chore(vesuvio): split config into multiple files

2024-12-31 16:06:33 +01:00 · 2024-12-31 16:06:33 +01:00 · 250c600a48
commit 250c600a48
parent f5be56222f
3 changed files with 57 additions and 51 deletions
--- a/systems/vesuvio/default.nix
+++ b/systems/vesuvio/default.nix
@ -1,60 +1,17 @@
+{ pkgs, ... }:
 {
-  pkgs,
-  config,
-  _utils,
-  ...
-}:
-let
-  secrets = _utils.setupSharedSecrets config { secrets = [ "frpToken" ]; };
-in
-{
-  imports = [ secrets.generate ];
-
-  zramSwap.enable = true;
+  imports = [
+    ./frp.nix
+    ./hetzner.nix
+  ];

  environment.systemPackages = with pkgs; [
    dig
    traceroute
  ];

-  services = {
-    openssh.ports = [ 4269 ];
-
-    # Needed by the Hetzner Cloud password reset feature.
-    qemuGuest.enable = true;
-
-    resolved = {
-      dnssec = "allow-downgrade";
-      dnsovertls = "false";
-    };
-
-    frp = {
-      enable = true;
-      role = "server";
-      settings = {
-        bindPort = 7000;
-        auth = {
-          method = "token";
-          token = "{{ .Envs.FRP_TOKEN }}";
-        };
-      };
-    };
-  };
-
-  systemd.services = {
-    frp.serviceConfig.EnvironmentFile = secrets.get "frpToken";
-
-    # https://discourse.nixos.org/t/qemu-guest-agent-on-hetzner-cloud-doesnt-work/8864/2
-    qemu-guest-agent.path = [ pkgs.shadow ];
-  };
-
-  networking.firewall = {
-    allowedTCPPorts = [ 22 ]; # forgejo-ssh
-    allowedTCPPortRanges = [
-      {
-        from = 6000;
-        to = 7000;
-      }
-    ];
+  services.openssh = {
+    ports = [ 4269 ];
+    openFirewall = true;
  };
 }