+wireguard

This commit is contained in:
m3tam3re 2023-05-30 11:50:34 +02:00
parent 367570b877
commit 57d608eb2b
19 changed files with 35 additions and 18 deletions

View File

@ -106,11 +106,11 @@
]
},
"locked": {
"lastModified": 1684824189,
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=",
"lastModified": 1685189510,
"narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba",
"rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
"type": "github"
},
"original": {
@ -127,11 +127,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1684844798,
"narHash": "sha256-ZrMXFoEA535jOZ+eDA3s+URZ5MkVRksBgL5qGnb6Ciw=",
"lastModified": 1685346756,
"narHash": "sha256-pZNHeNkBBgi5o2DOT1T8MPHnrpJN+eEfYeqdg2ASjZA=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "eb1f832fcec5838053c6b031b656e4f949ada57b",
"rev": "b3a86952cf14b6f556159eb898eaa7b6ceac4335",
"type": "github"
},
"original": {
@ -211,11 +211,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1684754342,
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=",
"lastModified": 1685290091,
"narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
"rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
"type": "github"
},
"original": {

View File

@ -4,6 +4,7 @@
home.packages = with pkgs;
[
python3
python311Packages.pip
guile_3_0
tinyscheme
];

View File

@ -35,6 +35,7 @@
epkgs.elfeed-org
epkgs.embark
epkgs.embark-consult
epkgs.ement
epkgs.emmet-mode
epkgs.envrc
epkgs.evil

View File

@ -2,6 +2,5 @@
{
home.packages = with pkgs; [
rustup
rust-analyzer
];
}

View File

@ -73,6 +73,7 @@
rustdesk
tor-browser-bundle-bin
transmission-gtk
ungoogled-chromium
unrar
unzip
usbutils

View File

@ -32,5 +32,5 @@
};
services = { };
};
home.stateVersion = "22.11";
home.stateVersion = "23.05";
}

View File

@ -4,7 +4,7 @@
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
isNormalUser = true;
description = "m3tam3re";
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ];
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
];

View File

@ -67,7 +67,7 @@
mode = "770";
};
};
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
nix = {

View File

@ -8,6 +8,5 @@
./nextcloud.nix
./nginx.nix
./wordpress.nix
./wireguard.nix
];
}

View File

@ -4,6 +4,7 @@
./gitea.nix
./invidious.nix
./mariadb.nix
./metabase.nix
./minio.nix
./n8n.nix
./postgres.nix

View File

@ -2,5 +2,6 @@
services.metabase = {
enable = true;
listen.port = 3000;
listen.port = 3013;
};
}

View File

@ -1,4 +1,4 @@
{ pkgs, ... }: {
{ config, pkgs, ... }: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
@ -15,7 +15,10 @@
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig.Type = "oneshot";
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
@ -29,7 +32,7 @@
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key)
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -108,6 +108,7 @@ in {
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
wg-key.file = ../../secrets/wg-key.age;
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};

View File

@ -6,6 +6,7 @@
./udev.nix
./tailscale.nix
./virtualization.nix
./wireguard.nix
#./xserver.nix
];

View File

@ -0,0 +1,8 @@
{ config, ... }: {
networking.wg-quick.interfaces = {
wg0 = {
configFile = config.age.secrets.wg-key.path;
autostart = false;
};
};
}

View File

View File

@ -12,6 +12,7 @@ in {
"searx-environmentFile.age".publicKeys = [ system ];
"tailscale-key.age".publicKeys = [ system ];
"wg-key.age".publicKeys = [ system ];
"briefkasten-env.age".publicKeys = [ system ];

BIN
secrets/wg-key.age Normal file

Binary file not shown.