generify the vpn setup
This commit is contained in:
parent
8c454565d8
commit
c72c30a4be
|
@ -1,6 +1,5 @@
|
||||||
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
|
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
|
||||||
# These should be stuff you would like to share with others, not your personal configurations.
|
# These should be stuff you would like to share with others, not your personal configurations.
|
||||||
{
|
{
|
||||||
# List your module files here
|
vpn-ip = import ./vpn-ip;
|
||||||
contabo.wan = import ./contabo/wan;
|
|
||||||
}
|
}
|
||||||
|
|
14
modules/nixos/vpn-ip/default.nix
Normal file
14
modules/nixos/vpn-ip/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{lib, ...}:
|
||||||
|
with lib; {
|
||||||
|
# Declare what settings a user of this "hello.nix" module CAN SET.
|
||||||
|
options.services.vpn-ip = {
|
||||||
|
ip = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "0";
|
||||||
|
};
|
||||||
|
publicKey = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,16 +1,13 @@
|
||||||
# This is your system's configuration file.
|
# This is your system's configuration file.
|
||||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||||
{
|
{
|
||||||
inputs,
|
outputs,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# You can import other NixOS modules here
|
# You can import other NixOS modules here
|
||||||
imports = [
|
imports = [
|
||||||
# Import home-manager's NixOS module
|
|
||||||
inputs.home-manager.nixosModules.home-manager
|
|
||||||
# If you want to use modules your own flake exports (from modules/nixos):
|
# If you want to use modules your own flake exports (from modules/nixos):
|
||||||
# outputs.nixosModules.example
|
# outputs.nixosModules.example
|
||||||
|
|
||||||
|
@ -21,37 +18,20 @@
|
||||||
# You can also split up your configuration and import pieces of it here:
|
# You can also split up your configuration and import pieces of it here:
|
||||||
# ./users.nix
|
# ./users.nix
|
||||||
|
|
||||||
../../../disko/EDI
|
outputs.nixosModules.vpn-ip
|
||||||
|
|
||||||
# Import your generated (nixos-generate-config) hardware configuration
|
../../../disko/EDI
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
];
|
];
|
||||||
networking = {
|
|
||||||
hostName = "EDI";
|
|
||||||
|
|
||||||
wireguard.enable = true;
|
services.vpn-ip = {
|
||||||
|
ip = "3";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "EDI";
|
||||||
|
|
||||||
wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
autostart = true;
|
|
||||||
address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
|
|
||||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
|
||||||
listenPort = 51821;
|
|
||||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
|
||||||
endpoint = "84.87.146.85:51821";
|
|
||||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
boot = {
|
boot = {
|
||||||
# Lanzaboote currently replaces the systemd-boot module.
|
# Lanzaboote currently replaces the systemd-boot module.
|
||||||
# This setting is usually set to true in configuration.nix
|
# This setting is usually set to true in configuration.nix
|
||||||
|
|
|
@ -2,14 +2,15 @@
|
||||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||||
{
|
{
|
||||||
inputs,
|
inputs,
|
||||||
|
outputs,
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# You can import other NixOS modules here
|
# You can import other NixOS modules here
|
||||||
imports = [
|
imports = [
|
||||||
# Import home-manager's NixOS module
|
# Import home-manager's NixOS module
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
outputs.nixosModules.vpn-ip
|
||||||
# If you want to use modules your own flake exports (from modules/nixos):
|
# If you want to use modules your own flake exports (from modules/nixos):
|
||||||
# outputs.nixosModules.example
|
# outputs.nixosModules.example
|
||||||
|
|
||||||
|
@ -31,6 +32,12 @@
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.vpn-ip = {
|
||||||
|
ip = "2";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "GLaDOS";
|
||||||
|
|
||||||
services.xserver.videoDrivers = ["amdgpu"];
|
services.xserver.videoDrivers = ["amdgpu"];
|
||||||
hardware = {
|
hardware = {
|
||||||
# Add vulkan support to GPU
|
# Add vulkan support to GPU
|
||||||
|
@ -74,31 +81,6 @@
|
||||||
|
|
||||||
users.users.lillian.extraGroups = ["gamemode"];
|
users.users.lillian.extraGroups = ["gamemode"];
|
||||||
|
|
||||||
networking = {
|
|
||||||
# virtualisation.waydroid.enable = false;
|
|
||||||
hostName = "GLaDOS";
|
|
||||||
|
|
||||||
wireguard.enable = true;
|
|
||||||
|
|
||||||
wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
autostart = true;
|
|
||||||
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
|
|
