From b6d6b6f366c3cbf7e7340f08ea8877bf0a8d45e7 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 2 May 2023 19:30:39 -0700
Subject: profiles: consolidates common networking bits

This remove ssh on workstations. I also drop mosh since I don't use it.
---
 hosts/aptos/networking.nix              |  8 --------
 hosts/carmel/networking.nix             |  1 -
 hosts/tahoe/networking.nix              |  8 --------
 modules/services/default.nix            |  3 ---
 modules/services/fwupd/default.nix      |  5 -----
 modules/services/ssh-server/default.nix | 17 -----------------
 modules/services/tailscale/default.nix  | 15 ---------------
 profiles/default.nix                    |  2 ++
 profiles/nas.nix                        |  4 ++++
 profiles/server.nix                     |  9 +++++++++
 profiles/tailscale.nix                  |  6 ++++++
 profiles/workstation.nix                |  5 +++++
 12 files changed, 26 insertions(+), 57 deletions(-)
 delete mode 100644 modules/services/fwupd/default.nix
 delete mode 100644 modules/services/ssh-server/default.nix
 delete mode 100644 modules/services/tailscale/default.nix
 create mode 100644 profiles/tailscale.nix

diff --git a/hosts/aptos/networking.nix b/hosts/aptos/networking.nix
index b157ec5..84c32e5 100644
--- a/hosts/aptos/networking.nix
+++ b/hosts/aptos/networking.nix
@@ -26,12 +26,4 @@
 
   services.nscd.enable = false;
   system.nssModules = lib.mkForce [ ];
-
-  # Use systemd-resolved
-  services.resolved = {
-    enable = true;
-    dnssec = "false";
-  };
-
-  my.services.tailscale.enable = true;
 }
diff --git a/hosts/carmel/networking.nix b/hosts/carmel/networking.nix
index b814a22..99c9796 100644
--- a/hosts/carmel/networking.nix
+++ b/hosts/carmel/networking.nix
@@ -111,5 +111,4 @@ in
   };
 
   networking.private-wireguard.enable = true;
-  my.services.tailscale.enable = true;
 }
diff --git a/hosts/tahoe/networking.nix b/hosts/tahoe/networking.nix
index 22a7251..8ea6667 100644
--- a/hosts/tahoe/networking.nix
+++ b/hosts/tahoe/networking.nix
@@ -27,12 +27,4 @@
 
   services.nscd.enable = false;
   system.nssModules = lib.mkForce [ ];
-
-  # Use systemd-resolved
-  services.resolved = {
-    enable = true;
-    dnssec = "false";
-  };
-
-  my.services.tailscale.enable = true;
 }
diff --git a/modules/services/default.nix b/modules/services/default.nix
index 457d86a..b6b34d5 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -5,16 +5,13 @@
     ./avahi
     ./backup
     ./cgit
-    ./fwupd
     ./gitolite
     ./monitoring
     ./navidrome
     ./nginx
     ./samba
     ./sendsms
-    ./ssh-server
     ./syncthing
-    ./tailscale
     ./transmission
     ./unifi
   ];
diff --git a/modules/services/fwupd/default.nix b/modules/services/fwupd/default.nix
deleted file mode 100644
index 52dc13e..0000000
--- a/modules/services/fwupd/default.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ ... }:
-
-{
-  services.fwupd.enable = true;
-}
diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix
deleted file mode 100644
index ce5d4c8..0000000
--- a/modules/services/ssh-server/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ ... }: {
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "yes";
-    passwordAuthentication = false;
-  };
-
-  programs.mosh.enable = true;
-
-  networking.firewall.allowedTCPPorts = [ 22 ];
-
-  # Relevant ports for mosh
-  networking.firewall.allowedUDPPortRanges = [{
-    from = 6000;
-    to = 6100;
-  }];
-}
diff --git a/modules/services/tailscale/default.nix b/modules/services/tailscale/default.nix
deleted file mode 100644
index 14753f4..0000000
--- a/modules/services/tailscale/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ config, lib, ... }:
-let cfg = config.my.services.tailscale;
-in
-{
-
-  options.my.services.tailscale = with lib; {
-    enable = mkEnableOption "tailscale configuration";
-  };
-
-  config = lib.mkIf cfg.enable {
-    services.tailscale.enable = true;
-    networking.firewall.trustedInterfaces = [ "tailscale0" ];
-    networking.firewall.checkReversePath = "loose";
-  };
-}
diff --git a/profiles/default.nix b/profiles/default.nix
index 4575b13..2353dde 100644
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -26,6 +26,8 @@
 
   services.fstrim.enable = true;
 
+  services.fwupd.enable = true;
+
   programs.ssh = {
     # $ ssh-keyscan example.com
     knownHosts = {
diff --git a/profiles/nas.nix b/profiles/nas.nix
index 9c25c22..d1033af 100644
--- a/profiles/nas.nix
+++ b/profiles/nas.nix
@@ -11,4 +11,8 @@
     group = "nas";
     isSystemUser = true;
   };
+
+  # Use systemd-resolved
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
 }
diff --git a/profiles/server.nix b/profiles/server.nix
index 5a95dff..731ebe8 100644
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./default.nix
+    ./tailscale.nix
   ];
 
   powerManagement.cpuFreqGovernor = "schedutil";
@@ -12,4 +13,12 @@
     packages = with pkgs; [ terminus_font ];
     keyMap = "us";
   };
+
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "yes";
+    passwordAuthentication = false;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 22 ];
 }
diff --git a/profiles/tailscale.nix b/profiles/tailscale.nix
new file mode 100644
index 0000000..61c1a38
--- /dev/null
+++ b/profiles/tailscale.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  services.tailscale.enable = true;
+  networking.firewall.trustedInterfaces = [ "tailscale0" ];
+  networking.firewall.checkReversePath = "loose";
+}
diff --git a/profiles/workstation.nix b/profiles/workstation.nix
index f136c33..3b422a6 100644
--- a/profiles/workstation.nix
+++ b/profiles/workstation.nix
@@ -4,6 +4,7 @@
     ./default.nix
     ./documentation.nix
     ./btrfs.nix
+    ./tailscale.nix
   ];
 
   virtualisation.docker.enable = false;
@@ -82,4 +83,8 @@
     pavucontrol
     easyeffects
   ];
+
+  # Use systemd-resolved
+  services.resolved.enable = true;
+  services.resolved.dnssec = "false";
 }
-- 
cgit 1.4.1