remove yggdrasil

4 months ago · 8869681b28
parent c05f035b7b
commit 8869681b28
11 changed files with 83 additions and 196 deletions
--- a/config/net/c3d2.nix
+++ b/config/net/c3d2.nix
@ -87,11 +87,9 @@
      c3d2-gw2 = "2a00:8180:2c00:223::c3d2:3";
      c3d2-gw3 = "2a00:8180:2c00:223::c3d2:4";
    };
-    hosts6.yggdrasil.c3d2-gw3 = "30c:c3d2:b946:76d0::1";
    subnets6 = {
      dn42 = "fd23:42:c3d2:523::/64";
      up4 = "2a00:8180:2c00:223::/64";
-      yggdrasil = "30c:c3d2:b946:76d0::/64";
    };
  };

--- a/config/net/core.nix
+++ b/config/net/core.nix
@ -69,7 +69,7 @@
      server8 = "172.20.72.58";
      upstream3 = "172.20.72.11";
      upstream4 = "172.20.72.12";
-      yggdrasil = "172.20.72.62";
+      # unused = "172.20.72.62";
      vpn-gw = "172.20.72.69";
      flpk-gw = "172.20.72.71";
    };
@ -132,7 +132,6 @@
        serv-gw = "fd23:42:c3d2:581::8:1";
        upstream3 = "fd23:42:c3d2:581::b:2";
        upstream4 = "fd23:42:c3d2:581::b:3";
-        yggdrasil = "fd23:42:c3d2:581:9000::1";
        vpn-gw = "fd23:42:c3d2:581:9001::1";
        flpk-gw = "fd23:42:c3d2:581:9002::1";
      };
@ -193,7 +192,6 @@
        priv9-gw = "2a00:8180:2c00:281::c:8";
        serv-gw = "2a00:8180:2c00:281::8:1";
        upstream4 = "2a00:8180:2c00:281::b:1";
-        yggdrasil = "2a00:8180:2c00:281:9000::1";
        vpn-gw = "2a00:8180:2c00:281:9001::1";
      };
    };
--- a/config/net/upstream.nix
+++ b/config/net/upstream.nix
@ -257,12 +257,6 @@ in
          reflect = true;
          sourcePort = 45000;
        }
-        {
-          destination = config.site.net.core.hosts4.yggdrasil;
-          proto = "tcp";
-          reflect = true;
-          sourcePort = 1337;
-        }
        {
          destination = config.site.net.core.hosts4.vpn-gw;
          proto = "udp";
--- a/config/net/yggdrasil.nix
+++ b/config/net/yggdrasil.nix
@ -1,18 +0,0 @@
-{
-  site.hosts.yggdrasil = {
-    role = "container";
-    interfaces = {
-      core = {
-        hwaddr = "0A:14:48:01:26:ff";
-        type = "veth";
-      };
-    };
-    bgp = {
