feat: add initial config

config/endpoints.nix

@@ -0,0 +1,4 @@
+let
+  piTunnelEndpoints = import ../config/endpoints/pi_tunnel.nix;
+in
+piTunnelEndpoints ++ []

config/endpoints/pi_tunnel.nix

@@ -0,0 +1,13 @@
+let
+  ports = [80 443 8448];
+  entry = port:
+    {
+      type = "forwarding";
+      listenPort = port;
+      content = {
+        port = 10000 + port;
+      };
+    };
+
+in
+  map entry ports

config/network.nix

@@ -0,0 +1,10 @@
+{
+  tunnel = {
+    host = "127.0.0.1";
+    allowedPorts = [
+      10080
+      10443
+      18448
+    ];
+  };
+}

config/openssh.nix

@@ -0,0 +1,22 @@
+let
+  secrets = import ../intermediate/secrets.nix;
+  users = builtins.attrNames secrets.source.openssh.users;
+in
+rec {
+  ssh_users = users;
+
+  extraConfig = {
+    users = {
+      "autossh-incoming" = ''
+        PasswordAuthentication no
+        PermitTTY no
+        X11Forwarding no
+        AllowAgentForwarding no
+        PermitTunnel no
+        AllowTcpForwarding remote
+        PermitListen localhost:*
+        PermitListen 127.0.0.1:*
+      '';
+    };
+  };
+}

config/secrets.nix

@@ -0,0 +1,25 @@
+{
+	openssh = {
+		users = {
+			"autossh-incoming" = {
+				pub_keys = {
+					file = ../secrets/openssh/autossh_incoming/pub_keys;
+					path = "/var/lib/autossh-incoming/.ssh/authorized_keys";
+					owner = "autossh-incoming";
+					group = "autossh-incoming";
+					mode = "0600";
+				};
+			};
+
+			nudelerde = {
+				pub_keys = {
+					file = ../secrets/openssh/nudelerde/pub_keys;
+					path = "/home/nudelerde/.ssh/authorized_keys";
+					owner = "nudelerde";
+					group = "users";
+					mode = "0600";
+				};
+			};
+		};
+	};
+}

config/services.nix

@@ -0,0 +1,6 @@
+{
+  nginx = {
+    enable = true;
+    acmeEmail = null;
+  };
+}