+wireguard
This commit is contained in:
parent
367570b877
commit
57d608eb2b
18
flake.lock
18
flake.lock
|
@ -106,11 +106,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684824189,
|
"lastModified": 1685189510,
|
||||||
"narHash": "sha256-k3nCkn5Qy67rCguuw6YkGuL6hOUNRKxQoKOjnapk5sU=",
|
"narHash": "sha256-Hq5WF7zIixojPgvhgcd6MBvywwycVZ9wpK/8ogOyoaA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "58eb968c21d309a6c2b020ea8d64e25c38ceebba",
|
"rev": "2d963854ae2499193c0c72fd67435fee34d3e4fd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -127,11 +127,11 @@
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684844798,
|
"lastModified": 1685346756,
|
||||||
"narHash": "sha256-ZrMXFoEA535jOZ+eDA3s+URZ5MkVRksBgL5qGnb6Ciw=",
|
"narHash": "sha256-pZNHeNkBBgi5o2DOT1T8MPHnrpJN+eEfYeqdg2ASjZA=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "Hyprland",
|
"repo": "Hyprland",
|
||||||
"rev": "eb1f832fcec5838053c6b031b656e4f949ada57b",
|
"rev": "b3a86952cf14b6f556159eb898eaa7b6ceac4335",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -211,11 +211,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1684754342,
|
"lastModified": 1685290091,
|
||||||
"narHash": "sha256-plGnjnbnPLoZCTdQX21oT7xliQhFtgcWlkuDHgtEb1o=",
|
"narHash": "sha256-GGQYNZ7POoqPTtXgPOLUuSiHkOKFRWYpCoWUOSeSRoU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7084250df3d7f9735087d3234407f3c1fc2400e3",
|
"rev": "4e37b4e55b60fb7d43d2b62deb51032a489bcbe8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
home.packages = with pkgs;
|
home.packages = with pkgs;
|
||||||
[
|
[
|
||||||
python3
|
python3
|
||||||
|
python311Packages.pip
|
||||||
guile_3_0
|
guile_3_0
|
||||||
tinyscheme
|
tinyscheme
|
||||||
];
|
];
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
epkgs.elfeed-org
|
epkgs.elfeed-org
|
||||||
epkgs.embark
|
epkgs.embark
|
||||||
epkgs.embark-consult
|
epkgs.embark-consult
|
||||||
|
epkgs.ement
|
||||||
epkgs.emmet-mode
|
epkgs.emmet-mode
|
||||||
epkgs.envrc
|
epkgs.envrc
|
||||||
epkgs.evil
|
epkgs.evil
|
||||||
|
|
|
@ -2,6 +2,5 @@
|
||||||
{
|
{
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
rustup
|
rustup
|
||||||
rust-analyzer
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -73,6 +73,7 @@
|
||||||
rustdesk
|
rustdesk
|
||||||
tor-browser-bundle-bin
|
tor-browser-bundle-bin
|
||||||
transmission-gtk
|
transmission-gtk
|
||||||
|
ungoogled-chromium
|
||||||
unrar
|
unrar
|
||||||
unzip
|
unzip
|
||||||
usbutils
|
usbutils
|
||||||
|
|
|
@ -32,5 +32,5 @@
|
||||||
};
|
};
|
||||||
services = { };
|
services = { };
|
||||||
};
|
};
|
||||||
home.stateVersion = "22.11";
|
home.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
|
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "m3tam3re";
|
description = "m3tam3re";
|
||||||
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ];
|
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" "input"];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
||||||
];
|
];
|
||||||
|
|
|
@ -67,7 +67,7 @@
|
||||||
mode = "770";
|
mode = "770";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
|
|
@ -8,6 +8,5 @@
|
||||||
./nextcloud.nix
|
./nextcloud.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./wordpress.nix
|
./wordpress.nix
|
||||||
./wireguard.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./invidious.nix
|
./invidious.nix
|
||||||
./mariadb.nix
|
./mariadb.nix
|
||||||
|
./metabase.nix
|
||||||
./minio.nix
|
./minio.nix
|
||||||
./n8n.nix
|
./n8n.nix
|
||||||
./postgres.nix
|
./postgres.nix
|
||||||
|
|
|
@ -2,5 +2,6 @@
|
||||||
|
|
||||||
services.metabase = {
|
services.metabase = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listen.port = 3000;
|
listen.port = 3013;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
services.tailscale = {
|
services.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
useRoutingFeatures = "both";
|
useRoutingFeatures = "both";
|
||||||
|
@ -15,7 +15,10 @@
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
# set this service as a oneshot job
|
# set this service as a oneshot job
|
||||||
serviceConfig.Type = "oneshot";
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
|
};
|
||||||
|
|
||||||
# have the job run this shell script
|
# have the job run this shell script
|
||||||
script = with pkgs; ''
|
script = with pkgs; ''
|
||||||
|
@ -29,7 +32,7 @@
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# otherwise authenticate with tailscale
|
# otherwise authenticate with tailscale
|
||||||
${tailscale}/bin/tailscale up --advertise-exit-node lkk-nix-1 -authkey $(cat /run/agenix/tailscale-key)
|
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -108,6 +108,7 @@ in {
|
||||||
age = {
|
age = {
|
||||||
secrets = {
|
secrets = {
|
||||||
tailscale-key.file = ../../secrets/tailscale-key.age;
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
wg-key.file = ../../secrets/wg-key.age;
|
||||||
};
|
};
|
||||||
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
};
|
};
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
./udev.nix
|
./udev.nix
|
||||||
./tailscale.nix
|
./tailscale.nix
|
||||||
./virtualization.nix
|
./virtualization.nix
|
||||||
|
./wireguard.nix
|
||||||
#./xserver.nix
|
#./xserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
networking.wg-quick.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
configFile = config.age.secrets.wg-key.path;
|
||||||
|
autostart = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -12,6 +12,7 @@ in {
|
||||||
"searx-environmentFile.age".publicKeys = [ system ];
|
"searx-environmentFile.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"tailscale-key.age".publicKeys = [ system ];
|
"tailscale-key.age".publicKeys = [ system ];
|
||||||
|
"wg-key.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"briefkasten-env.age".publicKeys = [ system ];
|
"briefkasten-env.age".publicKeys = [ system ];
|
||||||
|
|
||||||
|
|
Binary file not shown.
Loading…
Reference in New Issue