From 250c600a4856c6ecc60648527cae47b74008a213 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Tue, 31 Dec 2024 16:06:33 +0100
Subject: [PATCH] chore(vesuvio): split config into multiple files

---
 systems/vesuvio/default.nix | 59 +++++--------------------------------
 systems/vesuvio/frp.nix     | 31 +++++++++++++++++++
 systems/vesuvio/hetzner.nix | 18 +++++++++++
 3 files changed, 57 insertions(+), 51 deletions(-)
 create mode 100644 systems/vesuvio/frp.nix
 create mode 100644 systems/vesuvio/hetzner.nix

diff --git a/systems/vesuvio/default.nix b/systems/vesuvio/default.nix
index 04c43a0..46a7b3d 100644
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@@ -1,60 +1,17 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  config,
-  _utils,
-  ...
-}:
-let
-  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
-in
-{
-  imports = [ secrets.generate ];
-
-  zramSwap.enable = true;
+  imports = [
+    ./frp.nix
+    ./hetzner.nix
+  ];
 
   environment.systemPackages = with pkgs; [
     dig
     traceroute
   ];
 
-  services = {
-    openssh.ports = [ 4269 ];
-
-    # Needed by the Hetzner Cloud password reset feature.
-    qemuGuest.enable = true;
-
-    resolved = {
-      dnssec = "allow-downgrade";
-      dnsovertls = "false";
-    };
-
-    frp = {
-      enable = true;
-      role = "server";
-      settings = {
-        bindPort = 7000;
-        auth = {
-          method = "token";
-          token = "{{ .Envs.FRP_TOKEN }}";
-        };
-      };
-    };
-  };
-
-  systemd.services = {
-    frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
-
-    # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
-    qemu-guest-agent.path = [ pkgs.shadow ];
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [ 22 ]; # forgejo-ssh
-    allowedTCPPortRanges = [
-      {
-        from = 6000;
-        to = 7000;
-      }
-    ];
+  services.openssh = {
+    ports = [ 4269 ];
+    openFirewall = true;
   };
 }
diff --git a/systems/vesuvio/frp.nix b/systems/vesuvio/frp.nix
new file mode 100644
index 0000000..a437ee5
--- /dev/null
+++ b/systems/vesuvio/frp.nix
@@ -0,0 +1,31 @@
+{ config, _utils, ... }:
+let
+  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
+in
+{
+  imports = [ secrets.generate ];
+
+  services.frp = {
+    enable = true;
+    role = "server";
+    settings = {
+      bindPort = 7000;
+      auth = {
+        method = "token";
+        token = "{{ .Envs.FRP_TOKEN }}";
+      };
+    };
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 22 ]; # forgejo-ssh
+    allowedTCPPortRanges = [
+      {
+        from = 6000;
+        to = 7000;
+      }
+    ];
+  };
+
+  systemd.services.frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
+}
diff --git a/systems/vesuvio/hetzner.nix b/systems/vesuvio/hetzner.nix
new file mode 100644
index 0000000..4505de0
--- /dev/null
+++ b/systems/vesuvio/hetzner.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  services = {
+    # Needed by the Hetzner Cloud password reset feature.
+    qemuGuest.enable = true;
+
+    # Hetzner DNS does not work with DoT
+    resolved = {
+      dnssec = "allow-downgrade";
+      dnsovertls = "false";
+    };
+  };
+
+  # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
+  systemd.services.qemu-guest-agent.path = [ pkgs.shadow ];
+
+  zramSwap.enable = true;
+}