diff --git a/flake.nix b/flake.nix index 3ba6c8e..279d478 100644 --- a/flake.nix +++ b/flake.nix @@ -58,7 +58,6 @@ { vinzenz-lpt2 = import ./hosts/vinzenz-lpt2 host-params; vinzenz-pc2 = import ./hosts/vinzenz-pc2 host-params; - hetzner-vpn1 = import ./hosts/hetzner-vpn1 host-params; hetzner-vpn2 = import ./hosts/hetzner-vpn2 host-params; }; diff --git a/hosts/hetzner-vpn1/default.nix b/hosts/hetzner-vpn1/default.nix deleted file mode 100644 index e384574..0000000 --- a/hosts/hetzner-vpn1/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ nixpkgs, common-modules, ... }: -nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = common-modules ++ [ - ./hardware.nix - ./nginx.nix - ../../users/vinzenz.nix - ../../users/ronja.nix - { networking.hostName = "hetzner-vpn1"; } - { - # uncomment for build check on non arm system (requires --impure) - # nixpkgs.buildPlatform = builtins.currentSystem; - } - { - users.users = { - root.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' - ]; - vinzenz.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming'' - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming'' - ]; - ronja.openssh.authorizedKeys.keys = [ - ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key'' - ]; - }; - } - ]; -} diff --git a/hosts/hetzner-vpn1/hardware.nix b/hosts/hetzner-vpn1/hardware.nix deleted file mode 100644 index 66be389..0000000 --- a/hosts/hetzner-vpn1/hardware.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - - config = { - nixpkgs = { - hostPlatform = "aarch64-linux"; - system = "aarch64-linux"; - }; - - boot = { - tmp.cleanOnBoot = true; - loader = { - systemd-boot.enable = lib.mkForce false; - efi.canTouchEfiVariables = lib.mkForce false; - grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = true; - device = "nodev"; - }; - }; - initrd = { - availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "xen_blkfront" - ]; - kernelModules = [ "nvme" ]; - }; - }; - - zramSwap.enable = true; - networking.domain = ""; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/77CF-345D"; - fsType = "vfat"; - }; - "/" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - }; - - # This file was populated at runtime with the networking - # details gathered from the active system. - networking = { - nameservers = [ "8.8.8.8" ]; - defaultGateway = "172.31.1.1"; - defaultGateway6 = { - address = "fe80::1"; - interface = "eth0"; - }; - dhcpcd.enable = false; - usePredictableInterfaceNames = lib.mkForce false; - interfaces = { - eth0 = { - ipv4 = { - addresses = [ - { - address = "157.90.146.125"; - prefixLength = 32; - } - ]; - routes = [ - { - address = "172.31.1.1"; - prefixLength = 32; - } - ]; - }; - ipv6 = { - addresses = [ - { - address = "2a01:4f8:c012:7137::1"; - prefixLength = 64; - } - { - address = "fe80::9400:2ff:fe87:7fc9"; - prefixLength = 64; - } - ]; - routes = [ - { - address = "fe80::1"; - prefixLength = 128; - } - ]; - }; - }; - }; - }; - - services.udev.extraRules = '' - ATTR{address}=="96:00:02:87:7f:c9", NAME="eth0" - ''; - }; -} diff --git a/hosts/hetzner-vpn1/nginx.nix b/hosts/hetzner-vpn1/nginx.nix deleted file mode 100644 index f49ff6f..0000000 --- a/hosts/hetzner-vpn1/nginx.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ pkgs, lib, ... }: -{ - security.acme = { - acceptTerms = true; - defaults.email = "acme@zerforschen.plus"; - }; - - security.pam.services.nginx.setEnvironment = false; - systemd.services.nginx.serviceConfig = { - SupplementaryGroups = [ "shadow" ]; - }; - - services.nginx = { - enable = true; - additionalModules = [ pkgs.nginxModules.pam ]; - - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - - virtualHosts = - let - servicesDomain = "services.zerforschen.plus"; - mkServiceConfig = host: port: { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://${host}:${toString port}/"; - extraConfig = '' - # bind to tailscale ip - proxy_bind 100.88.118.60; - # pam auth - limit_except OPTIONS { - auth_pam "Password Required"; - auth_pam_service_name "nginx"; - } - ''; - }; - }; - pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net"; - in - { - "vscode.${servicesDomain}" = lib.mkMerge [ - (mkServiceConfig pc2 8542) - { locations."/".proxyWebsockets = true; } - ]; - "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543; - "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544; - }; - }; - - networking.firewall.allowedTCPPorts = [ - 80 - 443 - ]; -}