From c72c30a4bea2228a5b9db24de39d770e4f400065 Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Mon, 23 Dec 2024 19:22:28 +0100 Subject: [PATCH] generify the vpn setup --- modules/nixos/default.nix | 3 +-- modules/nixos/vpn-ip/default.nix | 14 ++++++++++ nixos/hosts/EDI/configuration.nix | 36 ++++++-------------------- nixos/hosts/GLaDOS/configuration.nix | 34 ++++++------------------ nixos/hosts/queen/configuration.nix | 6 +++++ nixos/hosts/shodan/configuration.nix | 27 +++++-------------- nixos/hosts/wheatley/configuration.nix | 4 +-- nixos/shared/default.nix | 23 ++++++++++++++++ 8 files changed, 68 insertions(+), 79 deletions(-) create mode 100644 modules/nixos/vpn-ip/default.nix diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 8685807..4be86f1 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -1,6 +1,5 @@ # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # These should be stuff you would like to share with others, not your personal configurations. { - # List your module files here - contabo.wan = import ./contabo/wan; + vpn-ip = import ./vpn-ip; } diff --git a/modules/nixos/vpn-ip/default.nix b/modules/nixos/vpn-ip/default.nix new file mode 100644 index 0000000..0422641 --- /dev/null +++ b/modules/nixos/vpn-ip/default.nix @@ -0,0 +1,14 @@ +{lib, ...}: +with lib; { + # Declare what settings a user of this "hello.nix" module CAN SET. + options.services.vpn-ip = { + ip = mkOption { + type = types.str; + default = "0"; + }; + publicKey = mkOption { + type = types.str; + default = ""; + }; + }; +} diff --git a/nixos/hosts/EDI/configuration.nix b/nixos/hosts/EDI/configuration.nix index 040871c..9d35006 100644 --- a/nixos/hosts/EDI/configuration.nix +++ b/nixos/hosts/EDI/configuration.nix @@ -1,16 +1,13 @@ # This is your system's configuration file. # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) { - inputs, + outputs, lib, pkgs, - config, ... }: { # You can import other NixOS modules here imports = [ - # Import home-manager's NixOS module - inputs.home-manager.nixosModules.home-manager # If you want to use modules your own flake exports (from modules/nixos): # outputs.nixosModules.example @@ -21,37 +18,20 @@ # You can also split up your configuration and import pieces of it here: # ./users.nix - ../../../disko/EDI + outputs.nixosModules.vpn-ip - # Import your generated (nixos-generate-config) hardware configuration - ./hardware-configuration.nix + ../../../disko/EDI ]; environment.systemPackages = with pkgs; [ ]; - networking = { - hostName = "EDI"; - wireguard.enable = true; - - wg-quick.interfaces = { - wg0 = { - autostart = true; - address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"]; - dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; - listenPort = 51821; - privateKeyFile = config.sops.secrets."wg-private-key".path; - peers = [ - { - publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; - endpoint = "84.87.146.85:51821"; - allowedIPs = ["0.0.0.0/0" "::/0"]; - persistentKeepalive = 25; - } - ]; - }; - }; + services.vpn-ip = { + ip = "3"; }; + + networking.hostName = "EDI"; + boot = { # Lanzaboote currently replaces the systemd-boot module. # This setting is usually set to true in configuration.nix diff --git a/nixos/hosts/GLaDOS/configuration.nix b/nixos/hosts/GLaDOS/configuration.nix index 80505d9..89bde8c 100644 --- a/nixos/hosts/GLaDOS/configuration.nix +++ b/nixos/hosts/GLaDOS/configuration.nix @@ -2,14 +2,15 @@ # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) { inputs, + outputs, pkgs, - config, ... }: { # You can import other NixOS modules here imports = [ # Import home-manager's NixOS module inputs.home-manager.nixosModules.home-manager + outputs.nixosModules.vpn-ip # If you want to use modules your own flake exports (from modules/nixos): # outputs.nixosModules.example @@ -31,6 +32,12 @@ environment.systemPackages = with pkgs; [ ]; + services.vpn-ip = { + ip = "2"; + }; + + networking.hostName = "GLaDOS"; + services.xserver.videoDrivers = ["amdgpu"]; hardware = { # Add vulkan support to GPU @@ -74,31 +81,6 @@ users.users.lillian.extraGroups = ["gamemode"]; - networking = { - # virtualisation.waydroid.enable = false; - hostName = "GLaDOS"; - - wireguard.enable = true; - - wg-quick.interfaces = { - wg0 = { - autostart = true; - address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"]; - dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; - listenPort = 51821; - privateKeyFile = config.sops.secrets."wg-private-key".path; - peers = [ - { - publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; - endpoint = "84.87.146.85:51821"; - allowedIPs = ["0.0.0.0/0" "::/0"]; - persistentKeepalive = 25; - } - ]; - }; - }; - }; - # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion system.stateVersion = "24.11"; } diff --git a/nixos/hosts/queen/configuration.nix b/nixos/hosts/queen/configuration.nix index a269124..02f0620 100644 --- a/nixos/hosts/queen/configuration.nix +++ b/nixos/hosts/queen/configuration.nix @@ -1,5 +1,6 @@ { inputs, + outputs, lib, pkgs, ... @@ -12,6 +13,8 @@ # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default + outputs.nixosModules.vpn-ip + # You can also split up your configuration and import pieces of it here: # ./nvim.nix ./hardware-configuration.nix @@ -142,6 +145,9 @@ }; hostName = "queen"; + + # Disable the server going through wireguard vpn for now + wireguard.enable = lib.mkForce false; }; # networking.useNetworkd = true; diff --git a/nixos/hosts/shodan/configuration.nix b/nixos/hosts/shodan/configuration.nix index 41bef6f..b8d46aa 100644 --- a/nixos/hosts/shodan/configuration.nix +++ b/nixos/hosts/shodan/configuration.nix @@ -3,7 +3,6 @@ outputs, lib, pkgs, - config, ... }: { imports = [ @@ -15,6 +14,8 @@ # Or modules exported from other flakes (such as nix-colors): # inputs.nix-colors.homeManagerModules.default + outputs.nixosModules.vpn-ip + # Import the shared settings ../../desktop/package-configs/firefox @@ -63,27 +64,11 @@ firewall.allowedTCPPorts = [22]; hostName = "shodan"; - - wireguard.enable = true; - - wg-quick.interfaces = { - wg0 = { - autostart = true; - address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"]; - dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; - listenPort = 51821; - privateKeyFile = config.sops.secrets."wg-private-key".path; - peers = [ - { - publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; - endpoint = "84.87.146.85:51821"; - allowedIPs = ["0.0.0.0/0" "::/0"]; - persistentKeepalive = 25; - } - ]; - }; - }; }; + services.vpn-ip = { + ip = "4"; + }; + services = { openssh.enable = true; # Enables support for 32bit libs that steam uses diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index d552f68..280d27f 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -12,7 +12,6 @@ ./hardware-configuration.nix # Import shared settings - ../../shared ]; nixpkgs.overlays = [ @@ -209,7 +208,8 @@ # }; # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= - wg1 = { + # TODO: generate this dynamically based on other hosts + wg0 = lib.mkForce { # Determines the IP address and subnet of the server's end of the tunnel interface. address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; diff --git a/nixos/shared/default.nix b/nixos/shared/default.nix index a794662..0946b81 100644 --- a/nixos/shared/default.nix +++ b/nixos/shared/default.nix @@ -10,6 +10,7 @@ ./locale ./packages inputs.home-manager.nixosModules.home-manager + #../hosts/${config.networking.hostName}/hardware-configuration.nix ]; sops = { age.keyFile = ../../../../../../var/secrets/keys.txt; @@ -134,6 +135,28 @@ pkgs.nerd-fonts.fira-mono ]; + networking = { + wireguard.enable = true; + + wg-quick.interfaces = { + wg0 = { + autostart = true; + address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"]; + dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"]; + listenPort = 51821; + privateKeyFile = config.sops.secrets."wg-private-key".path; + peers = [ + { + publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg="; + endpoint = "84.87.146.85:51821"; + allowedIPs = ["0.0.0.0/0" "::/0"]; + persistentKeepalive = 25; + } + ]; + }; + }; + }; + # Enable completion of system packages by zsh environment.pathsToLink = ["/share/zsh"];