-      allowedUpstreams =
-        [ "upstream4" "upstream3" "anon1" "freifunk" ];
-      nets6 = [ "200::/7" ];
-    };
-
-    services.yggdrasil.enable = true;
-  };
-}
--- a/config/secrets-production.nix.gpg
+++ b/config/secrets-production.nix.gpg
@ -1,78 +1,74 @@
 -----BEGIN PGP MESSAGE-----

-hQEMA2PKcvDMvlKLAQf/WuVryEfs9S9vXfuAXIOhYaF4f+8IvE6rOSOiz5inq/PQ
-QIMEIRWs8gnJfA3Ae+QuCmKFicnuyacPqvatPz4GLrCIGuOT4HSHchrrPf8qq5jD
-FR+hWpyGNcvDlBexntAHo7LfVCIkxQTY/yzQiORYKB8DhLAnPsApedHvfFg+Cf9H
-blELmSqiYSZ+ewVpcxgXFQxw23ctLNZgIICGbLLbTbYDV3nBpHd3TyOTJ/o3XxBI
-Ip+hKDoSZzY6BcICrWWaEejgJJIpIpCCLH6aAitPgOmzpH2InPhO62cZ9nG4ij3W
-3rAAfG8V3hlRBXlm1vL0FuXSTwN5CzYptoyJzdDHoNLqAUNfQAgfd4tv2rENFxOB
-Wy+eMEPdACnoYTD39oF6CtisTuE3a0Mj2ybNeYVgDRxd6EXkCoPe9nClSlJLcdfn
-NwmP/84IRVaNm2NUXkhJ4X/SC8mohvxBjCmjKI0BeanC5sIEOUFGTNVQxgaIKwy9
-TKxbm/VJWVXZOHScA9uYozAgglGY1ibyAwxKV0gA1GZzGtDjdGtAJimIQuP7fiMB
-VLQ56cyhRKjk+tAu+Dsf4GJ8Cslz8Sshx00RC7lJQFEBlx+W2inz5SzzY7AKAkCr
-enh/Ygs2NPR39+//PdCVXGC5AaomX95QbghbO1UXnTpVCgpiz+c0DhQDoy7wfT6M
-N3OSvxrqdGBrz858sZGSzK6RAKmQVs4APrKgNX2L6vEpEau/TyX9np3GL+OKoQwM
-PBNoAfyTv3mrsUvoVmGSK6feKX19tf46Bpa7qGQh0oRQiJpoK4C355vMHAlcwRjq
-NzxUNV6rqugL6Wlj+LUijP/SoYgmLKwvRR8vjMvsE2MEvUIm3dimFykseW1c0eek
-u5KjvRAf+duBqf2cjaim1nVXxnu/bQJeOwjxqOt3g8Ps2IziscbFqIVPAH02Z0Ab
-PWTrvBeSLWqHHPJDH5qpCxAvqSSwBmVbiNRmps/Kvf8C/Rv4eR+syGHAXupDxa0s
-aVkKjVURqvr4jfv6K51N9n99XYhyY++nSIoYHQpf3NrRyiY1/csLn+ZcY9qE3Aza
-HHgRQdQWlYsllKz+6FvNWXXd7poPHoHqTUcA517YY3Wsf0jKLYqW3itjmyI4Wbt7
-VDnpLyEYWSe8DOLdXDAQo6zf/EtSYqPsAZIBy2Z35NVT/boMcCT24FPZxQ32cKiq
-E5DFSGH1xGnavAGLdxJ/A/UKUfqP/i9GnB9U8WBsjVvsqd8rUBmBm3GIiXNlzvzq
-8p02F4ci3Tb8hTiG3eYbUCvdhKTYVKbXTNyNBovmaUcyfi3Qh264IBsLPT/RPTVL
-FmBiVlek3ptmXcTlTxvRIahFoKwSvhAXVBVFmclhr6SF3ZyGh+zrwUAMBD1chBXy
-jTPOYhNCZW5jLy6cLoTutaLM5GSemAOXmlyIW1bmWVvUMxqPcH4M9/zpr5pt4xLd
-9VtaTN4zRuoHTc/Nc/JXQh/U9lbKny+EAJA6D0YZAzI5D1Anxn/feFEygNRzBVBM
-KHuLXlk7G66v8mJ8kjmrLzCmeFDL1mMmUSVtUeCrFSX1H/V24Sep9m7nzrI6HbCc
-SKO0cuby/syep0UIcINAWAIf0JVRtEf+oshv00hbHwcxmZgLrRoRyD0iJ0hZdS9u
-h/mgIiR6CuDOPbTI1pFGp02l+mBOIWJLnGce38GodtoFnWRMvc1tdEMYzEtS4tSl