||||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
|
||||||
listenPort = 51821;
|
|
||||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
|
||||||
endpoint = "84.87.146.85:51821";
|
|
||||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "24.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
inputs,
|
inputs,
|
||||||
|
outputs,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
|
@ -12,6 +13,8 @@
|
||||||
# Or modules exported from other flakes (such as nix-colors):
|
# Or modules exported from other flakes (such as nix-colors):
|
||||||
# inputs.nix-colors.homeManagerModules.default
|
# inputs.nix-colors.homeManagerModules.default
|
||||||
|
|
||||||
|
outputs.nixosModules.vpn-ip
|
||||||
|
|
||||||
# You can also split up your configuration and import pieces of it here:
|
# You can also split up your configuration and import pieces of it here:
|
||||||
# ./nvim.nix
|
# ./nvim.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
@ -142,6 +145,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
hostName = "queen";
|
hostName = "queen";
|
||||||
|
|
||||||
|
# Disable the server going through wireguard vpn for now
|
||||||
|
wireguard.enable = lib.mkForce false;
|
||||||
};
|
};
|
||||||
|
|
||||||
# networking.useNetworkd = true;
|
# networking.useNetworkd = true;
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
outputs,
|
outputs,
|
||||||
lib,
|
lib,
|
||||||
pkgs,
|
pkgs,
|
||||||
config,
|
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -15,6 +14,8 @@
|
||||||
# Or modules exported from other flakes (such as nix-colors):
|
# Or modules exported from other flakes (such as nix-colors):
|
||||||
# inputs.nix-colors.homeManagerModules.default
|
# inputs.nix-colors.homeManagerModules.default
|
||||||
|
|
||||||
|
outputs.nixosModules.vpn-ip
|
||||||
|
|
||||||
# Import the shared settings
|
# Import the shared settings
|
||||||
../../desktop/package-configs/firefox
|
../../desktop/package-configs/firefox
|
||||||
|
|
||||||
|
@ -63,27 +64,11 @@
|
||||||
firewall.allowedTCPPorts = [22];
|
firewall.allowedTCPPorts = [22];
|
||||||
|
|
||||||
hostName = "shodan";
|
hostName = "shodan";
|
||||||
|
};
|
||||||
|
services.vpn-ip = {
|
||||||
|
ip = "4";
|
||||||
|
};
|
||||||
|
|
||||||
wireguard.enable = true;
|
|
||||||
|
|
||||||
wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
autostart = true;
|
|
||||||
address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"];
|
|
||||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
|
||||||
listenPort = 51821;
|
|
||||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
|
||||||
endpoint = "84.87.146.85:51821";
|
|
||||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services = {
|
services = {
|
||||||
openssh.enable = true; # Enables support for 32bit libs that steam uses
|
openssh.enable = true; # Enables support for 32bit libs that steam uses
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,6 @@
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
# Import shared settings
|
# Import shared settings
|
||||||
../../shared
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.overlays = [
|
nixpkgs.overlays = [
|
||||||
|
@ -209,7 +208,8 @@
|
||||||
# };
|
# };
|
||||||
|
|
||||||
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||||
wg1 = {
|
# TODO: generate this dynamically based on other hosts
|
||||||
|
wg0 = lib.mkForce {
|
||||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||||
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
|
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@
|
||||||
./locale
|
./locale
|
||||||
./packages
|
./packages
|
||||||
inputs.home-manager.nixosModules.home-manager
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
#../hosts/${config.networking.hostName}/hardware-configuration.nix
|
||||||
];
|
];
|
||||||
sops = {
|
sops = {
|
||||||
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||||
|
@ -134,6 +135,28 @@
|
||||||
pkgs.nerd-fonts.fira-mono
|
pkgs.nerd-fonts.fira-mono
|
||||||
];
|
];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
wireguard.enable = true;
|
||||||
|
|
||||||
|
wg-quick.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
autostart = true;
|
||||||
|
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
|
||||||
|
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||||
|
listenPort = 51821;
|
||||||
|
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||||
|
endpoint = "84.87.146.85:51821";
|
||||||
|
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Enable completion of system packages by zsh
|
# Enable completion of system packages by zsh
|
||||||
environment.pathsToLink = ["/share/zsh"];
|
environment.pathsToLink = ["/share/zsh"];
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue