diff --git a/home/modules/seven/default.nix b/home/modules/seven/default.nix deleted file mode 100644 index 67e1168..0000000 --- a/home/modules/seven/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, ... }: - -let - cfg = config.custom.seven; -in -{ - imports = [ ./seven-ntfy.nix ]; - - options = { - custom.seven = { - enable = lib.mkEnableOption (lib.mdDoc "Seven"); - ssh.enable = lib.mkEnableOption (lib.mdDoc "Seven SSH"); - }; - }; - - config = lib.mkIf cfg.enable { - programs.ssh.extraConfig = lib.mkIf cfg.ssh.enable '' - Host *.factory.secunet.com - User fschroeter - ''; - }; -} diff --git a/home/modules/seven/ntfy.nix b/home/modules/seven/ntfy.nix deleted file mode 100644 index d4b54a9..0000000 --- a/home/modules/seven/ntfy.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -let - cfg = config.custom.seven.ntfy; -in -{ - options = { - custom.seven.ntfy = { - enable = lib.mkEnableOption (lib.mdDoc "ntfy service for seven"); - }; - }; - - config = lib.mkIf cfg.enable { - systemd.user = { - services.ntfy = { - Unit = { - Description = "ntfy alert scubscription"; - After = "network-online.target"; - PartOf = [ "graphical-session.target" ]; - }; - Service = - let - topic = "https://grafana.factory.secunet.com/ntfy/alerts"; - notify-send = lib.getExe pkgs.libnotify; - in - { - Environment = "PATH=${pkgs.bash}/bin:\${PATH}"; - ExecStart = "${pkgs.ntfy-sh}/bin/ntfy sub ${topic} '${notify-send} \"$t\" \"$m\"'"; - Restart = "always"; - }; - Install.WantedBy = [ "default.target" ]; - }; - }; - }; -} diff --git a/modules/wg0.nix b/modules/wg0.nix deleted file mode 100644 index 1ebcdfe..0000000 --- a/modules/wg0.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ config, lib, ... }: - -let - cfg = config.custom.wg0; -in -{ - options = { - custom.wg0 = { - enable = lib.mkEnableOption (lib.mdDoc "Wireguard config"); - - addresses = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = "IP addresses for this machine within VPN."; - }; - - privateKeyFile = lib.mkOption { - type = lib.types.str; - example = "/path/to/secret.key"; - description = "Private key file."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - age.secrets.wireguard-home-pc-key = { - file = ../secrets/wireguard/home-pc.key.age; - owner = "systemd-network"; - }; - age.secrets.wireguard-cmdframe-key = { - file = ../secrets/wireguard/cmdframe.key.age; - owner = "systemd-network"; - }; - - systemd.network = { - enable = true; - # TODO cannot push this to public git like this - netdevs."40-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1280"; - }; - wireguardConfig = { - PrivateKeyFile = cfg.privateKeyFile; - }; - wireguardPeers = [ - { - PublicKey = "ZVayNyJeOn848aus5bqYU2ujNxvnYtV3ACoerLtDpg8="; - AllowedIPs = [ - "198.18.0.0/15" - "fd00:5ec::/48" - ]; - # TODO remove endpoint from config - Endpoint = "gateway.seven.secunet.com:51821"; - } - ]; - }; - networks."40-wg0" = { - matchConfig.Name = "wg0"; - address = cfg.addresses; - networkConfig = { - IPMasquerade = "ipv4"; - }; - }; - }; - }; -} diff --git a/secrets/wireguard/cmdframe.key.age b/secrets/wireguard/cmdframe.key.age deleted file mode 100644 index 81f1bfa..0000000 --- a/secrets/wireguard/cmdframe.key.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 OAZQhA yHDlGU8tW/fiMocPl0nldeEEn7NvPDMNCqL9hO7B5VY -71ZALgVNzj0FJG4wW5qK+0rhF2hMMkkvqOl6wvpI1xo --> ssh-ed25519 lJaKnA 32vsGauSIeEy8gMq3rOuJV5OOVR/qbNCaJ96gvaYc38 -3f8ZLzGFg4g2XNfUPS+ePMc9AZHMLUjh6y0q2gaRwio ---- PZeKDBBgibYk1Xl5Sd1S38kx322Gi6KnI0lj2NyhFUU -?y)Sk*gz_E>| J׭*9 haI9p ?(JFx:;1yKP]VQ2J;Y \ No newline at end of file diff --git a/secrets/wireguard/home-pc.key.age b/secrets/wireguard/home-pc.key.age deleted file mode 100644 index 3b761bd..0000000 Binary files a/secrets/wireguard/home-pc.key.age and /dev/null differ