-rupzxHGIHjPXcEnfRwkScuNNmnN5mLosnKhfGPUGVuqiYzfqAnAqyIPjZiFIrllA
-pamx16ZtbCR7tJLc6zAZL6EInMdsNIFzwMr3hgVHxdOZmepGQIg8hZ2ODRdKc/+w
-UlzLpaV76gJa4GCsg6SOA2odGg8ktm0arJePpEZDdixu6rgi0NkxlCK22GfCBSrh
-6/CbawunAoX91nlmc71chT/esMJMasBLcNHph8NCib34OdN7DV9F4ya/UjdbGvMy
-aVreFBrSw+z40C1BWuGBsNJChzr1x1mEMW+7nXbdWN4AjoQtqDdqtYVt5f9y4U48
-EI5KtXYy31bUuMDWFhRGnkFtiKsgSwYSgLYfyYgoFjMXp9juSlLIjyLKS7rMgm6v
-zFXpGledMtgV9/zPPFXcAMQBa71QgHqt0zqJ1SxAnBJjr4K0AKDSHlYTsuVY8IlV
-bcHcfpjHG3vLBJ83QAFNfPubVrusk863D96tAyQ9QAl8f7Y8w3AwSxVo3t8NCKie
-LZVqb0JXnBgUThxqxG4XujhWT/Z+wFsBj5ZrsqB0fSWyudxBKLVKF2dwu4Gd9aNg
-WJ3L72Vjuu3Ev+FHdQyj2cm80DnWcAZCU5oRQPtcz56jn5MMOHxYXPUyB3ba0roX
-+XQsYOdRbmO0OmdeG5QFRCvM18Bxnl2I9bK54UJ3dGqB0NJHE4JLZocLIh7KDTBu
-R9AX/QtOrx4cmf9Z3lEuVc73/WeUTfp73mKTo+FAl89mnOP/Ak7Ic1KsjvvAhNSs
-268F/zjElf7dAMZHJhLdYUDa5enzsclo34BjuH4VmU9ItGUl/xe56JHyDg7xIDz+
-OeDQ4W5NJZrgD4SDs/faxoSq8prA+juqiC+7yYy0FCaUcf4a5Nj6EASxHR6qbJjZ
-hEkxnJtHFSdv/Hr5z5RRCSjVhZ5mPFh3sSOwtzVqul24/PvZ8FJpkVKa5uWmVB/U
-PFqnAw8aDc4hUAirhqRgEnRyLSh6JrgJlXsCv/aLEHRuZinYMZwffP/mI2OHXFSS
-n+FgkZ1x49q0EEJp1pgl9j+HTXhZJuMgYVrDNSTc6EAYsMGxXN+aBlCKRgDiiyzq
-/bK4J4lSfyHqUeunFh5Sqt7O3OXjVe74Dndv7IwpbmMxoYnBoHJlZpA7Gu6WJ5+S
-N84itq/J5XRmQQ7Yt3j+QQa8BAZ6zrip1ryfgXRCXrTolqDiRiAJAfF5898ZNjdG
-V0SiUUy10oahataso6WENHoZ+ZkoDhdxoLRLcrwRAxePimJn9Bsm4tCvpK2YciXA
-Zzm+H3srsOfjEM8xSQGOW0vPRbfXMBy5KYkEkLdt00N87bAT1kNIJQBdaqO41u9v
-NKpKXoRuF3JZSjqnvtfox7un6lnBlL+fcgcdvPEQSFgnBOhDbBqrCKv6zuqUaB9z
-ulRp5YVPsxkZhpPJmAov291l3tDkgGoDqWiQSv9szl40FpCduQQqNWaWcC5sapaX
-V21IaZX7p2hGZ5kKYYk2+rp5Hi/uoMiQGOe+yTjG+6FOVQMQAK8hp9LaHEHUqsl7
-ZBJJoYZU90UzRnAVDKw088pzvFNQCUTQSWGmCRlF9Qgm2rSWo3Q6XcyEAP97pJrh
-Gqfgd5Ed/71XcLDR6qpyCdrezG2GaxufteEfOItKGY8xHYiDFbLiVHh851GdXWlJ
-kpnbqmnFQRWwuCZPx5eGx8rMgEQDJKn2igBgahjbsDqSCiFJf0Rqb6vhqyffBX/4
-fqfs0IMRw0y4h7dZfrtCc8u43pIusLOkc5F8XIufXaE3Fr7rIr8NBgov+H9IVYjf
-Vsd3qSSjjb1xW3dzle+4W0Ry9DIePt2mpw+gpXF8V16GGkANKBLYFD4K+JvRbY1k
-gupTwLeZdy99qKTponEfjyl/zPLo+gh9cDinRiBTf7uQnWgodKUX0KA8RyqiVsXJ
-MffFQt/ZduStFrGI1KbzdFiDQ2RSWEQKxAzyIAnB1q75h+XPqIQNAYrAjfKRoQmi
-8L8mapuv1ueLeR23GfbP2Xf/o/5Wi9Xul1xH9/FDfxguNrcX74aofide7NgOLhNG
