From 42984e77041cfc95d333319bef0b2d8f441f56d3 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Wed, 2 Nov 2022 00:11:28 +0100
Subject: =?UTF-8?q?eos=20=E2=86=92=20eostre?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hosts/eos/default.nix | 101 --------------------------------------------------
 hosts/eos/ruleset.nft | 101 --------------------------------------------------
 2 files changed, 202 deletions(-)
 delete mode 100644 hosts/eos/default.nix
 delete mode 100644 hosts/eos/ruleset.nft

(limited to 'hosts/eos')

diff --git a/hosts/eos/default.nix b/hosts/eos/default.nix
deleted file mode 100644
index 1c5347e7..00000000
--- a/hosts/eos/default.nix
+++ /dev/null
@@ -1,101 +0,0 @@
-{ flake, config, pkgs, lib, ... }:
-
-with lib;
-
-{
-  imports = with flake.nixosModules.systemProfiles; [
-    nfsroot
-  ];
-
-  config = {
-    nixpkgs = {
-      system = "x86_64-linux";
-      config = {
-        allowUnfree = true;
-      };
-    };
-
-    boot = {
-      initrd = {
-        availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "sd_mod" "sr_mod" ];
-        kernelModules = [ "igb" ];
-      };
-      kernelModules = [ "kvm-amd" ];
-      extraModulePackages = [ ];
-
-      plymouth.enable = true;
-
-      tmpOnTmpfs = true;
-    };
-
-    hardware = {
-      enableRedistributableFirmware = true;
-      cpu.amd.updateMicrocode = config.hardware.enableRedistributableFirmware;
-
-      nvidia = {
-        modesetting.enable = true;
-        powerManagement.enable = true;
-      };
-
-      opengl.enable = true;
-    };
-
-    environment.etc."machine-id".text = "f457b21333f1491e916521151ff5d468";
-
-    networking = {
-      hostId = "f457b213";
-
-      domain = "asgard.yggdrasil";
-      search = [ "asgard.yggdrasil" "yggdrasil" ];
-
-      hosts = {
-        "127.0.0.1" = [ "eos.asgard.yggdrasil" "eos" ];
-        "::1" = [ "eos.asgard.yggdrasil" "eos" ];
-      };
-
-      firewall.enable = false;
-      nftables = {
-        enable = true;
-        rulesetFile = ./ruleset.nft;
-      };
-    };
-
-    services.resolved = {
-      llmnr = "false";
-    };
-
-    zramSwap.enable = true;
-
-    system.stateVersion = config.system.nixos.release; # No state
-
-
-    time.timeZone = "Europe/Berlin";
-    time.hardwareClockInLocalTime = true;
-    i18n.defaultLocale = "en_DK.UTF-8";
-
-
-    environment.systemPackages = with pkgs; [ cifs-utils ];
-
-    security.pam.mount = {
-      enable = true;
-      extraVolumes = [
-        "<volume sgrp=\"users\" fstype=\"cifs\" server=\"vidhar.lan.yggdrasil\" path=\"home-eos\" mountpoint=\"~\" />"
-        "<volume sgrp=\"users\" fstype=\"cifs\" server=\"vidhar.lan.yggdrasil\" path=\"%(USER)\" mountpoint=\"/run/media/%(USER)/vidhar\" />"
-      ];
-    };
-
-
-    services.xserver = {
-      enable = true;
-      displayManager.sddm = {
-        enable = true;
-        settings = {
-          Users.HideUsers = "gkleen";
-        };
-      };
-      desktopManager.plasma5.enable = true;
-
-      videoDrivers = [ "nvidia" ];
-    };
-  };
-}
diff --git a/hosts/eos/ruleset.nft b/hosts/eos/ruleset.nft
deleted file mode 100644
index 7b38a059..00000000
--- a/hosts/eos/ruleset.nft
+++ /dev/null
@@ -1,101 +0,0 @@
-define icmp_protos = {ipv6-icmp, icmp, igmp}
-
-table arp filter {
-  limit lim_arp {
-    rate over 50 mbytes/second burst 50 mbytes
-  }
-
-  chain input {
-    type filter hook input priority filter
-    policy accept
-
-    limit name lim_arp counter drop
-
-    counter
-  }
-
-  chain output {
-    type filter hook output priority filter
-    policy accept
-
-    limit name lim_arp counter drop
-
-    counter
-  }
-}
-
-table inet filter {
-  limit lim_reject {
-    rate over 1000/second burst 1000 packets
-  }
-
-  limit lim_icmp {
-    rate over 50 mbytes/second burst 50 mbytes
-  }
-
-
-  chain forward {
-    type filter hook forward priority filter
-    policy drop
-
-
-    ct state invalid log level debug prefix "drop invalid forward: " counter drop
-
-
-    iifname lo counter accept
-
-
-    limit name lim_reject log level debug prefix "drop forward: " counter drop
-    log level debug prefix "reject forward: " counter
-    meta l4proto tcp ct state new counter reject with tcp reset
-    ct state new counter reject
-
-
-    counter
-  }
-
-  chain input {
-    type filter hook input priority filter
-    policy drop
-
-
-    ct state invalid log level debug prefix "drop invalid input: " counter drop
-
-
-    iifname lo counter accept
-    iif != lo ip daddr 127.0.0.1/8 counter reject
-    iif != lo ip6 daddr ::1/128 counter reject
-
-    meta l4proto $icmp_protos limit name lim_icmp counter drop
-    meta l4proto $icmp_protos counter accept
-
-    tcp dport 22 counter accept
-    udp dport 60000-61000 counter accept
-
-
-    ct state {established, related} counter accept
-
-
-    limit name lim_reject log level debug prefix "drop input: " counter drop
-    log level debug prefix "reject input: " counter
-    meta l4proto tcp ct state new counter reject with tcp reset
-    ct state new counter reject
-
-
-    counter
-  }
-
-  chain output {
-    type filter hook output priority filter
-    policy accept
-
-
-    oifname lo counter accept
-
-    meta l4proto $icmp_protos limit name lim_icmp counter drop
-    meta l4proto $icmp_protos counter accept
-
-
-    counter
-  }
-}
\ No newline at end of file
-- 
cgit v1.2.3