summaryrefslogtreecommitdiffstats
path: root/lass/1systems/yellow/config.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
committermakefu <github@syntax-fehler.de>2023-09-09 19:42:08 +0200
commit29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (patch)
treefc4b0695c986a1cda6f1fbbbcbe716e203c54fa3 /lass/1systems/yellow/config.nix
parente157ffa72856e4378aa23b096b2efff233f3cb3d (diff)
parent083229d0211096daec08673f743ccc45b1d8a0ac (diff)
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'lass/1systems/yellow/config.nix')
-rw-r--r--lass/1systems/yellow/config.nix45
1 files changed, 0 insertions, 45 deletions
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
deleted file mode 100644
index 2da93b8fd..000000000
--- a/lass/1systems/yellow/config.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ config, lib, pkgs, ... }: let
- vpnPort = 1637;
- torrentport = 56709; # port forwarded in airvpn webinterface
-in {
- imports = [
- <stockholm/lass>
- <stockholm/lass/2configs>
- <stockholm/lass/2configs/retiolum.nix>
- <stockholm/lass/2configs/services/flix>
- ];
-
- krebs.build.host = config.krebs.hosts.yellow;
-
- krebs.sync-containers3.inContainer = {
- enable = true;
- pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN737BAP36KiZO97mPKTIUGJUcr97ps8zjfFag6cUiYL";
- };
-
- networking.useHostResolvConf = false;
- networking.useNetworkd = true;
-
- networking.wg-quick.interfaces.airvpn.configFile = "/var/src/secrets/airvpn.conf";
- services.transmission.settings.peer-port = torrentport;
-
- # only allow traffic through openvpn
- krebs.iptables = {
- enable = true;
- tables.filter.INPUT.rules = [
- { predicate = "-i airvpn -p tcp --dport ${toString torrentport}"; target = "ACCEPT"; }
- { predicate = "-i airvpn -p udp --dport ${toString torrentport}"; target = "ACCEPT"; }
- ];
- tables.filter.OUTPUT = {
- policy = "DROP";
- rules = [
- { predicate = "-o lo"; target = "ACCEPT"; }
- { predicate = "-p udp --dport ${toString vpnPort}"; target = "ACCEPT"; }
- { predicate = "-o airvpn"; target = "ACCEPT"; }
- { predicate = "-o retiolum"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 1.1.1.1/32"; target = "ACCEPT"; }
- { v6 = false; predicate = "-d 1.0.0.1/32"; target = "ACCEPT"; }
- { v6 = false; predicate = "-o eth0 -d 10.233.2.0/24"; target = "ACCEPT"; }
- ];
- };
- };
-}