-80VW0sgedLfhbj09F8/SvSIDjsv//piC67yPu+E2HX7TSSwhdps6Elow3oi79llx
-j125YCFtzWq0zZRfNtqkcBExh4o46PihbV6piTsHWC6GrURfZtH/E8logFygwcTE
-ZiMGWqbBsLjuiso1AauRPvXLlfAjy5wPiXnNJYu2uJn03nCwZsysE16pT3xdEbJ3
-6kQMpSJkQVVY/WT/zt7/sz5n3G53ylaZwxM7oF/iLoQWAS9lALVvLxDv91TpS/IV
-gLaGpUiKvETeR8y0ybF6iMeH44UzEieVkzCaSBky5oZSIR4V6BQipL8W6gDRKeQ1
-E/3mUsqkwu2o7HtVZuMverDYtp5lgIA9aFUf2N5RTQN5Khch7F55S0lsANQhSzZV
-Z/AgxPIm/wCqldLSIe4lAoxe+7Kd51x+MvXzwsXO3Y+yR5rHO4yefkIQHgputd0B
-dI1sIct+7YvBkglxz7km3VfdefZQl6zGEcJJdSMrwmoNm29ey9R4oshFWH0XYK1o
-zzGoPqgAGA/4MTey5yxh38LFV3BLKWvAUGeYfyaF3nzmN5X0KGQZ0burWAbiGJuX
-MdaScLobFNqvOxhXq15j1W/WccnsG0vauaV0UEh6O95Iw6rGjjqrFEbyRzt+v/Mq
-oXBweSF8DyQYCfeBXWbygtdr9rHwJ0BuvNk9pQKKUmv/sVzABiIb4jiAM3oTsibt
-tp9sUK5JLwikz8aEW5qmu4tuaaTgTjJwktDP31xDSgyrC18Yk2x6yWk9961EdmeF
-j3kQraTPC/8ovD2NuInhiBCuTsLJShsYBjmtrD1oSfJER2ThffaxzXdh8fbsiYwX
-sPMqtRN4yUWeI2YRQe4aZR19OgRMFn6v280mkKOFIKdYhrUSEl8nzv0tLodV7g3i
-iw4QCYbmiHIcXPEZ1j1z2NhWPXTCrzDzU9L7P1olskQkCqEfkuDJu5lRrg==
-=mILt
+hQEMA2PKcvDMvlKLAQf+N28QCjh68YIkQYSL3EnA34fuG4PqrPONlCOVbuH3SsA/
+BPzZEA2dURxbgIFTkjUCqORv62aMgTxJQdGN6S3x3je5aGXGk38SoTYuPZo5Mdss
+75l9cj8zJsz9ZnawXbFiM6RMpxd/zGoaPqiOclkiA/NcaaGVuhEYv57ucFsESwcJ
+8Pb4PVAt50vH3pcmJUezK1EWftKbMjIB1w/QoiBFbkCi6/2GIs/3ISCFiBO0O7g+
+egW6/6ivODTGV/TghlMoB5717eORUUGr2nejbSV/OaK/bz+KjznJfclg/bRVxM2p
+QYgidYaINIb95O1P56kMYlTfZ7czBwpTr/HV8XuWEdLqAfpIIaf3SlQZKl7FJShO
+Skxxt2nhQzyLIZq8TEexXO5ayTOfuAmCAx3GEv6tPy77KwW/5lzq416TcVgk9ZKh
+qBZB2SBaqH6JavphKFet1GLzztW0Xd1J874P0FXhIdT8OKsJyGNkxgBevEEwNICz
+RVJAAboAF2GwLqdhruT5cTBAKtFPq3QJ/3G/rZQ4WoJ7geYhJHlIlMhG1AkPhKt/
+hCb4nz9nD+9xL8dM1C/6LqROHFZV6X6gha79+84YXfM9wdHP6/Dj1Bs5wB9qQhZu
+HEJOAgule7on5dPaXOV3LzSKLSriDHWcVEsZnN4IzO0I7u59TGWF/RQypThBqDUu
+4C+AwXpoyzGC0rqa+fLfOmWAN0K/uV3Mt+Uj4HwFxu4lYUUqDpB2hcCX6DHytttm
+C7fuqungdMgcpzE5fYH4k38sMPxI98Tnma1hC2MpFIrgV7OgiJ1mVP86rHEGnVut
+92EJ4n7aLHpydcaDYVrIE6x5xmcBbe2Cwf8dBawAsm12nACo9c07AtAsQZUpSF67
+2G3vDJnC0iEF1PGJrWw9tTGBoCS6q3N8iPJ7UF7uSE0DI2Ja5pxiRGVjTe0ddRbJ
+WDhYye/bNjprQh0NY9A5qUfXXnIo5tB0A2aSi2z/vUrffefMIkhYihEyFcPEtpr9
