about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-05-02 19:30:39 -0700
committerFranck Cuny <franck@fcuny.net>2023-05-02 19:30:39 -0700
commitb6d6b6f366c3cbf7e7340f08ea8877bf0a8d45e7 (patch)
treec45c1011b194c0982ba82c5f2f06d18941a916ca
parentprofiles/default: move stuff related to boot (diff)
downloadworld-b6d6b6f366c3cbf7e7340f08ea8877bf0a8d45e7.tar.gz
profiles: consolidates common networking bits
This remove ssh on workstations. I also drop mosh since I don't use it.
-rw-r--r--hosts/aptos/networking.nix8
-rw-r--r--hosts/carmel/networking.nix1
-rw-r--r--hosts/tahoe/networking.nix8
-rw-r--r--modules/services/default.nix3
-rw-r--r--modules/services/fwupd/default.nix5
-rw-r--r--modules/services/ssh-server/default.nix17
-rw-r--r--modules/services/tailscale/default.nix15
-rw-r--r--profiles/default.nix2
-rw-r--r--profiles/nas.nix4
-rw-r--r--profiles/server.nix9
-rw-r--r--profiles/tailscale.nix6
-rw-r--r--profiles/workstation.nix5
12 files changed, 26 insertions, 57 deletions
diff --git a/hosts/aptos/networking.nix b/hosts/aptos/networking.nix
index b157ec5..84c32e5 100644
--- a/hosts/aptos/networking.nix
+++ b/hosts/aptos/networking.nix
@@ -26,12 +26,4 @@
 
   services.nscd.enable = false;
   system.nssModules = lib.mkForce [ ];
-
-  # Use systemd-resolved
-  services.resolved = {
-    enable = true;
-    dnssec = "false";
-  };
-
-  my.services.tailscale.enable = true;
 }
diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
index b814a22..99c9796 100644
--- a/hosts/carmel/networking.nix
+++ b/hosts/carmel/networking.nix
@@ -111,5 +111,4 @@ in
   };
 
   networking.private-wireguard.enable = true;
-  my.services.tailscale.enable = true;
 }
diff --git a/hosts/tahoe/networking.nix b/hosts/tahoe/networking.nix
index 22a7251..8ea6667 100644
--- a/hosts/tahoe/networking.nix
+++ b/hosts/tahoe/networking.nix
@@ -27,12 +27,4 @@
 
   services.nscd.enable = false;
   system.nssModules = lib.mkForce [ ];
-
-  # Use systemd-resolved
-  services.resolved = {
-    enable = true;
-    dnssec = "false";
-  };
-
-  my.services.tailscale.enable = true;
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 457d86a..b6b34d5 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -5,16 +5,13 @@
     ./avahi
     ./backup
     ./cgit
-    ./fwupd
     ./gitolite
     ./monitoring
     ./navidrome
     ./nginx
     ./samba
     ./sendsms
-    ./ssh-server
     ./syncthing
-    ./tailscale
     ./transmission
     ./unifi
   ];
diff --git a/modules/services/fwupd/default.nix b/modules/services/fwupd/default.nix
deleted file mode 100644
index 52dc13e..0000000
--- a/modules/services/fwupd/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  services.fwupd.enable = true;
-}
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
deleted file mode 100644
index ce5d4c8..0000000
--- a/modules/services/ssh-server/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ ... }: {
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "yes";
-    passwordAuthentication = false;
-  };
-
-  programs.mosh.enable = true;
-
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # Relevant ports for mosh
-  networking.firewall.allowedUDPPortRanges = [{
-    from = 6000;
-    to = 6100;
-  }];
-}
diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix
deleted file mode 100644
index 14753f4..0000000
--- a/modules/services/tailscale/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let cfg = config.my.services.tailscale;
-in
-{
-
-  options.my.services.tailscale = with lib; {
-    enable = mkEnableOption "tailscale configuration";
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.tailscale.enable = true;
-    networking.firewall.trustedInterfaces = [ "tailscale0" ];
-    networking.firewall.checkReversePath = "loose";
-  };
-}
diff --git a/profiles/default.nix b/profiles/default.nix
index 4575b13..2353dde 100644
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -26,6 +26,8 @@
 
   services.fstrim.enable = true;
 
+  services.fwupd.enable = true;
+
   programs.ssh = {
     # $ ssh-keyscan example.com
     knownHosts = {
diff --git a/profiles/nas.nix b/profiles/nas.nix
index 9c25c22..d1033af 100644
--- a/profiles/nas.nix
+++ b/profiles/nas.nix
@@ -11,4 +11,8 @@
     group = "nas";
     isSystemUser = true;
   };
+
+  # Use systemd-resolved
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
 }
diff --git a/profiles/server.nix b/profiles/server.nix
index 5a95dff..731ebe8 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./default.nix
+    ./tailscale.nix
   ];
 
   powerManagement.cpuFreqGovernor = "schedutil";
@@ -12,4 +13,12 @@
     packages = with pkgs; [ terminus_font ];
     keyMap = "us";
   };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
 }
diff --git a/profiles/tailscale.nix b/profiles/tailscale.nix
new file mode 100644
index 0000000..61c1a38
--- /dev/null
+++ b/profiles/tailscale.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  services.tailscale.enable = true;
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.checkReversePath = "loose";
+}
diff --git a/profiles/workstation.nix b/profiles/workstation.nix
index f136c33..3b422a6 100644
--- a/profiles/workstation.nix
+++ b/profiles/workstation.nix
@@ -4,6 +4,7 @@
     ./default.nix
     ./documentation.nix
     ./btrfs.nix
+    ./tailscale.nix
   ];
 
   virtualisation.docker.enable = false;
@@ -82,4 +83,8 @@
     pavucontrol
     easyeffects
   ];
+
+  # Use systemd-resolved
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
 }