migrated wireguard and syncthing

This commit is contained in:
Ingolf Wagner 2023-05-12 11:17:58 +02:00
parent d90842f276
commit cb1cfa902f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
10 changed files with 202 additions and 77 deletions

View file

@ -29,11 +29,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1675730932,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
"lastModified": 1682737380,
"narHash": "sha256-n3rZkHZls9BNr35o3veK00UsM1KSh/oNTJjLkFbEOY8=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
"rev": "be837ee341b6508c355035973d5f7c7e88d7c64f",
"type": "github"
},
"original": {
@ -49,11 +49,11 @@
]
},
"locked": {
"lastModified": 1682788423,
"narHash": "sha256-qYHMvTtFG9XZoYvGMk9n5QmowJ1CgIb5i5/EEEFJFFo=",
"lastModified": 1683791560,
"narHash": "sha256-iUmALjSur9TTj/MvRsvA+BR+v6F8D9/HR/4DMh9KmvM=",
"owner": "nix-community",
"repo": "disko",
"rev": "617c77a440aac0b99c888da42406c79253ab7ef4",
"rev": "834b7b2a3310e19fca299df4b471f5750d485b11",
"type": "github"
},
"original": {
@ -110,11 +110,11 @@
"ws-butler": "ws-butler"
},
"locked": {
"lastModified": 1679016591,
"narHash": "sha256-EVkakAzrorYxaVl5WXhRpPo1X/LLA/IcDQ/4kPNnhps=",
"lastModified": 1683249650,
"narHash": "sha256-NwBzz2CHNtT0oDqAGewByQ5OFnAWf+ewHUrK0F44xZk=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
"rev": "84c57d24addd13c6712006d4bcc1a257256984a5",
"rev": "588ccf37fa9eb9d2ec787b91c989dcd6892983e9",
"type": "github"
},
"original": {
@ -159,11 +159,11 @@
"emacs-overlay_2": {
"flake": false,
"locked": {
"lastModified": 1679566703,
"narHash": "sha256-tkxW2TskrxlnTdEePAIs7YnR6DmxIiXu/AFG3Kin5d8=",
"lastModified": 1683828712,
"narHash": "sha256-frB0BacpjtmzDunFZwyRZSNlyOvcxpL0ohtQVvFtiA8=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "b7dc7516ce741436e0925c00641b5bcc3a8582d0",
"rev": "b0100f5fdc823be12bbcb31bcc5293fc74e04a56",
"type": "github"
},
"original": {
@ -338,12 +338,15 @@
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
@ -458,11 +461,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1679067101,
"narHash": "sha256-tMI1inGT9u4KWQml0w30dhWqQPlth1e9K/68sfDkEQA=",
"lastModified": 1681092193,
"narHash": "sha256-JerCqqOqbT2tBnXQW4EqwFl0hHnuZp21rIQ6lu/N4rI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "9154cd519a8942728038819682d6b3ff33f321bb",
"rev": "f9edbedaf015013eb35f8caacbe0c9666bbc16af",
"type": "github"
},
"original": {
@ -500,11 +503,11 @@
},
"locked": {
"dir": "nix",
"lastModified": 1673185501,
"narHash": "sha256-uEtWPpl9nH7QqochHo1z+giPga1zXR1Ko3dOXHIapFY=",
"lastModified": 1682527311,
"narHash": "sha256-gFiQ62jbBfumg0IR4oXR/DRVunOxMd4lJ5+g+qjz7wA=",
"owner": "kmonad",
"repo": "kmonad",
"rev": "3413f1be996142c8ef4f36e246776a6df7175979",
"rev": "3aa2f52536de853efbcb0f6e790c97a3734687ec",
"type": "github"
},
"original": {
@ -551,11 +554,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1679224149,
"narHash": "sha256-TSY37Zv0icF/aijR3/KWGLVBlnKKHlG9QTj7vHbF/UU=",
"lastModified": 1683269598,
"narHash": "sha256-KNsb+nBbB1Fmxd07dt4E0KXMT4YeKJB7gQaA6Xfk+mo=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "a4bc66709604ab78abc575b60baa6d23ae027a59",
"rev": "51559e691f1493a26f94f1df1aaf516bb507e78b",
"type": "github"
},
"original": {
@ -603,11 +606,11 @@
},
"nixpkgs-legacy": {
"locked": {
"lastModified": 1672580127,
"narHash": "sha256-3lW3xZslREhJogoOkjeZtlBtvFMyxHku7I/9IVehhT8=",
"lastModified": 1682600000,
"narHash": "sha256-ha4BehR1dh8EnXSoE1m/wyyYVvHI9txjW4w5/oxsW5Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0874168639713f547c05947c76124f78441ea46c",
"rev": "50fc86b75d2744e1ab3837ef74b53f103a9b55a0",
"type": "github"
},
"original": {
@ -619,11 +622,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1679163677,
"narHash": "sha256-VC0tc3EjJZFPXgucFQAYMIHce5nJWYR0kVCk4TVg6gg=",
"lastModified": 1683504292,
"narHash": "sha256-jlZbBIKGa6IMGkcJkQ08pbKnouTAPfeq1fD5I7l/rBw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c3912035d00ef755ab19394488b41feab95d2e40",
