From 6e26946312adfe2b665404a5f9d7b7bdba92c610 Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Thu, 19 Sep 2024 21:27:22 +0800
Subject: [PATCH] hosts/plover: update state variables and services

This is just made in advanced for the upcoming config updates of each
services.
---
 configs/nixos/plover/default.nix              | 40 +++++++-
 .../plover/modules/hardware/networks.nix      | 95 -------------------
 2 files changed, 35 insertions(+), 100 deletions(-)

diff --git a/configs/nixos/plover/default.nix b/configs/nixos/plover/default.nix
index ad6c7846..dfab486c 100644
--- a/configs/nixos/plover/default.nix
+++ b/configs/nixos/plover/default.nix
@@ -32,11 +32,41 @@
     fail2ban.enable = true;
 
     # The self-hosted services.
-    atuin.enable = true;
-    gitea.enable = true;
     grafana.enable = true;
-    vaultwarden.enable = true;
-    wireguard.enable = true;
+    tailscale.enable = true;
+  };
+
+  state.network = {
+    ipv4 = lib.mkDefault "65.109.224.213";
+    ipv6 = lib.mkDefault "2a01:4f9:c012:607a::1";
+
+    interfaces = {
+      lan = {
+        ipv4 = "10.0.0.2";
+        ipv6 = "";
+      };
+    };
+
+    secondaryNameservers = [
+      # ns1.first-ns.de
+      "213.239.242.238"
+      "2a01:4f8:0:a101::a:1"
+
+      # robotns2.second-ns.de
+      "213.133.105.6"
+      "2a01:4f8:d0a:2004::2"
+
+      # robotns3.second-ns.com
+      "193.47.99.3"
+      "2001:67c:192c::add:a3"
+    ];
+  };
+
+  state.paths = {
+    dataDir = "/var/lib";
+    cacheDir = "/var/cache";
+    logDir = "/var/log";
+    runtimeDir = "/run";
   };
 
   # Offline SSH!?!
@@ -61,7 +91,7 @@
     email = "admin+acme@foodogsquared.one";
     dnsProvider = "rfc2136";
     dnsResolver = "1.1.1.1";
-    credentialsFile = config.sops.secrets."lego/env".path;
+    credentialsFile = config.sops.secrets."lego/env".path or "/var/lib/secrets/acme.env";
   };
 
   # Enable generating new DH params.
diff --git a/configs/nixos/plover/modules/hardware/networks.nix b/configs/nixos/plover/modules/hardware/networks.nix
index f6393471..1b7b9dbb 100644
--- a/configs/nixos/plover/modules/hardware/networks.nix
+++ b/configs/nixos/plover/modules/hardware/networks.nix
@@ -9,69 +9,6 @@ rec {
   # The thing is generated using a ULA generator.
   privateIPv6Prefix = "fd89:c181:8016";
 
-  # These blocks should be used sparingly with how wide these blocks cover.
-  # Plus, they shouldn't be treated as subnets.
-  clientNetworks = [
-    "172.24.0.0/13"
-    "10.128.0.0/9"
-    "fd00::/8"
-  ];
-  serverNetworks = [
-    "172.16.0.0/13"
-    "10.0.0.0/9"
-    "fc00::/8"
-  ];
-
-  interfaces =
-    let
-      ploverInternalNetworkGateway = "172.16.0.1";
-      ipv6Gateway = "fe80::1";
-    in
-    {
-      # This is the public-facing interface. Any interface name with a prime
-      # symbol means it's a public-facing interface.
-      wan = {
-        ifname = "ens3";
-        # The gateways for the public addresses are retrieved from the following
-        # pages:
-        #
-        # * https://docs.hetzner.com/cloud/networks/faq/#are-any-ip-addresses-reserved
-        # * https://docs.hetzner.com/robot/dedicated-server/ip/additional-ip-adresses/#gateway
-        IPv4 = {
-          address = "65.109.224.213";
-          gateway = "172.31.1.1";
-        };
-        IPv6 = {
-          address = "2a01:4f9:c012:607a::1";
-          gateway = ipv6Gateway;
-        };
-      };
-
-      lan = {
-        ifname = "ens10";
-        IPv4 = {
-          address = "172.27.0.1";
-          gateway = ploverInternalNetworkGateway;
-        };
-        IPv6 = {
-          address = "${privateIPv6Prefix}::1";
-          gateway = ipv6Gateway;
-        };
-      };
-
-      wireguard0 = {
-        ifname = "wireguard0";
-        IPv4 = {
-          address = "172.28.0.1";
-          gateway = ploverInternalNetworkGateway;
-        };
-        IPv6 = {
-          address = "${wireguardIPv6Prefix}::1";
-          gateway = ipv6Gateway;
-        };
-      };
-    };
-
   # Wireguard-related things.
   wireguardPort = 51820;
 
@@ -80,36 +17,4 @@ rec {
 
   # This IPv6 network prefix should have /64 for the entire Wireguard network.
   wireguardIPv6Prefix = "${privateIPv6Prefix}:ffff";
-
-  # These are all fixed IP addresses. However, they should be assigned in /16
-  # and /64 for IPv4 and IPv6 block respectively.
-  wireguardPeers = {
-    server = with interfaces.wireguard0; {
-      IPv4 = IPv4.address;
-      IPv6 = IPv6.address;
-    };
-    desktop = {
-      IPv4 = "${wireguardIPv4Prefix}.2";
-      IPv6 = "${wireguardIPv6Prefix}::2";
-    };
-    phone = {
-      IPv4 = "${wireguardIPv4Prefix}.3";
-      IPv6 = "${wireguardIPv6Prefix}::3";
-    };
-  };
-
-  secondaryNameServers = {
-    "ns1.first-ns.de." = {
-      IPv4 = [ "213.239.242.238" ];
-      IPv6 = [ "2a01:4f8:0:a101::a:1" ];
-    };
-    "robotns2.second-ns.de." = {
-      IPv4 = [ "213.133.105.6" ];
-      IPv6 = [ "2a01:4f8:d0a:2004::2" ];
-    };
-    "robotns3.second-ns.com." = {
-      IPv4 = [ "193.47.99.3" ];
-      IPv6 = [ "2001:67c:192c::add:a3" ];
-    };
-  };
 }