generify the vpn setup
This commit is contained in:
parent
8c454565d8
commit
c72c30a4be
|
@ -1,6 +1,5 @@
|
|||
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
|
||||
# These should be stuff you would like to share with others, not your personal configurations.
|
||||
{
|
||||
# List your module files here
|
||||
contabo.wan = import ./contabo/wan;
|
||||
vpn-ip = import ./vpn-ip;
|
||||
}
|
||||
|
|
14
modules/nixos/vpn-ip/default.nix
Normal file
14
modules/nixos/vpn-ip/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{lib, ...}:
|
||||
with lib; {
|
||||
# Declare what settings a user of this "hello.nix" module CAN SET.
|
||||
options.services.vpn-ip = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,16 +1,13 @@
|
|||
# This is your system's configuration file.
|
||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
# You can import other NixOS modules here
|
||||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -21,37 +18,20 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
../../../disko/EDI
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# Import your generated (nixos-generate-config) hardware configuration
|
||||
./hardware-configuration.nix
|
||||
../../../disko/EDI
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
networking = {
|
||||
hostName = "EDI";
|
||||
|
||||
wireguard.enable = true;
|
||||
services.vpn-ip = {
|
||||
ip = "3";
|
||||
};
|
||||
|
||||
networking.hostName = "EDI";
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
boot = {
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
|
|
|
@ -2,14 +2,15 @@
|
|||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
# You can import other NixOS modules here
|
||||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
outputs.nixosModules.vpn-ip
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -31,6 +32,12 @@
|
|||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services.vpn-ip = {
|
||||
ip = "2";
|
||||
};
|
||||
|
||||
networking.hostName = "GLaDOS";
|
||||
|
||||
services.xserver.videoDrivers = ["amdgpu"];
|
||||
hardware = {
|
||||
# Add vulkan support to GPU
|
||||
|
@ -74,31 +81,6 @@
|
|||
|
||||
users.users.lillian.extraGroups = ["gamemode"];
|
||||
|
||||
networking = {
|
||||
# virtualisation.waydroid.enable = false;
|
||||
hostName = "GLaDOS";
|
||||
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
|
@ -12,6 +13,8 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./nvim.nix
|
||||
./hardware-configuration.nix
|
||||
|
@ -142,6 +145,9 @@
|
|||
};
|
||||
|
||||
hostName = "queen";
|
||||
|
||||
# Disable the server going through wireguard vpn for now
|
||||
wireguard.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
# networking.useNetworkd = true;
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
|
@ -15,6 +14,8 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# Import the shared settings
|
||||
../../desktop/package-configs/firefox
|
||||
|
||||
|
@ -63,27 +64,11 @@
|
|||
firewall.allowedTCPPorts = [22];
|
||||
|
||||
hostName = "shodan";
|
||||
};
|
||||
services.vpn-ip = {
|
||||
ip = "4";
|
||||
};
|
||||
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
services = {
|
||||
openssh.enable = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
|
|
|
@ -12,7 +12,6 @@
|
|||
./hardware-configuration.nix
|
||||
|
||||
# Import shared settings
|
||||
../../shared
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
|
@ -209,7 +208,8 @@
|
|||
# };
|
||||
|
||||
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||
wg1 = {
|
||||
# TODO: generate this dynamically based on other hosts
|
||||
wg0 = lib.mkForce {
|
||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
./locale
|
||||
./packages
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
#../hosts/${config.networking.hostName}/hardware-configuration.nix
|
||||
];
|
||||
sops = {
|
||||
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
|
@ -134,6 +135,28 @@
|
|||
pkgs.nerd-fonts.fira-mono
|
||||
];
|
||||
|
||||
networking = {
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
|
|
Loading…
Reference in a new issue