"rev": "ba0086c178d4ed60a7899f739caea553eca2e046",
"type": "github"
},
"original": {
@ -635,11 +638,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1679437018,
"narHash": "sha256-vOuiDPLHSEo/7NkiWtxpHpHgoXoNmrm+wkXZ6a072Fc=",
"lastModified": 1683408522,
"narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "19cf008bb18e47b6e3b4e16e32a9a4bdd4b45f7e",
"rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7",
"type": "github"
},
"original": {
@ -666,11 +669,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1679472241,
"narHash": "sha256-VK2YDic2NjPvfsuneJCLIrWS38qUfoW8rLLimx0rWXA=",
"lastModified": 1683627095,
"narHash": "sha256-8u9SejRpL2TrMuHBdhYh4FKc1OGPDLyWTpIbNTtoHsA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9ef6e7727f4c31507627815d4f8679c5841efb00",
"rev": "a08e061a4ee8329747d54ddf1566d34c55c895eb",
"type": "github"
},
"original": {
@ -696,11 +699,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1678987615,
"narHash": "sha256-lF4agoB7ysQGNHRXvOqxtSKIZrUZwClA85aASahQlYM=",
"lastModified": 1683475240,
"narHash": "sha256-sy6MYoCaIZsOenYplbzVXI4Ce9Bp/vIOpuFa97+a6wc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "194c2aa446b2b059886bb68be15ef6736d5a8c31",
"rev": "e040aab15638aaf8d0786894851a2b1ca09a7baf",
"type": "github"
},
"original": {
@ -745,11 +748,11 @@
"org": {
"flake": false,
"locked": {
"lastModified": 1678970074,
"narHash": "sha256-SfwkfOIRyaQoWhajRyd/WUX1Ohi9FenF0RK1DN8KQO4=",
"lastModified": 1683136293,
"narHash": "sha256-PMHNr3Qo62uqO5IUDAfxUoqa4Zvb9y2J76pRYDB/6Y4=",
"owner": "emacs-straight",
"repo": "org-mode",
"rev": "4cad6c8eafe22317a2a010a0592ce97b67811f32",
"rev": "080710797ad25e76c4556d2b03cc0aa5313cd187",
"type": "github"
},
"original": {
@ -862,11 +865,11 @@
},
"retiolum": {
"locked": {
"lastModified": 1678773616,
"narHash": "sha256-POr8rTMNmcnwe2tnWxhXG7T3W4wQp8cjN+TFpwsiLrs=",
"lastModified": 1682697608,
"narHash": "sha256-SGhjlOQx9vDRrIxm+kyZzDjpiZDTzM3zLCLNgqWPmPY=",
"owner": "Mic92",
"repo": "retiolum",
"rev": "5492459f4516b89686e1d8086c9b46db39b6902b",
"rev": "e0a7f5bf65c7097949d4e07aafd24aabec8d5852",
"type": "github"
},
"original": {
@ -878,11 +881,11 @@
"revealjs": {
"flake": false,
"locked": {
"lastModified": 1678242855,
"narHash": "sha256-T9btOHiOdvhC1JijcfGOBc84miAbEb7CWd1Wvzae5m8=",
"lastModified": 1681386605,
"narHash": "sha256-9Q7aWgjAV37iJp6oYDz45e8J+RKwKY1Uvgg/BXwf5nQ=",
"owner": "hakimel",
"repo": "reveal.js",
"rev": "724c4fee274914dd2d997b7584cf603c44e96c72",
"rev": "0301ce58ab185f7191696e16b1b6389f58df2892",
"type": "github"
},
"original": {
@ -951,11 +954,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1682968960,
"narHash": "sha256-jS3NUR8OVHbXF6E2jVso2K/RyWLP8Sn5Zd4fR1EDoj8=",
"lastModified": 1683831888,
"narHash": "sha256-VsUdQXrxMmYGtqOrsk7CbQUM9RJ/DcF+/UqSXAVHwqU=",
"ref": "main",
"rev": "51cbb7204326cd525eb10cbfce9cb2211b6f8a2a",
"revCount": 50,
"rev": "e389aecbbef02cb9f0ae448a635dbb25607abc37",
"revCount": 51,
"type": "git",
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
},
@ -987,11 +990,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1679377997,
"narHash": "sha256-O8rmc/b/qgNgoHj2tL5+3Ovkj7A+Sok7gazRoWbpnqg=",
"lastModified": 1683545104,
"narHash": "sha256-48wC0zzHAej/wLFWIgV+uj63AvQ2UUk85g7wmXJzTqk=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d8827a8368c307fbc6ed594c9a31d619e7360bed",
"rev": "36b062a2c85a0efb37de1300c79c54602a094fab",
"type": "github"
},
"original": {
@ -1016,14 +1019,29 @@
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"ts-fold": {
"flake": false,
"locked": {
"lastModified": 1678360867,
"narHash": "sha256-aVJhKsbnJgHXDbhL8eqpnsS98zbXGWlxZBA2fpNTNJg=",
"lastModified": 1681029086,
"narHash": "sha256-z3eVkAPFI6JYZZ+2XM496zBxwnujTp4Y4KNNfqgUC/E=",
"owner": "jcs-elpa",
"repo": "ts-fold",
"rev": "cde9c90b073c32ad6b9b53d9b42e4a03b6d5fdc2",
"rev": "5fd2a5afe2112ac23b58ee1b12730fcf16068df3",
"type": "github"
},
"original": {

View file

@ -265,6 +265,7 @@
chungus = { name, nodes, pkgs, ... }: {
deployment.targetHost = "${name}.private";
deployment.tags = [ "server" "online" "private" ];
deployment.buildOnTarget = false;
imports = [
grocy-scanner.nixosModule
];

View file

@ -7,7 +7,7 @@
./disko-config.nix
./packages.nix
#./network-wireguard.nix
./network-wireguard.nix
./network-tinc.nix
./hass.nix
@ -15,7 +15,6 @@
./hass-mqtt.nix
#./hass-wifi.nix
#./syncthing.nix
#./mail-fetcher.nix
#./borg.nix
@ -25,7 +24,6 @@
./media-tdarr.nix
./media-jellyfin.nix
# logging
./loki.nix
./loki-promtail.nix
@ -38,6 +36,7 @@
./rbackup.nix
./sync-torrent.nix
./sync-script.nix
./syncthing.nix
];

View file

@ -117,7 +117,7 @@ in
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"nextcloud" = {
@ -129,7 +129,7 @@ in
"com.sun:auto-snapshot:hourly" = true;
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"legacy" = {
@ -138,7 +138,7 @@ in
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"borg" = {
@ -149,7 +149,18 @@ in
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:montly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"syncthing" = {
type = "zfs_fs";
mountpoint = "/syncthing";
options = {
mountpoint = "legacy";
compression = "lz4";
"com.sun:auto-snapshot:daily" = true;
"com.sun:auto-snapshot:weekly" = true;
"com.sun:auto-snapshot:monthly" = true;
};
};
"services" = {

