From 2c5b7e4b287b44d6756f2525cff63088e9b4c814 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Thu, 9 Jan 2025 16:03:37 +0100 Subject: [PATCH] Have an enable setting for the vpn-ip setup (enabled by default) so wheatley won't break --- modules/nixos/vpn-ip/default.nix | 4 +++ nixos/hosts/wheatley/configuration.nix | 10 +++++-- nixos/shared/default.nix | 41 ++++++++++++++------------ 3 files changed, 34 insertions(+), 21 deletions(-) diff --git a/modules/nixos/vpn-ip/default.nix b/modules/nixos/vpn-ip/default.nix index 0422641..71d56a6 100644 --- a/modules/nixos/vpn-ip/default.nix +++ b/modules/nixos/vpn-ip/default.nix @@ -2,6 +2,10 @@ with lib; { # Declare what settings a user of this "hello.nix" module CAN SET. options.services.vpn-ip = { + enable = mkOption { + type = types.bool; + default = true; + }; ip = mkOption { type = types.str; default = "0"; diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 280d27f..fb86948 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -1,6 +1,7 @@ { lib, pkgs, + outputs, config, modulesPath, ... @@ -8,6 +9,7 @@ imports = [ # inputs.nixos-hardware.nixosModules.raspberry-pi-4 (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + outputs.nixosModules.vpn-ip ./hardware-configuration.nix @@ -151,6 +153,10 @@ sdImage.compressImage = false; + services.vpn-ip = { + enable = false; + }; + networking = { hostName = "wheatley"; @@ -209,7 +215,7 @@ # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # TODO: generate this dynamically based on other hosts - wg0 = lib.mkForce { + wg1 = { # Determines the IP address and subnet of the server's end of the tunnel interface. address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; @@ -232,7 +238,7 @@ ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE ''; - privateKeyFile = config.sops.secrets."wg-private-key".path; + privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path; peers = [ { diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index 0946b81..f28867f 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -135,27 +135,30 @@ pkgs.nerd-fonts.fira-mono ]; - networking = { - wireguard.enable = true; + networking = + if config.services.vpn-ip.enable + then { + wireguard.enable = true; - wg-quick.interfaces = { - wg0 = { - autostart = true; - address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; - dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; - listenPort = 51821; - privateKeyFile = config.sops.secrets."wg-private-key".path; - peers = [ - { - publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; - endpoint = "84.87.146.85:51821"; - allowedIPs = ["0.0.0.0/0" "::/0"]; - persistentKeepalive = 25; - } - ]; + wg-quick.interfaces = { + wg0 = { + autostart = true; + address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; + dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; + listenPort = 51821; + privateKeyFile = config.sops.secrets."wg-private-key".path; + peers = [ + { + publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; + endpoint = "84.87.146.85:51821"; + allowedIPs = ["0.0.0.0/0" "::/0"]; + persistentKeepalive = 25; + } + ]; + }; }; - }; - }; + } + else {}; # Enable completion of system packages by zsh environment.pathsToLink = ["/share/zsh"];