generify the vpn setup

This commit is contained in:
Lillian Violet 2024-12-23 19:22:28 +01:00
parent 8c454565d8
commit c72c30a4be
8 changed files with 68 additions and 79 deletions

View file

@ -1,6 +1,5 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations.
{
# List your module files here
contabo.wan = import ./contabo/wan;
vpn-ip = import ./vpn-ip;
}

View file

@ -0,0 +1,14 @@
{lib, ...}:
with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = {
ip = mkOption {
type = types.str;
default = "0";
};
publicKey = mkOption {
type = types.str;
default = "";
};
};
}

View file

@ -1,16 +1,13 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
lib,
pkgs,
config,
...
}: {
# You can import other NixOS modules here
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -21,37 +18,20 @@
# You can also split up your configuration and import pieces of it here:
# ./users.nix
../../../disko/EDI
outputs.nixosModules.vpn-ip
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
../../../disko/EDI
];
environment.systemPackages = with pkgs; [
];
networking = {
hostName = "EDI";
wireguard.enable = true;
services.vpn-ip = {
ip = "3";
};
networking.hostName = "EDI";
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix

View file

@ -2,14 +2,15 @@
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
pkgs,
config,
...
}: {
# You can import other NixOS modules here
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -31,6 +32,12 @@
environment.systemPackages = with pkgs; [
];
services.vpn-ip = {
ip = "2";
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
hardware = {
# Add vulkan support to GPU
@ -74,31 +81,6 @@
users.users.lillian.extraGroups = ["gamemode"];
networking = {
# virtualisation.waydroid.enable = false;
hostName = "GLaDOS";
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

View file

@ -1,5 +1,6 @@
{
inputs,
outputs,
lib,
pkgs,
...
@ -12,6 +13,8 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
./hardware-configuration.nix
@ -142,6 +145,9 @@
};
hostName = "queen";
# Disable the server going through wireguard vpn for now
wireguard.enable = lib.mkForce false;
};
# networking.useNetworkd = true;

View file

@ -3,7 +3,6 @@
outputs,
lib,
pkgs,
config,
...
}: {
imports = [
@ -15,6 +14,8 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# Import the shared settings
../../desktop/package-configs/firefox
@ -63,27 +64,11 @@
firewall.allowedTCPPorts = [22];
hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.4/24" "fdc9:281f:04d7:9ee9::4/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
services = {
openssh.enable = true; # Enables support for 32bit libs that steam uses

View file

@ -12,7 +12,6 @@
./hardware-configuration.nix
# Import shared settings
../../shared
];
nixpkgs.overlays = [
@ -209,7 +208,8 @@
# };
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
wg1 = {
# TODO: generate this dynamically based on other hosts
wg0 = lib.mkForce {
# Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];

View file

@ -10,6 +10,7 @@
./locale
./packages
inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
];
sops = {
age.keyFile = ../../../../../../var/secrets/keys.txt;
@ -134,6 +135,28 @@
pkgs.nerd-fonts.fira-mono
];
networking = {
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];