palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions1

migrated wireguard and syncthing

Browse source
This commit is contained in:
Ingolf Wagner 2023-05-12 11:17:58 +02:00
parent d90842f276
commit cb1cfa902f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 202 additions and 77 deletions

5
nixos/machines/chungus/configuration.nix
View file

@ -7,7 +7,7 @@
./disko-config.nix
./packages.nix
#./network-wireguard.nix
./network-wireguard.nix
./network-tinc.nix
./hass.nix
@ -15,7 +15,6 @@
./hass-mqtt.nix
#./hass-wifi.nix
#./syncthing.nix
#./mail-fetcher.nix
#./borg.nix
@ -25,7 +24,6 @@
./media-tdarr.nix
./media-jellyfin.nix
# logging
./loki.nix
./loki-promtail.nix
@ -38,6 +36,7 @@
./rbackup.nix
./sync-torrent.nix
./sync-script.nix
./syncthing.nix
];

19
nixos/machines/chungus/disko-config.nix
View file

@ -117,7 +117,7 @@ in
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"nextcloud" = {
@ -129,7 +129,7 @@ in
"com.sun:auto-snapshot:hourly" = true;
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"legacy" = {
@ -138,7 +138,7 @@ in
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"borg" = {
@ -149,7 +149,18 @@ in
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"syncthing" = {
type = "zfs_fs";
mountpoint = "/syncthing";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"services" = {

1
nixos/machines/chungus/kiosk.nix Normal file
View file

@ -0,0 +1 @@
# https://dataswamp.org/~solene/2022-10-06-nixos-kiosk.html

30
nixos/machines/chungus/network-wireguard.nix Normal file
View file

@ -0,0 +1,30 @@
{ pkgs, config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = [ 51820 ];
sops.secrets.wireguard_private = { };
# Enable WireGuard
networking.wg-quick.interfaces = {
# Hub and Spoke Setup
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = {
address = [ "10.100.0.2/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.sops.secrets.wireguard_private.path;
mtu = 1280;
# server
peers = [
{
# robi
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ];
endpoint = "ingolf-wagner.de:51820";
persistentKeepalive = 25;
}
];
};
};
}

55
nixos/machines/chungus/syncthing.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }: {
services.syncthing = {
enable = true;
overrideFolders = true;
folders = {
# on encrypted drive
# ------------------
art = {
enable = true;
path = "/syncthing/art";
};
private = {
enable = true;
path = "/syncthing/private";
};
password-store = {
enable = true;
path = "/syncthing/password-store";
};
desktop = {
enable = true;
path = "/syncthing/desktop";
};
finance = {
enable = true;
path = "/syncthing/finance";
};
fotos = {
enable = true;
path = "/syncthing/fotos";
};
books = {
enable = true;
path = "/syncthing/books";
};
lost-fotos = {
enable = true;
path = "/syncthing/lost-fotos.ct";
};
music-projects = {
enable = true;
path = "/syncthing/music-projects";
};
};
};
services.permown."/syncthing" = {
owner = "syncthing";
group = "syncthing";
directory-mode = "760";
file-mode = "760";
};
}

2
nixos/machines/pepe/configuration.nix
View file

@ -23,7 +23,7 @@
./taskwarrior-pushover.nix
#./neo4j.nix
#./jellyfin.nix
./wireguard.nix
#./wireguard.nix
#./tts.nix
# logging

2
nixos/machines/robi/wireguard.nix
View file

@ -25,7 +25,7 @@
# clients
peers = [
{
# pepe
# chungus
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
allowedIPs = [ "10.100.0.2/32" ];
}

30
nixos/system/all/syncthing.nix
View file

@ -27,6 +27,7 @@ with lib; {
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
// (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
// {
bumba = {
name = "windows-bumba";
@ -48,7 +49,7 @@ with lib; {
private = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -57,7 +58,16 @@ with lib; {
art = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "bumba" ];
devices = [ "chungus" "pepe" "cream" "sterni" "bumba" ];
versioning = {
type = "simple";
params.keep = "2";
};
};
books = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "chungus" "robi" ];
versioning = {
type = "simple";
params.keep = "2";
@ -66,7 +76,7 @@ with lib; {
password-store = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -75,12 +85,12 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
};
finance = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -89,7 +99,7 @@ with lib; {
fotos = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" ];
devices = [ "chungus" "pepe" ];
versioning = {
type = "simple";
params.keep = "10";
@ -101,7 +111,7 @@ with lib; {
lost-fotos = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "robi" ];
devices = [ "chungus" "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -110,13 +120,13 @@ with lib; {
#media = {
# enable = lib.mkDefault false;
# watch = lib.mkDefault false;
# devices = [ "pepe" "robi" ];
# devices = [ "chungus" "pepe" "robi" ];
#};
music-projects = {
enable = lib.mkDefault false;
id = "acfhu-r4t4f";
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "robi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -125,7 +135,7 @@ with lib; {
nextcloud_backup = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "robi" ];
devices = [ "chungus" "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "2";