Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Have an enable setting for the vpn-ip setup (enabled by default) so wheatley won't break

Browse source
This commit is contained in:
Lillian Violet 2025-01-09 16:03:37 +01:00
parent e9a3ead518
commit 2c5b7e4b28
3 changed files with 34 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/nixos/vpn-ip/default.nix
View file

@ -2,6 +2,10 @@
with lib; { with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET. # Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = { options.services.vpn-ip = {
enable = mkOption {
type = types.bool;
default = true;
};
ip = mkOption { ip = mkOption {
type = types.str; type = types.str;
default = "0"; default = "0";

10
nixos/hosts/wheatley/configuration.nix
View file

@ -1,6 +1,7 @@
{ {
lib, lib,
pkgs, pkgs,
outputs,
config, config,
modulesPath, modulesPath,
... ...
@ -8,6 +9,7 @@
imports = [ imports = [
# inputs.nixos-hardware.nixosModules.raspberry-pi-4 # inputs.nixos-hardware.nixosModules.raspberry-pi-4
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix") (modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
outputs.nixosModules.vpn-ip
./hardware-configuration.nix ./hardware-configuration.nix
@ -151,6 +153,10 @@
sdImage.compressImage = false; sdImage.compressImage = false;
services.vpn-ip = {
enable = false;
};
networking = { networking = {
hostName = "wheatley"; hostName = "wheatley";
@ -209,7 +215,7 @@
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts # TODO: generate this dynamically based on other hosts
wg0 = lib.mkForce { wg1 = {
# Determines the IP address and subnet of the server's end of the tunnel interface. # Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
@ -232,7 +238,7 @@
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
''; '';
privateKeyFile = config.sops.secrets."wg-private-key".path; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;
peers = [ peers = [
{ {

41
nixos/shared/default.nix
View file

@ -135,27 +135,30 @@
pkgs.nerd-fonts.fira-mono pkgs.nerd-fonts.fira-mono
]; ];
networking = { networking =
wireguard.enable = true; if config.services.vpn-ip.enable
then {
wireguard.enable = true;
wg-quick.interfaces = { wg-quick.interfaces = {
wg0 = { wg0 = {
autostart = true; autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821; listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path; privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [ peers = [
{ {
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821"; endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"]; allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
};
}; };
}; }
}; else {};
# Enable completion of system packages by zsh # Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];