generify the vpn setup

This commit is contained in:
Lillian Violet 2024-12-23 19:22:28 +01:00
parent 8c454565d8
commit c72c30a4be
8 changed files with 68 additions and 79 deletions

View file

@ -1,6 +1,5 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module). # Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations. # These should be stuff you would like to share with others, not your personal configurations.
{ {
# List your module files here vpn-ip = import ./vpn-ip;
contabo.wan = import ./contabo/wan;
} }

View file

@ -0,0 +1,14 @@
{lib, ...}:
with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = {
ip = mkOption {
type = types.str;
default = "0";
};
publicKey = mkOption {
type = types.str;
default = "";
};
};
}

View file

@ -1,16 +1,13 @@
# This is your system's configuration file. # This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ {
inputs, outputs,
lib, lib,
pkgs, pkgs,
config,
... ...
}: { }: {
# You can import other NixOS modules here # You can import other NixOS modules here
imports = [ imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
# If you want to use modules your own flake exports (from modules/nixos): # If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example # outputs.nixosModules.example
@ -21,37 +18,20 @@
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./users.nix # ./users.nix
../../../disko/EDI outputs.nixosModules.vpn-ip
# Import your generated (nixos-generate-config) hardware configuration ../../../disko/EDI
./hardware-configuration.nix
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
]; ];
networking = {
hostName = "EDI";
wireguard.enable = true; services.vpn-ip = {
ip = "3";
};
networking.hostName = "EDI";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
boot = { boot = {
# Lanzaboote currently replaces the systemd-boot module. # Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix # This setting is usually set to true in configuration.nix

View file

@ -2,14 +2,15 @@
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix) # Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{ {
inputs, inputs,
outputs,
pkgs, pkgs,
config,
... ...
}: { }: {
# You can import other NixOS modules here # You can import other NixOS modules here
imports = [ imports = [
# Import home-manager's NixOS module # Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# If you want to use modules your own flake exports (from modules/nixos): # If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example # outputs.nixosModules.example
@ -31,6 +32,12 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
]; ];
services.vpn-ip = {
ip = "2";
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"]; services.xserver.videoDrivers = ["amdgpu"];
hardware = { hardware = {
# Add vulkan support to GPU # Add vulkan support to GPU
@ -74,31 +81,6 @@
users.users.lillian.extraGroups = ["gamemode"]; users.users.lillian.extraGroups = ["gamemode"];
networking = {
# virtualisation.waydroid.enable = false;
hostName = "GLaDOS";
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

View file

@ -1,5 +1,6 @@
{ {
inputs, inputs,
outputs,
lib, lib,
pkgs, pkgs,
... ...
@ -12,6 +13,8 @@
# Or modules exported from other flakes (such as nix-colors): # Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default # inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# You can also split up your configuration and import pieces of it here: # You can also split up your configuration and import pieces of it here:
# ./nvim.nix # ./nvim.nix
./hardware-configuration.nix ./hardware-configuration.nix
@ -142,6 +145,9 @@
}; };
hostName = "queen"; hostName = "queen";
# Disable the server going through wireguard vpn for now
wireguard.enable = lib.mkForce false;
}; };
# networking.useNetworkd = true; # networking.useNetworkd = true;

View file

@ -3,7 +3,6 @@
outputs, outputs,
lib, lib,
pkgs, pkgs,
config,
... ...
}: { }: {
imports = [ imports = [
@ -15,6 +14,8 @@
# Or modules exported from other flakes (such as nix-colors): # Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default # inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# Import the shared settings # Import the shared settings
../../desktop/package-configs/firefox ../../desktop/package-configs/firefox
@ -63,27 +64,11 @@
firewall.allowedTCPPorts = [22]; firewall.allowedTCPPorts = [22];
hostName = "shodan"; hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
services = { services = {
openssh.enable = true; # Enables support for 32bit libs that steam uses openssh.enable = true; # Enables support for 32bit libs that steam uses

View file

@ -12,7 +12,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
# Import shared settings # Import shared settings
../../shared
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
@ -209,7 +208,8 @@
# }; # };
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
wg1 = { # TODO: generate this dynamically based on other hosts
wg0 = lib.mkForce {
# Determines the IP address and subnet of the server's end of the tunnel interface. # Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];

View file

@ -10,6 +10,7 @@
./locale ./locale
./packages ./packages
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
]; ];
sops = { sops = {
age.keyFile = ../../../../../../var/secrets/keys.txt; age.keyFile = ../../../../../../var/secrets/keys.txt;
@ -134,6 +135,28 @@
pkgs.nerd-fonts.fira-mono pkgs.nerd-fonts.fira-mono
]; ];
networking = {
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# Enable completion of system packages by zsh # Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"]; environment.pathsToLink = ["/share/zsh"];