hosts: add dmz, cleanups

2023-10-16 10:33:47 +02:00
parent 5dc2c8a98b
commit 9cee80bed2
12 changed files with 338 additions and 56 deletions
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@@ -25,7 +25,6 @@
    #[(import ../../modules/desktop/hyprland/default.nix)] ++        # Window Manager
    [(import ../../modules/desktop/sway/default.nix)] ++        # Window Manager
    (import ../../modules/desktop/virtualisation) ++   # Docker
-    [(import ./microvm.nix)] ++
    (import ../../modules/hardware);                                # Hardware devices

  boot = {                                  # Boot options
@@ -60,7 +59,6 @@
  programs = {                              # No xbacklight, this is the alterantive
    zsh.enable = true;
    dconf.enable = true;
-    light.enable = true;
    ssh.startAgent = false;
    gnupg.agent = {
      enable = true;
--- a/hosts/desktop/microvm.nix
+++ b/hosts/desktop/microvm.nix
@@ -1,72 +0,0 @@
-{ microvm, nixpkgs, ... }:
-let
-  name = "gitea";
-in
-{
-  microvm = {
-#    autostart = [
-#      "gitea-runnervm"
-#    ];
-    vms = {
-      ${name} = {
-        pkgs = import nixpkgs {
-          system = "x86_64-linux";
-          config.allowUnfree = true;
-        };
-
-        config = {
-          networking = {
-            hostName = "${name}-runner";
-            firewall = {
-              enable = true;
-                #allowedUDPPorts = [ 53 67 ];
-                #allowedTCPPorts = [ 53 80 443 9443 ];
-            };
-          };
-          users.users."kabbone" = {                   # System User
-            isNormalUser = true;
-            extraGroups = [ "wheel" ];
-            uid = 2000;
-            openssh.authorizedKeys.keys = [
-              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
-              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
-              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
-              "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
-            ];
-          };
-          services = {
-            openssh = {
-              enable = true;
-              settings.PasswordAuthentication = false;
-            };
-          };
-
-          microvm = {
-            hypervisor = "cloud-hypervisor";
-            vcpu = 4;
-            mem = 4096;
-            interfaces = [
-            {
-              type = "macvtap";
-              id = "${name}-tap";
-              mac = "02:00:00:00:00:01";
-              macvtap = {
-                  link = "enp34s0";
-                  mode = "bridge";
-              };
-            } ];
-             shares = [{
-              source = "/nix/store";
-              mountPoint = "/nix/.ro-store";
-              tag = "ro-store";
-              proto = "virtiofs";
-            }];
-            #writableStoreOverlay = "/nix/.rw-store";
-            #storeOnDisk = true;
-          };
-        system.stateVersion = "23.05";
-        };
-      };
-    };
-  };
-}