+XqmS7TU0gU2ehcMZZdm0alNo3mjX4lHwczIEiLHMmj3J7Ozgq7aCMwSdFN8TpwOH
+0pAqSjrvG8C05Hr6ymlwRYrJ/OfLAkb1Kjf/Me3N2/ZAjeSzTRFuZ2vgbODCk/BM
+rSy/RMKB0WEvwLEq9Fj5XNH2p9P++v8JDpiH6I/HPZfRORGs5Gs2d7QQiXZ0YIWl
+lUyj9qGUj+RSXVcaHRZxx18RpvA+sgY1E7THx/2+Viwjx+zUHioFnVoEK8ft/hNV
+KtX9+wonftW6aQgN+VGqtWu+uGwxvNe9oxzuT2OWSH2OTFirmqK27KfDpHjjWIrp
+6S5ZGkTm8QzfVeADdmPtQ5lmYCKeugkKQpVyvxZA5lUyROvKMZ7PKLRKTTu6qFL
+B8GdQTdaw4gQY8qliAVy7NvMVVdG8RhIyxRHEKSsV+cuftRvzRo89lyY4I3GTzII
+m6CbRCSNXMXWsyLFM2gd9ICn7Ax9XhuNyJ8NbeDp7f2Qr1GswKA4gJB/ybHpTOAi
+f9WzUZINWeklP5ORTk84ZfHtoZsU3a6ZQUCOLg3MKHtbcvmcb4Z1R9dwKiDCREWX
+59oCDmjZHsQqEzTTw/n9l9g1EHIu1l8zjAy7AzwEuup34Pwuw+Y/0JLsBrXzk869
+ISAMvHy/n6uZVWmqi+PW30i8LhiRvOg4htOs5kQg4PER0+X/hapKVcVIfFP2kPYm
+TOrfyn1WVsJ1ltsLX0LtQimGjFguDmR2/xlcYjBCKj8lDrNov7Qq8R2yXiZtuSgZ
+/YEG3GT8EmBvIXgN/1btvn0udY3edA6QxXtuLQ/aZExJqkZgWuhpgoP4A9P3GPzx
+Bmxg1WB+yMFlKAKbhnQkEjdPLKo7tTmonMOtpvPbuc7W7WT2Sh9jmDIV7U6tXkQA
+AGtk0TYsa1YBWMAqzP2bHNwJ1sMfdeSt9jffxrWSjj5v52qKGovhkr3EqoeCefCV
+POoAjnp9Fm9dOs9DTzstt3cZpHL6zQtNRdTZhrXIEZJ/JavhTd7hjJrSGJrxRt44
+jKcftkwsE1jMB8uSZGpOSfqwF+jZizoREdgQh8QQ3ZQbl8UMWdTUjhhekqK0noWn
+qVT7KzXiTG/1DKLaot755iK7iJhyL9PTT/NCHUbnFzFkHyQjHwwwOw86s7JuTSS4
+l0w04bEOwy5EP8RJDDSFMaW/5qJYsaefBv+0R8DTyod6VG6YRk1jTBTU9HLzlImC
+Md3hi4Ar4P/dxIBb7eebx4x4P5AVeecRAjNFCOlzuMobwdFWhbPhiNIigPLXl2oS
+cMxQQBGenB2eSDbJYbycXD2oZtCRghL+Snj9deFmynBCYxUe9NToXS6IqKmmvdcI
+SU4GKJDbREedfIVUdNNnK5L5goCjKHRsHamPrNGlxrEeeH/VZKh+3yKJlWahpELM
+OdcxEaBEXRzOJW62TRm5JjluI8P0wQJCWn5TzOkNwGYCWiN+rSd5S9PhUDZ67Cjn
+xKvhfXyLi0j45TbHFnwpBI2b5/z29EqviRBrII2mk07DDTKFiHQA4l3Ep44dInSW
+WVRzzcAhDaO0A/wiDS25AhU2P0Bq9LpaQAoQwYOcK70YfY11EybNHey0CGHvuwj3
+hEWQeH7WgqafRj/lnScLdlgw78Disc8DqiNB+PlTSsyEubeVM+p2loz3mXsjLYOQ
+lauDOCjQD6B4jGXigNFk8w+SdI9YCB4oQu5YMPXOzWA93bSmK0ZMl2ntN+1LmyWA
+ecHlRrAZp7NzG2CGVnnsqPRcK6EJNrfI1jbCE0eYvIW/tzrmj8DAfmLsA4H2CDt2
+wDVEu+uDZ2UkXm21Jm7NdKIiYjmKfFMQNgkoPwFJab4FE1zV2ZK5tcTy6tPEj/rS
+vw1u7Gg+ewB6yo6N11ZYA5Q5ivLgn2yY+1HO3e2Se3+VFdTb3mgqypEAfUADD5Xs
+Vy6DNpZpxx+elHr9xt0m+WF5tMCxGawbyKl/6VAsRTEV7sSIaQFpRoBilXVf/n4S