View file

@ -0,0 +1 @@
# https://dataswamp.org/~solene/2022-10-06-nixos-kiosk.html

View file

@ -0,0 +1,30 @@
{ pkgs, config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = [ 51820 ];
sops.secrets.wireguard_private = { };
# Enable WireGuard
networking.wg-quick.interfaces = {
# Hub and Spoke Setup
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = {
address = [ "10.100.0.2/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.sops.secrets.wireguard_private.path;
mtu = 1280;
# server
peers = [
{
# robi
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ];
endpoint = "ingolf-wagner.de:51820";
persistentKeepalive = 25;
}
];
};
};
}

View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }: {
services.syncthing = {
enable = true;
overrideFolders = true;
folders = {
# on encrypted drive
# ------------------
art = {
enable = true;
path = "/syncthing/art";
};
private = {
enable = true;
path = "/syncthing/private";
};
password-store = {
enable = true;
path = "/syncthing/password-store";
};
desktop = {
enable = true;
path = "/syncthing/desktop";
};
finance = {
enable = true;
path = "/syncthing/finance";
};
fotos = {
enable = true;
path = "/syncthing/fotos";
};
books = {
enable = true;
path = "/syncthing/books";
};
lost-fotos = {
enable = true;
path = "/syncthing/lost-fotos.ct";
};
music-projects = {
enable = true;
path = "/syncthing/music-projects";
};
};
};
services.permown."/syncthing" = {
owner = "syncthing";
group = "syncthing";
directory-mode = "760";
file-mode = "760";
};
}

View file

@ -23,7 +23,7 @@
./taskwarrior-pushover.nix
#./neo4j.nix
#./jellyfin.nix
./wireguard.nix
#./wireguard.nix
#./tts.nix
# logging

View file

@ -25,7 +25,7 @@
# clients
peers = [
{
# pepe
# chungus
publicKey = "wb54y/fG8ocSH9QrDmfajez/fUcJBZK369xLu37XBHk=";
allowedIPs = [ "10.100.0.2/32" ];
}

View file

@ -27,6 +27,7 @@ with lib; {
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
// (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
// {
bumba = {
name = "windows-bumba";
@ -48,7 +49,7 @@ with lib; {
private = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -57,7 +58,16 @@ with lib; {
art = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "bumba" ];
devices = [ "chungus" "pepe" "cream" "sterni" "bumba" ];
versioning = {
type = "simple";
params.keep = "2";
};
};
books = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "chungus" "robi" ];
versioning = {
type = "simple";
params.keep = "2";
@ -66,7 +76,7 @@ with lib; {
password-store = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -75,12 +85,12 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
};
finance = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "mobi" "bobi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "mobi" "bobi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -89,7 +99,7 @@ with lib; {
fotos = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" ];
devices = [ "chungus" "pepe" ];
versioning = {
type = "simple";
params.keep = "10";
@ -101,7 +111,7 @@ with lib; {
lost-fotos = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "robi" ];
devices = [ "chungus" "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -110,13 +120,13 @@ with lib; {
#media = {
# enable = lib.mkDefault false;
# watch = lib.mkDefault false;
# devices = [ "pepe" "robi" ];
# devices = [ "chungus" "pepe" "robi" ];
#};
music-projects = {
enable = lib.mkDefault false;
id = "acfhu-r4t4f";
watch = lib.mkDefault false;
devices = [ "pepe" "cream" "sterni" "robi" ];
devices = [ "chungus" "pepe" "cream" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -125,7 +135,7 @@ with lib; {
nextcloud_backup = {
enable = lib.mkDefault false;
watch = lib.mkDefault false;
devices = [ "pepe" "robi" ];
devices = [ "chungus" "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "2";