+wireguard

This commit is contained in:
m3tam3re 2023-05-30 11:50:34 +02:00
parent 367570b877
commit 57d608eb2b
19 changed files with 35 additions and 18 deletions

View File

@ -106,11 +106,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1684824189, "lastModified": 1685189510,
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=", "narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba", "rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -127,11 +127,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1684844798, "lastModified": 1685346756,
"narHash": "sha256-ZrMXFoEA535jOZ+eDA3s+URZ5MkVRksBgL5qGnb6Ciw=", "narHash": "sha256-pZNHeNkBBgi5o2DOT1T8MPHnrpJN+eEfYeqdg2ASjZA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "eb1f832fcec5838053c6b031b656e4f949ada57b", "rev": "b3a86952cf14b6f556159eb898eaa7b6ceac4335",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,11 +211,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1684754342, "lastModified": 1685290091,
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=", "narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3", "rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -4,6 +4,7 @@
home.packages = with pkgs; home.packages = with pkgs;
[ [
python3 python3
python311Packages.pip
guile_3_0 guile_3_0
tinyscheme tinyscheme
]; ];

View File

@ -35,6 +35,7 @@
epkgs.elfeed-org epkgs.elfeed-org
epkgs.embark epkgs.embark
epkgs.embark-consult epkgs.embark-consult
epkgs.ement
epkgs.emmet-mode epkgs.emmet-mode
epkgs.envrc epkgs.envrc
epkgs.evil epkgs.evil

View File

@ -2,6 +2,5 @@
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
rustup rustup
rust-analyzer
]; ];
} }

View File

@ -73,6 +73,7 @@
rustdesk rustdesk
tor-browser-bundle-bin tor-browser-bundle-bin
transmission-gtk transmission-gtk
ungoogled-chromium
unrar unrar
unzip unzip
usbutils usbutils

View File

@ -32,5 +32,5 @@
}; };
services = { }; services = { };
}; };
home.stateVersion = "22.11"; home.stateVersion = "23.05";
} }

View File

@ -4,7 +4,7 @@
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4"; "$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
isNormalUser = true; isNormalUser = true;
description = "m3tam3re"; description = "m3tam3re";
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ]; extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
]; ];

View File

@ -67,7 +67,7 @@
mode = "770"; mode = "770";
}; };
}; };
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; identityPaths = [ "/root/.ssh/lkk-nix-1" ];
}; };
nix = { nix = {

View File

@ -8,6 +8,5 @@
./nextcloud.nix ./nextcloud.nix
./nginx.nix ./nginx.nix
./wordpress.nix ./wordpress.nix
./wireguard.nix
]; ];
} }

View File

@ -4,6 +4,7 @@
./gitea.nix ./gitea.nix
./invidious.nix ./invidious.nix
./mariadb.nix ./mariadb.nix
./metabase.nix
./minio.nix ./minio.nix
./n8n.nix ./n8n.nix
./postgres.nix ./postgres.nix

View File

@ -2,5 +2,6 @@
services.metabase = { services.metabase = {
enable = true; enable = true;
listen.port = 3000; listen.port = 3013;
};
} }

View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { { config, pkgs, ... }: {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "both"; useRoutingFeatures = "both";
@ -15,7 +15,10 @@
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job # set this service as a oneshot job
serviceConfig.Type = "oneshot"; serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script # have the job run this shell script
script = with pkgs; '' script = with pkgs; ''
@ -29,7 +32,7 @@
fi fi
# otherwise authenticate with tailscale # otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key) ${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
''; '';
}; };
} }

View File

@ -108,6 +108,7 @@ in {
age = { age = {
secrets = { secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age; tailscale-key.file = ../../secrets/tailscale-key.age;
wg-key.file = ../../secrets/wg-key.age;
}; };
identityPaths = [ "/root/.ssh/lkk-nix-1" ]; identityPaths = [ "/root/.ssh/lkk-nix-1" ];
}; };

View File

@ -6,6 +6,7 @@
./udev.nix ./udev.nix
./tailscale.nix ./tailscale.nix
./virtualization.nix ./virtualization.nix
./wireguard.nix
#./xserver.nix #./xserver.nix
]; ];

View File

@ -0,0 +1,8 @@
{ config, ... }: {
networking.wg-quick.interfaces = {
wg0 = {
configFile = config.age.secrets.wg-key.path;
autostart = false;
};
};
}

View File

View File

@ -12,6 +12,7 @@ in {
"searx-environmentFile.age".publicKeys = [ system ]; "searx-environmentFile.age".publicKeys = [ system ];
"tailscale-key.age".publicKeys = [ system ]; "tailscale-key.age".publicKeys = [ system ];
"wg-key.age".publicKeys = [ system ];
"briefkasten-env.age".publicKeys = [ system ]; "briefkasten-env.age".publicKeys = [ system ];

BIN
secrets/wg-key.age Normal file

Binary file not shown.