+anTn27031AK5+QGhiO+14AK/anEODcVql+wqvnBeIju0QmhOdy23dAnlsNU2Z3ff
+F620h34C3+3PQKrLzmr3Enam6jFG96nn3cpFn3jqxybbm7ipy7n6mqIeAAvPLbqu
+ZaZ7URbGlYAC8pUTO5UE5eRO5KXp1lITL7eEo8D2wGr/pXfrKVObCh82MPDpL2FS
+6wQQAPBxEC2NE2KrwthCknHCgfjXEoq6AB8HmyjdumxC7Z3aMkr514ebh49it/I6
+Z18DLT4AonINWO3AGiB172Zsln4LjBIWad4PaSAAAhDu9QV4IIxjNEd8mtZ7ZUIS
+ZOW/JOILwh/wkN4DLby8WakjZ351Z+UIqdvKbLVY17tAc+sOYBgnJL05o6URQFqw
+RSHkxjF3GxdlpwYOHQfoWeWSxQkur+aPWMhXdKiYJzlH76KF9RdlzP4i89OpDAVy
+udz/h8cgwTD1yadB27NX31wez0RRuECGAlpEk3vyo9+VDL+NOHiG0jc5xWY4Kk2Q
+P2KlaFXUwlb2qJXSNfT9uWUT+tzelYC0gJEVXVYe+DV3sr/5kLSTn8D0KpqhuGd9
+rNPkLakqfYUlDYMChE6ZDkaV1v6T4jwjgBB65RtvGRsTmhZQIz9bHl04J0xs/UZP
+5MWOsQghvEx8xtLFuXbHQAXJd8n3XjUn+OQ81olBEwXWSrMorVjHrfOKVCtaDr8g
+o9dIsVn6Ox77brX9902+DLuybMb0roBKcg6uQdq52Z5sQ0dUPNDI6YC0LTCxXwU4
+IjTLwSkQqow/Igmr339Bv4fUBft+eLuVkceQnJ+C8Osu3zQ2JJfFZDa2Rvn7xhcO
+y4NyTdJpJHOQ2F7Pu2rh4WwTLJwf5rdwotc7UNQgXqZAhzMPNYBGp469mJK387sc
+igGndEvKsjQ9EkLoyszjY77B0FwMrF0VsoK7q5Acw9rZu/jpt4PAdRXF2uGCV9ZK
+SPrYAj2C3YvRbSscfQlczkpRZQSZUT0MiU9U12v8De29e5SYhL7wOLFKNBNVOqNO
+vpF+MoY/CtjFoo/yep5W5tvGhn8y1M6uY6ERV1G2wuHbJJsV5vwal7se61U+aHmL
+zMQQEvAQVd9MID6HKElepP6NJOPuirk9UfVqoLAUa2tS+H1srVAvfISxjTF4fzFg
+StmSJPn4B8EUdFtow9fWvDrDUEDZibmuG2bjruqday09L1NYxrj6O3Cps8u3j4Z7
+PFA0Eq6ZSVLGUCzTa/OUWWuJl318JXeXFn/wOyG/PBP49gTYDG6JX3Nv7l04WXaW
+qZXYYoyez7vzQ87B7zS2/5oCchLI3s8DhdhCLN28ZwaIgDXF4VbyqDddhpjBLtgs
+w4Fdor/N3rzuCtKV5MgX/ZRGuqADwCgN78DhEuCyWWvUf8CoSAKcCx1xSZYf6rlU
+PulV0jUfVRSc+jIj4Oe2HplI1qeGsK8EUCkSWGlC+UKqyqsCz9M=
+=gug1
 -----END PGP MESSAGE-----
--- a/config/secrets.nix
+++ b/config/secrets.nix
@ -87,13 +87,6 @@
      publicKey = "encrypted";
    };

-    yggdrasil.services.yggdrasil.keys = ''
-      {
-        "PublicKey": "0000000000000000000000000000000000000000000000000000000000000000",
-        "PrivateKey": "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"
-      }
-    '';
-
    ap1.wifi."platform/qca953x_wmac".ssids."uebergangsnetz".psk = "encrypted";
    ap10.wifi."platform/qca953x_wmac".ssids = {
      "iz-dresden.org".psk = "encrypted";
--- a/nix/lib/config/options.nix
