASOSN7eY0uKgL3SWJntnOsVUF0kvYl0XtAaO+rrKU59imNI0lksngn9DTKiCBDa6VB8WB0wA5caqvZTZtUkD+cKwGBLPe8+0+okDVl/j9FMYOJEw5V albert@nixos-vm-01

View file

@ -55,6 +55,7 @@
# Forward mail port 25 to sysctl.io / linode # Forward mail port 25 to sysctl.io / linode
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25 iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25
iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25
''; '';
boot.initrd.services.udev.rules = '' boot.initrd.services.udev.rules = ''

View file

@ -1,37 +0,0 @@
{ config, lib, pkgs, modulesPath, desktop, username, ... }: {
imports = [
./disks.nix
./firewall.nix
./wireguard.nix
];
# Distributed Builds
nix.distributedBuilds = true;
nixpkgs.config.allowUnfree = false;
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "iptable_nat" "iptable_filter" "xt_nat" ];
boot.extraModulePackages = [ ];
virtualisation.hypervGuest.enable = true;
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
time.timeZone = "Asia/Tokyo";
networking.hostName = "osaka-vultr-01";
# networking.firewall.allowedTCPPorts = [ 22 ];
# Generic Tailscale configs are in /nixos/common/services/tailscale.nix
# Set up the secrets file:
sops.secrets."tailscale_keys/osaka-vultr-01" = {
owner = "root";
sopsFile = ../../../secrets/tailscale.yaml;
restartUnits = [
"tailscaled.service"
"tailscaled-autoconnect.service"
];
};
services.tailscale.authKeyFile = "/run/secrets/tailscale_keys/osaka-vultr-01";
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];
}

View file

@ -1,38 +0,0 @@
{
boot.loader.grub.enableCryptodisk = true;
disko.devices.disk.vda = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
}; # partitions.boot
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}; # ESP
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [ "--allow-discards" ];
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
}; # content
}; # content
}; # luks.partitions
}; # partitions
}; # content
}; # disko.devices.disk.vda
}

View file

@ -1,98 +0,0 @@
{ config, lib, pkgs, ... }: {
networking.firewall.allowedUDPPorts = [
3478 # Headscale DERP UDP
10000 # Jitsi
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
25 # SMTP (explicit TLS => STARTTLS)
465 # ESMTP (implicit TLS)
587 # ESMTP (explicit TLS => STARTTLS)
143 # IMAP4 (explicit TLS => STARTTLS)
993 # IMAP4 (implicit TLS)
4190 # Sieve support
42420 # Vintage Story
25565 # Minecraft
1443 # Headscale DERP
4443 # jitsi-jvb
5222 # Jitsi
5347 # Jitsi
5280 # Jitsi
];
networking.firewall.extraCommands = ''
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# TCP PORTS ##################################################################################################
# PORT 80
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
# PORT 443
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
# PORT 25
iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
# PORT 465
iptables -t nat -A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 465 -j MASQUERADE
# PORT 587
iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 587 -j MASQUERADE
# PORT 143
iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 143 -j MASQUERADE
# PORT 993
iptables -t nat -A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 993 -j MASQUERADE
# PORT 4190
iptables -t nat -A PREROUTING -p tcp --dport 4190 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 4190 -j MASQUERADE
# PORT 42420
iptables -t nat -A PREROUTING -p tcp --dport 42420 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 42420 -j MASQUERADE
# PORT 25565
iptables -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 25565 -j MASQUERADE
# PORT 1443
iptables -t nat -A PREROUTING -p tcp --dport 1443 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 1443 -j MASQUERADE
# PORT 4443
iptables -t nat -A PREROUTING -p tcp --dport 4443 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 4443 -j MASQUERADE
# PORT 5222
iptables -t nat -A PREROUTING -p tcp --dport 5222 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5222 -j MASQUERADE
# PORT 5347
iptables -t nat -A PREROUTING -p tcp --dport 5347 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5347 -j MASQUERADE
# PORT 5280
iptables -t nat -A PREROUTING -p tcp --dport 5280 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p tcp --dport 5280 -j MASQUERADE
# UDP PORTS ##################################################################################################
# PORT 10000
iptables -t nat -A PREROUTING -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE
# PORT 3478
iptables -t nat -A PREROUTING -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2
iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE
'';
}

