palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity

made wireguard work again

Browse source
This commit is contained in:
Ingolf Wagner 2024-06-05 12:51:38 +02:00
parent 2d8e717351
commit 4e8b131f32
Signed by: palo
GPG key ID: 76BF5F1928B9618B
7 changed files with 14 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -199,7 +199,7 @@
# # inputs.clan-core.clanModules.sshd
#];
documentation.nixos.enable = true;
clan.static-hosts.topLevelDomain = "bear";
#clan.static-hosts.topLevelDomain = "bear";
#clan.static-hosts.excludeHosts = lib.mkForce [ ];
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli

2
nixos/components/network/syncthing.nix
View file

@ -24,7 +24,7 @@ with lib; {
};
services.syncthing = {
enable = lib.mkForce false;
enable = lib.mkForce false;
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true;
key = "/run/facts/syncthing.key";

7
nixos/machines/cherry/wireguard.nix
View file

@ -1,6 +1,6 @@
{ config, factsGenerator, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
# Enable WireGuard
@ -11,14 +11,11 @@
address = [ "10.100.0.7/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280;
peers = [
{
# robi
# todo : use public facts here
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820";

5
nixos/machines/chungus/network-wireguard.nix
View file

@ -1,7 +1,6 @@
{ pkgs, config, factsGenerator, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
# Enable WireGuard
@ -14,11 +13,9 @@
privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280;
# server
peers = [
{
# orbi
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820";

4
nixos/machines/cream/tinc_retiolum.nix
View file

@ -7,8 +7,8 @@
networking.retiolum.nodename = "sol";
services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path;
ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
};
#fileSystems."/retiolum/sicily" = {

3
nixos/machines/cream/wireguard.nix
View file

@ -15,8 +15,7 @@
peers = [
{
# robi
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub");
allowedIPs = [ "10.100.0.1/24" ];
#endpoint = "ingolf-wagner.de:51820";
endpoint = "95.216.66.212:51820";

14
nixos/machines/orbi/network-wireguard.nix
View file

@ -1,4 +1,7 @@
{ pkgs, config, factsGenerator, ... }:
let
publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub");
in
{
networking.firewall.allowedUDPPorts = [ 51820 ];
clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
@ -25,14 +28,9 @@
peers = [
{
# chungus
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
publicKey = publicKey "chungus";
allowedIPs = [ "10.100.0.2/32" ];
}
{
# sterni
publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4=";
allowedIPs = [ "10.100.0.3/32" ];
}
{
# iphone
publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI=";
@ -45,12 +43,12 @@
}
{
# cream
publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ=";
publicKey = publicKey "cream";
allowedIPs = [ "10.100.0.6/32" ];
}
{
# cherry
publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k=";
publicKey = publicKey "cherry";
allowedIPs = [ "10.100.0.7/32" ];
}
{