+++ b/nix/lib/config/options.nix
@ -400,16 +400,6 @@ let
        type = types.bool;
        default = false;
      };
-      services.yggdrasil = {
-        enable = mkOption {
-          type = types.bool;
-          default = false;
-        };
-        keys = mkOption {
-          type = types.str;
-          default = "";
-        };
-      };
      links = mkOption {
        description = "Which port is connected to what other device? Keys are either network names or known hostnames.";
        default = {};
--- a/nix/lib/dns.nix
+++ b/nix/lib/dns.nix
@ -138,20 +138,17 @@ rec {
      # `{ dn42 = { "...ip6.arpa" = "lo.core.zentralwerk.dn42"; }; }`
      reverseHosts6 = builtins.foldl' (result: net: lib.recursiveUpdate result (
        builtins.mapAttrs (ctx: hosts:
-          if ctx == "yggdrasil"
-          then {}
-          else
-            builtins.foldl' (result: host:
-              let
-                domain =
-                  if ctx == "dn42"
-                  then "${net}.zentralwerk.dn42"
-                  else namedNets.${net}.domainName;
-              in
-                lib.recursiveUpdate result {
-                  "${ipv6ToReverse hosts.${host}}" = "${host}.${domain}";
-                }
-            ) {} (builtins.attrNames hosts)
+          builtins.foldl' (result: host:
+            let
+              domain =
+                if ctx == "dn42"
+                then "${net}.zentralwerk.dn42"
+                else namedNets.${net}.domainName;
+            in
+              lib.recursiveUpdate result {
+                "${ipv6ToReverse hosts.${host}}" = "${host}.${domain}";
+              }
+          ) {} (builtins.attrNames hosts)
        ) namedNets.${net}.hosts6
      )) {} (builtins.attrNames namedNets);

--- a/nix/nixos-module/container/dnscache.nix
+++ b/nix/nixos-module/container/dnscache.nix
@ -51,9 +51,6 @@ lib.mkIf config.site.hosts.${hostName}.services.dnscache.enable {
            "${config.site.net.flpk.subnet4} allow"
            "2a0f:5382:acab:1400::/56 allow"
          ]
-          [ # yggdrasil