View file

@ -1,49 +0,0 @@
{ pkgs, config, lib, ... }: {
networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.interfaces.wireguard0.allowedTCPPorts = [ 22 ];
# Set up the secrets file:
sops.secrets."wireguard_keys/osaka-vultr-01" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
sops.secrets."wireguard_keys/preshared_key" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = true;
"net.ipv4.conf.all.forwarding" = 1;
"net.ipv4.conf.default.forwarding" = 1;
};
networking.wireguard = {
enable = true;
interfaces = {
"wireguard0" = {
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
peers = [
{ # nixos-rpi4-03
publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
persistentKeepalive = 5;
allowedIPs = [ "10.100.0.2/32" ];
}
];
};
};
};
networking.nat = {
enable = true;
internalInterfaces = [ "wireguard0" ];
externalInterface = "eno3";
};
}

View file

@ -1,181 +0,0 @@
{ config, lib, pkgs, ... }: {
networking.firewall.allowedUDPPorts = [
3478 # Headscale DERP UDP
10000 # Jitsi
];
networking.firewall.allowedTCPPorts = [
80 # HTTP
443 # HTTPS
25 # SMTP (explicit TLS => STARTTLS)
465 # ESMTP (implicit TLS)
587 # ESMTP (explicit TLS => STARTTLS)
143 # IMAP4 (explicit TLS => STARTTLS)
993 # IMAP4 (implicit TLS)
4190 # Sieve support
42420 # Vintage Story
25565 # Minecraft
1443 # Headscale DERP
4443 # jitsi-jvb
5222 # Jitsi
5347 # Jitsi
5280 # Jitsi
];
networking.firewall.extraCommands = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
${pkgs.iptables}/bin/iptables -A FORWARD -i wireguard0 -o ens3 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 80 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wireguard0 -p tcp --dport 443 -d 10.100.0.2 -j SNAT --to-source 10.100.0.1
${pkgs.iptables}/bin/iptables -A FORWARD -i ens3 -o wireguard0 -p tcp --syn --dport 443 -m conntrack --ctstate NEW -j ACCEPT
'';
services.xinetd = {
enable = false;
services = [
{
name = "http";
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 80";
}
{
name = "https";
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 443";
}
{
name = "jitsi-jvb 4443 tcp";
port = 4443;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 4443";
}
{
name = "jitsi-jvb 5222 tcp";
port = 5222;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 5222";
}
{
name = "jitsi-jvb 5347 tcp";
port = 5347;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 5347";
}
{
name = "jitsi-jvb 5280 tcp";
port = 5280;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 5280";
}
{
name = "minecraft";
port = 25565;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 25565";
}
{
name = "vintage-story";
port = 42420;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 42420";
}
################################################ mail
{
name = "mail 25";
port = 25;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 25";
}
{
name = "mail 465";
port = 465;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 465";
}
{
name = "mail 587";
port = 587;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 587";
}
{
name = "mail 143";
port = 143;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 143";
}
{
name = "mail 993";
port = 993;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 993";
}
{
name = "mail 4190";
port = 4190;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 4190";
}
################################################ mail
################################################ headscale-derp
{
name = "headscale-derp 3478 udp";
port = 3478;
protocol = "udp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 3478";
}
{
name = "headscale-derp 1443 tcp";
port = 1443;
protocol = "tcp";
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = 10.100.0.2 1443";
}
{
name = "piaware";
port = 8080;
unlisted = true;
server = "/usr/bin/env"; # Placeholder.
extraConfig = "redirect = piaware-rpi4 8080";
}
# {
# name = "ssh";
# port = 2282;
# unlisted = true;
# server = "/usr/bin/env"; # Placeholder.
# extraConfig = "redirect = 10.100.0.2 22";
# }
];
};
}