From 4e8b131f327b08181b7e32a514c64bc082e29613 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Wed, 5 Jun 2024 12:51:38 +0200 Subject: [PATCH] made wireguard work again --- flake.nix | 2 +- nixos/components/network/syncthing.nix | 2 +- nixos/machines/cherry/wireguard.nix | 7 ++----- nixos/machines/chungus/network-wireguard.nix | 5 +---- nixos/machines/cream/tinc_retiolum.nix | 4 ++-- nixos/machines/cream/wireguard.nix | 3 +-- nixos/machines/orbi/network-wireguard.nix | 14 ++++++-------- 7 files changed, 14 insertions(+), 23 deletions(-) diff --git a/flake.nix b/flake.nix index 54bbf32..e5e7128 100644 --- a/flake.nix +++ b/flake.nix @@ -199,7 +199,7 @@ # # inputs.clan-core.clanModules.sshd #]; documentation.nixos.enable = true; - clan.static-hosts.topLevelDomain = "bear"; + #clan.static-hosts.topLevelDomain = "bear"; #clan.static-hosts.excludeHosts = lib.mkForce [ ]; environment.systemPackages = [ clan-core.packages.${pkgs.system}.clan-cli diff --git a/nixos/components/network/syncthing.nix b/nixos/components/network/syncthing.nix index eaae9d0..148100b 100644 --- a/nixos/components/network/syncthing.nix +++ b/nixos/components/network/syncthing.nix @@ -24,7 +24,7 @@ with lib; { }; services.syncthing = { - enable = lib.mkForce false; + enable = lib.mkForce false; guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384"; overrideDevices = lib.mkDefault true; key = "/run/facts/syncthing.key"; diff --git a/nixos/machines/cherry/wireguard.nix b/nixos/machines/cherry/wireguard.nix index f92415e..5ee8a36 100644 --- a/nixos/machines/cherry/wireguard.nix +++ b/nixos/machines/cherry/wireguard.nix @@ -1,6 +1,6 @@ { config, factsGenerator, ... }: { - + networking.firewall.allowedUDPPorts = [ 51820 ]; clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; # Enable WireGuard @@ -11,14 +11,11 @@ address = [ "10.100.0.7/32" ]; listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; - mtu = 1280; peers = [ { - # robi - # todo : use public facts here - publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU="; + publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub"); allowedIPs = [ "10.100.0.1/24" ]; #endpoint = "ingolf-wagner.de:51820"; endpoint = "95.216.66.212:51820"; diff --git a/nixos/machines/chungus/network-wireguard.nix b/nixos/machines/chungus/network-wireguard.nix index 69cf561..f1cde16 100644 --- a/nixos/machines/chungus/network-wireguard.nix +++ b/nixos/machines/chungus/network-wireguard.nix @@ -1,7 +1,6 @@ { pkgs, config, factsGenerator, ... }: { networking.firewall.allowedUDPPorts = [ 51820 ]; - clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; # Enable WireGuard @@ -14,11 +13,9 @@ privateKeyFile = config.clanCore.facts.services.wireguard.secret."wireguard.wg0.key".path; mtu = 1280; - # server peers = [ { - # orbi - publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU="; + publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub"); allowedIPs = [ "10.100.0.1/24" ]; #endpoint = "ingolf-wagner.de:51820"; endpoint = "95.216.66.212:51820"; diff --git a/nixos/machines/cream/tinc_retiolum.nix b/nixos/machines/cream/tinc_retiolum.nix index d8632a6..b056bba 100644 --- a/nixos/machines/cream/tinc_retiolum.nix +++ b/nixos/machines/cream/tinc_retiolum.nix @@ -7,8 +7,8 @@ networking.retiolum.nodename = "sol"; services.tinc.networks.retiolum = { - ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.ed25519_key.priv".path; - rsaPrivateKeyFile = config.clanCore.facts.services.tinc_secret.secret."tinc.retiolum.rsa_key.priv".path; + ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; + rsaPrivateKeyFile = config.clanCore.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; }; #fileSystems."/retiolum/sicily" = { diff --git a/nixos/machines/cream/wireguard.nix b/nixos/machines/cream/wireguard.nix index 95a22f7..c7d4093 100644 --- a/nixos/machines/cream/wireguard.nix +++ b/nixos/machines/cream/wireguard.nix @@ -15,8 +15,7 @@ peers = [ { - # robi - publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU="; + publicKey = (builtins.readFile "${config.clanCore.clanDir}/machines/orbi/facts/wireguard.wg0.pub"); allowedIPs = [ "10.100.0.1/24" ]; #endpoint = "ingolf-wagner.de:51820"; endpoint = "95.216.66.212:51820"; diff --git a/nixos/machines/orbi/network-wireguard.nix b/nixos/machines/orbi/network-wireguard.nix index b84fcb8..696ee6a 100644 --- a/nixos/machines/orbi/network-wireguard.nix +++ b/nixos/machines/orbi/network-wireguard.nix @@ -1,4 +1,7 @@ { pkgs, config, factsGenerator, ... }: +let + publicKey = machine: (builtins.readFile "${config.clanCore.clanDir}/machines/${machine}/facts/wireguard.wg0.pub"); +in { networking.firewall.allowedUDPPorts = [ 51820 ]; clanCore.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; @@ -25,14 +28,9 @@ peers = [ { # chungus - publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk="; + publicKey = publicKey "chungus"; allowedIPs = [ "10.100.0.2/32" ]; } - { - # sterni - publicKey = "SdMRgC5IM7dywzZxLAHm45cpj9J3IENTMClZm1BxbV4="; - allowedIPs = [ "10.100.0.3/32" ]; - } { # iphone publicKey = "XPVzH+wBLsqukTHHjngkGJhYN0nRdQ7esadiimMJQnI="; @@ -45,12 +43,12 @@ } { # cream - publicKey = "R1Vk1DDG/LsVU0HHRDmOJshXOVnNzPVbuv5hP7ZSGEQ="; + publicKey = publicKey "cream"; allowedIPs = [ "10.100.0.6/32" ]; } { # cherry - publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k="; + publicKey = publicKey "cherry"; allowedIPs = [ "10.100.0.7/32" ]; } {