+wireguard
This commit is contained in:
parent
367570b877
commit
57d608eb2b
18
flake.lock
18
flake.lock
|
@ -106,11 +106,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684824189,
|
||||
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=",
|
||||
"lastModified": 1685189510,
|
||||
"narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba",
|
||||
"rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -127,11 +127,11 @@
|
|||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1684844798,
|
||||
"narHash": "sha256-ZrMXFoEA535jOZ+eDA3s+URZ5MkVRksBgL5qGnb6Ciw=",
|
||||
"lastModified": 1685346756,
|
||||
"narHash": "sha256-pZNHeNkBBgi5o2DOT1T8MPHnrpJN+eEfYeqdg2ASjZA=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "Hyprland",
|
||||
"rev": "eb1f832fcec5838053c6b031b656e4f949ada57b",
|
||||
"rev": "b3a86952cf14b6f556159eb898eaa7b6ceac4335",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -211,11 +211,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1684754342,
|
||||
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=",
|
||||
"lastModified": 1685290091,
|
||||
"narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
||||
"rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
home.packages = with pkgs;
|
||||
[
|
||||
python3
|
||||
python311Packages.pip
|
||||
guile_3_0
|
||||
tinyscheme
|
||||
];
|
||||
|
|
|
@ -35,6 +35,7 @@
|
|||
epkgs.elfeed-org
|
||||
epkgs.embark
|
||||
epkgs.embark-consult
|
||||
epkgs.ement
|
||||
epkgs.emmet-mode
|
||||
epkgs.envrc
|
||||
epkgs.evil
|
||||
|
|
|
@ -2,6 +2,5 @@
|
|||
{
|
||||
home.packages = with pkgs; [
|
||||
rustup
|
||||
rust-analyzer
|
||||
];
|
||||
}
|
||||
|
|
|
@ -73,6 +73,7 @@
|
|||
rustdesk
|
||||
tor-browser-bundle-bin
|
||||
transmission-gtk
|
||||
ungoogled-chromium
|
||||
unrar
|
||||
unzip
|
||||
usbutils
|
||||
|
|
|
@ -32,5 +32,5 @@
|
|||
};
|
||||
services = { };
|
||||
};
|
||||
home.stateVersion = "22.11";
|
||||
home.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
|
||||
isNormalUser = true;
|
||||
description = "m3tam3re";
|
||||
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ];
|
||||
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
||||
];
|
||||
|
|
|
@ -67,7 +67,7 @@
|
|||
mode = "770";
|
||||
};
|
||||
};
|
||||
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
|
||||
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||
};
|
||||
|
||||
nix = {
|
||||
|
|
|
@ -8,6 +8,5 @@
|
|||
./nextcloud.nix
|
||||
./nginx.nix
|
||||
./wordpress.nix
|
||||
./wireguard.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
./gitea.nix
|
||||
./invidious.nix
|
||||
./mariadb.nix
|
||||
./metabase.nix
|
||||
./minio.nix
|
||||
./n8n.nix
|
||||
./postgres.nix
|
||||
|
|
|
@ -2,5 +2,6 @@
|
|||
|
||||
services.metabase = {
|
||||
enable = true;
|
||||
listen.port = 3000;
|
||||
listen.port = 3013;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }: {
|
||||
{ config, pkgs, ... }: {
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
useRoutingFeatures = "both";
|
||||
|
@ -15,7 +15,10 @@
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
# set this service as a oneshot job
|
||||
serviceConfig.Type = "oneshot";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||
};
|
||||
|
||||
# have the job run this shell script
|
||||
script = with pkgs; ''
|
||||
|
@ -29,7 +32,7 @@
|
|||
fi
|
||||
|
||||
# otherwise authenticate with tailscale
|
||||
${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key)
|
||||
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -108,6 +108,7 @@ in {
|
|||
age = {
|
||||
secrets = {
|
||||
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||
wg-key.file = ../../secrets/wg-key.age;
|
||||
};
|
||||
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||
};
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
./udev.nix
|
||||
./tailscale.nix
|
||||
./virtualization.nix
|
||||
./wireguard.nix
|
||||
#./xserver.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
{ config, ... }: {
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
configFile = config.age.secrets.wg-key.path;
|
||||
autostart = false;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -12,6 +12,7 @@ in {
|
|||
"searx-environmentFile.age".publicKeys = [ system ];
|
||||
|
||||
"tailscale-key.age".publicKeys = [ system ];
|
||||
"wg-key.age".publicKeys = [ system ];
|
||||
|
||||
"briefkasten-env.age".publicKeys = [ system ];
|
||||
|
||||
|
|
Binary file not shown.
Loading…
Reference in New Issue