From 57d608eb2b55d97b39b9d6eceb1a4221c6fa19cc Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Tue, 30 May 2023 11:50:34 +0200 Subject: [PATCH] +wireguard --- flake.lock | 18 +++++++++--------- home/features/coding/default.nix | 1 + home/features/coding/emacs.nix | 1 + home/features/coding/rust.nix | 1 - home/features/desktop/default.nix | 1 + home/users/m3tam3re/m3-nix.nix | 2 +- hosts/common/users/m3tam3re/default.nix | 2 +- hosts/lkk-nix-1/default.nix | 2 +- .../lkk-nix-1/services/containers/default.nix | 1 - hosts/lkk-nix-1/services/default.nix | 1 + hosts/lkk-nix-1/services/metabase.nix | 3 ++- hosts/lkk-nix-1/services/metabase.nix.~1~ | 0 hosts/lkk-nix-1/services/tailscale.nix | 9 ++++++--- hosts/m3-nix/default.nix | 1 + hosts/m3-nix/services/default.nix | 1 + hosts/m3-nix/services/wireguard.nix | 8 ++++++++ hosts/m3-nix/services/wireguard.nix.~1~ | 0 secrets.nix | 1 + secrets/wg-key.age | Bin 0 -> 1083 bytes 19 files changed, 35 insertions(+), 18 deletions(-) create mode 100644 hosts/lkk-nix-1/services/metabase.nix.~1~ create mode 100644 hosts/m3-nix/services/wireguard.nix create mode 100644 hosts/m3-nix/services/wireguard.nix.~1~ create mode 100644 secrets/wg-key.age diff --git a/flake.lock b/flake.lock index 063077e..176bb1f 100644 --- a/flake.lock +++ b/flake.lock @@ -106,11 +106,11 @@ ] }, "locked": { - "lastModified": 1684824189, - "narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=", + "lastModified": 1685189510, + "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=", "owner": "nix-community", "repo": "home-manager", - "rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba", + "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd", "type": "github" }, "original": { @@ -127,11 +127,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1684844798, - "narHash": "sha256-ZrMXFoEA535jOZ+eDA3s+URZ5MkVRksBgL5qGnb6Ciw=", + "lastModified": 1685346756, + "narHash": "sha256-pZNHeNkBBgi5o2DOT1T8MPHnrpJN+eEfYeqdg2ASjZA=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "eb1f832fcec5838053c6b031b656e4f949ada57b", + "rev": "b3a86952cf14b6f556159eb898eaa7b6ceac4335", "type": "github" }, "original": { @@ -211,11 +211,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1684754342, - "narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=", + "lastModified": 1685290091, + "narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", + "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8", "type": "github" }, "original": { diff --git a/home/features/coding/default.nix b/home/features/coding/default.nix index c3074e6..710b405 100644 --- a/home/features/coding/default.nix +++ b/home/features/coding/default.nix @@ -4,6 +4,7 @@ home.packages = with pkgs; [ python3 + python311Packages.pip guile_3_0 tinyscheme ]; diff --git a/home/features/coding/emacs.nix b/home/features/coding/emacs.nix index fdaf0cf..7ed69e2 100644 --- a/home/features/coding/emacs.nix +++ b/home/features/coding/emacs.nix @@ -35,6 +35,7 @@ epkgs.elfeed-org epkgs.embark epkgs.embark-consult + epkgs.ement epkgs.emmet-mode epkgs.envrc epkgs.evil diff --git a/home/features/coding/rust.nix b/home/features/coding/rust.nix index 8bd9188..3660d55 100644 --- a/home/features/coding/rust.nix +++ b/home/features/coding/rust.nix @@ -2,6 +2,5 @@ { home.packages = with pkgs; [ rustup - rust-analyzer ]; } diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix index 3bb6eb6..fa8c458 100644 --- a/home/features/desktop/default.nix +++ b/home/features/desktop/default.nix @@ -73,6 +73,7 @@ rustdesk tor-browser-bundle-bin transmission-gtk + ungoogled-chromium unrar unzip usbutils diff --git a/home/users/m3tam3re/m3-nix.nix b/home/users/m3tam3re/m3-nix.nix index 01b41fd..3599314 100644 --- a/home/users/m3tam3re/m3-nix.nix +++ b/home/users/m3tam3re/m3-nix.nix @@ -32,5 +32,5 @@ }; services = { }; }; - home.stateVersion = "22.11"; + home.stateVersion = "23.05"; } diff --git a/hosts/common/users/m3tam3re/default.nix b/hosts/common/users/m3tam3re/default.nix index afb5c49..875976c 100644 --- a/hosts/common/users/m3tam3re/default.nix +++ b/hosts/common/users/m3tam3re/default.nix @@ -4,7 +4,7 @@ "$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4"; isNormalUser = true; description = "m3tam3re"; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix" ]; diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index 9eaf005..604c716 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -67,7 +67,7 @@ mode = "770"; }; }; - identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; + identityPaths = [ "/root/.ssh/lkk-nix-1" ]; }; nix = { diff --git a/hosts/lkk-nix-1/services/containers/default.nix b/hosts/lkk-nix-1/services/containers/default.nix index e269097..590e283 100644 --- a/hosts/lkk-nix-1/services/containers/default.nix +++ b/hosts/lkk-nix-1/services/containers/default.nix @@ -8,6 +8,5 @@ ./nextcloud.nix ./nginx.nix ./wordpress.nix - ./wireguard.nix ]; } diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix index 1829bb5..d83e5c9 100644 --- a/hosts/lkk-nix-1/services/default.nix +++ b/hosts/lkk-nix-1/services/default.nix @@ -4,6 +4,7 @@ ./gitea.nix ./invidious.nix ./mariadb.nix + ./metabase.nix ./minio.nix ./n8n.nix ./postgres.nix diff --git a/hosts/lkk-nix-1/services/metabase.nix b/hosts/lkk-nix-1/services/metabase.nix index 40608a7..8e93914 100644 --- a/hosts/lkk-nix-1/services/metabase.nix +++ b/hosts/lkk-nix-1/services/metabase.nix @@ -2,5 +2,6 @@ services.metabase = { enable = true; - listen.port = 3000; + listen.port = 3013; + }; } diff --git a/hosts/lkk-nix-1/services/metabase.nix.~1~ b/hosts/lkk-nix-1/services/metabase.nix.~1~ new file mode 100644 index 0000000..e69de29 diff --git a/hosts/lkk-nix-1/services/tailscale.nix b/hosts/lkk-nix-1/services/tailscale.nix index 73d8ceb..f8baf9f 100644 --- a/hosts/lkk-nix-1/services/tailscale.nix +++ b/hosts/lkk-nix-1/services/tailscale.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ config, pkgs, ... }: { services.tailscale = { enable = true; useRoutingFeatures = "both"; @@ -15,7 +15,10 @@ wantedBy = [ "multi-user.target" ]; # set this service as a oneshot job - serviceConfig.Type = "oneshot"; + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; + }; # have the job run this shell script script = with pkgs; '' @@ -29,7 +32,7 @@ fi # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key) + ${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY ''; }; } diff --git a/hosts/m3-nix/default.nix b/hosts/m3-nix/default.nix index 04bfc68..9133132 100644 --- a/hosts/m3-nix/default.nix +++ b/hosts/m3-nix/default.nix @@ -108,6 +108,7 @@ in { age = { secrets = { tailscale-key.file = ../../secrets/tailscale-key.age; + wg-key.file = ../../secrets/wg-key.age; }; identityPaths = [ "/root/.ssh/lkk-nix-1" ]; }; diff --git a/hosts/m3-nix/services/default.nix b/hosts/m3-nix/services/default.nix index 8e406cf..a8b1577 100644 --- a/hosts/m3-nix/services/default.nix +++ b/hosts/m3-nix/services/default.nix @@ -6,6 +6,7 @@ ./udev.nix ./tailscale.nix ./virtualization.nix + ./wireguard.nix #./xserver.nix ]; diff --git a/hosts/m3-nix/services/wireguard.nix b/hosts/m3-nix/services/wireguard.nix new file mode 100644 index 0000000..6bf7428 --- /dev/null +++ b/hosts/m3-nix/services/wireguard.nix @@ -0,0 +1,8 @@ +{ config, ... }: { + networking.wg-quick.interfaces = { + wg0 = { + configFile = config.age.secrets.wg-key.path; + autostart = false; + }; + }; +} diff --git a/hosts/m3-nix/services/wireguard.nix.~1~ b/hosts/m3-nix/services/wireguard.nix.~1~ new file mode 100644 index 0000000..e69de29 diff --git a/secrets.nix b/secrets.nix index 65e1f94..cf52cb4 100644 --- a/secrets.nix +++ b/secrets.nix @@ -12,6 +12,7 @@ in { "searx-environmentFile.age".publicKeys = [ system ]; "tailscale-key.age".publicKeys = [ system ]; + "wg-key.age".publicKeys = [ system ]; "briefkasten-env.age".publicKeys = [ system ]; diff --git a/secrets/wg-key.age b/secrets/wg-key.age new file mode 100644 index 0000000000000000000000000000000000000000..368419a491ac31d5e25dd3c1a90b0adc22812dc8 GIT binary patch literal 1083 zcmWmC>yOg}003}JcxZ+2L6E0%5Kh!N)^%Om5xjU?+g;bK>(;I76(6i!Z{6Cp+q%9+ zKo5+(LZU_yNR*2r@h%z>{h)yy8Vx2qg2+WQ5EX)Aj1suhC=o>c7k>Gbt4dHYv80e->QSEf#sBJJ(TG3@jOcFOfwlq z6)zEx4T>zXe3f@hA?->LK_D6dg>(@GXsJjEHjxtUA$kr@5vm<MELX4R6GP>EE?G-gip3h@mJOQ@Yk+SUQU=Kk2Dld7aG^X^9BLH?;ab+IR)!Q8 zcUxStQ|<6bkx7yS|9*D9nxSZLPB9R*^nd%ZKV=y7PM%w9}Z(? zgz4n4idW7-$$B7b8TqaO`BAZ}#{`z^FEJ6I(@r6HO;=?&PJvaaMVHu$AB(05f#^4h z2us@;0itNhEP^KJFec-J*+#d^bQ&$$&P8#c4L6HqCIN{QMG;J$VQJkVaG1%&IkG?% z22yf~j-(PvHP! zYGTKUN!*|W8k)_72t2J-d4j?96mMu@svAP;QBP1!%Jv|}`%kU}$+8*~#d@GwvH`i2 z77=@>UThkJCCuybZ0XCsa>%M&pv7Xrc)O)3K((GAR(SiG8!>`=C{q)Ao zNA~`C`HnlYcl)pRrM{@08IJyf9iD`PPw)F6Fn8aD^5Wz-iY<_eTz4=Z9n8?`Ix)^VXU-)=k3m|N2V!dC9BCC)eWgZ2F@a_U3;k zmdPuavpbHDJ$KK-H6x1`ojJAs{Ew#}y1BG9xw!A)EwR1%{77*6)Xj-u?)tR3)6eF! z?@Zi+#mwUyf1Ur#&R(%_