-            "${config.site.net.c3d2.subnets6.yggdrasil} allow"
-          ]
          [ # default
          "0.0.0.0/0 deny"
          "::/0 deny"
--- a/nix/nixos-module/container/yggdrasil.nix
+++ b/nix/nixos-module/container/yggdrasil.nix
@ -1,57 +0,0 @@
-{ lib, config, hostName, ... }:
-
-let
-  hostConf = config.site.hosts.${hostName};
-  cfg = hostConf.services.yggdrasil;
-in lib.mkIf cfg.enable {
-  networking.firewall.enable = false;
-
-  boot.postBootCommands = ''
-    if [ ! -c /dev/net/tun ]; then
-      mkdir -p /dev/net
-      mknod -m 666 /dev/net/tun c 10 200
-    fi
-  '';
-
-  # Forward traffic under the prefix.
-  boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
-  networking.nat = {
-    enable = true;
-    # Provide NAT66 for everyone with addresses foreign to Yggdrasil
-    extraCommands = ''
-        ip6tables -t nat -A POSTROUTING ! --src 200::/7 -o ygg -j MASQUERADE
-      '';
-  };
-
-  systemd.tmpfiles.rules = [
-    "d /var/lib/yggdrasil 0700 root root -"
-    "L+ /var/lib/yggdrasil/keys.json - - - - ${builtins.toFile "keys.json" cfg.keys}"
-  ];
-
-  services.yggdrasil = {
-    enable = true;
-    persistentKeys = true;
-    config = {
-      IfName = "ygg";
-      Peers = # https://publicpeers.neilalexander.dev/
-        [
-          # czechia
-          "tcp://[2a03:3b40:fe:ab::1]:46370" # emery vpsfree.cz
-
-          # poland
-          "tls://[2001:41d0:601:1100::cf2]:11129"
-        ];
-      Listen = [
-        "tcp://[::]:1337"
-        # Not needed as `sysctl net.ipv6.bindv6only=0` by default
-        # "tcp://0.0.0.0:1337"
-      ];
-      NodeInfo = {
-        # This information is visible to the network.
-        name = "y.c3d2.de";
-        location = "Dresden";
-        email = "ehmry@c3d2.de";
-      };
-    };
-  };
-}
--- a/nix/nixos-module/default.nix
+++ b/nix/nixos-module/default.nix
@ -25,7 +25,6 @@ in {
    ./container/wireguard.nix
    ./container/dns.nix
    ./container/dnscache.nix
-    ./container/yggdrasil.nix
  ] ++
  optionals lib.config.site.hosts.${hostName}.isRouter [
    ./container/bird.nix