From fcc2848523f2350167e6894620d63740526c186f Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Tue, 24 Sep 2024 22:45:07 +0200
Subject: [PATCH] Disable DNS and GSSAPI auth on sshd Remove NixNG code

---
 modules/default.nix     |  2 ++
 modules/k3s/default.nix | 27 ---------------------------
 modules/k3s/dnsmasq.nix | 41 -----------------------------------------
 utils/default.nix       |  3 +--
 utils/globals.nix       |  2 --
 5 files changed, 3 insertions(+), 72 deletions(-)
 delete mode 100644 modules/k3s/dnsmasq.nix

diff --git a/modules/default.nix b/modules/default.nix
index a05a57f..7628bdb 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -52,6 +52,8 @@
         settings = {
           PasswordAuthentication = false;
           KbdInteractiveAuthentication = false;
+          GSSAPIAuthentication = false;
+          UseDns = false;
         };
       };
     };
diff --git a/modules/k3s/default.nix b/modules/k3s/default.nix
index f4cec44..d638c81 100644
--- a/modules/k3s/default.nix
+++ b/modules/k3s/default.nix
@@ -164,33 +164,6 @@ in
           cp -f ${./k3s-ca/etcd/server-ca.crt} /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt
         '';
       };
-
-      nixng = lib.mkIf (cfg.role == "server")
-        (
-          let
-            dnsmasqStream = (import ./dnsmasq.nix {
-              inherit (inputs) nixpkgs nixng;
-              inherit (inputs.nixng) nglib;
-              inherit (self) globals;
-            }).config.system.build.ociImage.stream;
-
-            dnsmasqImage = pkgs.stdenv.mkDerivation {
-              name = "dnsmasq.tar";
-              src = dnsmasqStream;
-              dontUnpack = true;
-              buildPhase = ''
-                $src > $out
-              '';
-            };
-          in
-          {
-            text = ''
-              rm -rf ${self.globals.imageDir}
-              mkdir -p ${self.globals.imageDir}
-              ln -sf ${dnsmasqImage} ${self.globals.imageDir}/dnsmasq.tar
-            '';
-          }
-        );
     };
 
     sops.secrets =
diff --git a/modules/k3s/dnsmasq.nix b/modules/k3s/dnsmasq.nix
deleted file mode 100644
index 6fc8c4f..0000000
--- a/modules/k3s/dnsmasq.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ globals, nixpkgs, nglib, ... }:
-nglib.makeSystem {
-  inherit nixpkgs;
-  system = "x86_64-linux";
-  name = "nixng-dnsmasq";
-
-  config = { ... }: {
-    dumb-init = {
-      enable = true;
-      type.services = { };
-    };
-
-    init.services.dnsmasq = {
-      shutdownOnExit = true;
-    };
-
-    services.dnsmasq = {
-      enable = true;
-
-      settings = {
-        address = [
-          "/kms.kun.is/${globals.kmsIPv4}"
-          "/ssh.git.kun.is/${globals.gitIPv4}"
-        ];
-
-        alias = "${globals.routerPublicIPv4},${globals.traefikIPv4}";
-        expand-hosts = true;
-        local = "/dmz/";
-        log-queries = true;
-        no-hosts = true;
-        no-resolv = true;
-        port = 53;
-
-        server = [
-          "192.168.30.1"
-          "/kun.is/${globals.bind9IPv4}"
-        ];
-      };
-    };
-  };
-}
diff --git a/utils/default.nix b/utils/default.nix
index e0ecf4e..297fc3c 100644
--- a/utils/default.nix
+++ b/utils/default.nix
@@ -10,9 +10,8 @@ let
       net = import ./net.nix lib;
     });
 
-  nonSystemAttrs = rec {
+  nonSystemAttrs = {
     globals = import ./globals.nix;
-    imagePath = name: "nix:0${globals.imageDir}/${name}.tar";
   };
 
   allAttrs = systemAttrs // nonSystemAttrs;
diff --git a/utils/globals.nix b/utils/globals.nix
index 2269d8b..28a2163 100644
--- a/utils/globals.nix
+++ b/utils/globals.nix
@@ -25,6 +25,4 @@
   freshrssIPv4 = "192.168.30.146";
   immichIPv4 = "192.168.30.147";
   nextcloudIPv4 = "192.168.30.148";
-
-  imageDir = "/var/container_images";
 }