0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

mircowave: use iwd, resolvd and networkmanager

Browse source
This commit is contained in:
Grigory Shipunov 2022-07-11 19:27:51 +02:00
parent ad486191bc
commit 4368fa3920
Signed by: 0xa
GPG key ID: 91FA5E5BF9AA901C
6 changed files with 179 additions and 72 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -38,16 +38,13 @@
modules = [ modules = [
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
./hosts/microwave/configuration.nix ./hosts/microwave
./hosts/microwave/secrets.nix
./hosts/microwave/hardware-configuration.nix
./modules/graphical.nix ./modules/graphical.nix
./modules/basic-tools.nix ./modules/basic-tools.nix
./modules/gnupg.nix ./modules/gnupg.nix
./modules/hw-accel-intel.nix ./modules/hw-accel-intel.nix
./modules/radio.nix ./modules/radio.nix
./modules/tlp.nix ./modules/tlp.nix
./modules/wireguard.nix
./modules/binary-caches.nix ./modules/binary-caches.nix
./modules/science.nix ./modules/science.nix
./modules/mail.nix ./modules/mail.nix
@ -55,7 +52,6 @@
./modules/virtualization.nix ./modules/virtualization.nix
({ pkgs, ... }: { ({ pkgs, ... }: {
services.throttled.enable = true; services.throttled.enable = true;
services.influxdb.enable = true;
}) })
({ pkgs, ... }: { ({ pkgs, ... }: {
nixpkgs.overlays = [ fenix.overlay ]; nixpkgs.overlays = [ fenix.overlay ];

9
hosts/microwave/configuration.nix
View file

@ -21,14 +21,6 @@
element-desktop-wayland element-desktop-wayland
]; ];
networking.firewall.enable = true;
networking = {
hostName = "microwave"; # Define your hostname.
networkmanager.enable = true;
wireguard.enable = true;
};
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
@ -65,7 +57,6 @@
createHome = true; createHome = true;
extraGroups = [ extraGroups = [
"wheel" "wheel"
"networkmanager"
"wireshark" "wireshark"
"video" "video"
"libvirtd" "libvirtd"

9
hosts/microwave/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
./configuration.nix
./hardware-configuration.nix
./network.nix
./secrets.nix
];
}

157
hosts/microwave/network.nix Normal file
View file

@ -0,0 +1,157 @@
{ pkgs, config, ... }: {
environment.systemPackages = with pkgs; [
iwgtk
];
networking = {
hostName = "microwave"; # Define your hostname.
firewall.enable = true;
useNetworkd = true;
wireguard.enable = true;
wireless.iwd = {
enable = true;
};
};
services.resolved = {
enable = true;
};
# workaround for networkd waiting for shit
systemd.services.systemd-networkd-wait-online.serviceConfig.ExecStart = [
"" # clear old command
"${config.systemd.package}/lib/systemd/systemd-networkd-wait-online --any"
];
systemd.network = {
enable = true;
# wait-online.ignoredInterfaces = [ "wlan0" "enp53s0" ];
# Interfaces on the machine
networks."10-ether" = {
matchConfig = { Name = "enp53s0"; };
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
networks."10-wlan" = {
matchConfig = { Name = "wlan0"; };
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
IgnoreCarrierLoss = true;
};
};
# Wireguard
# Dump-dvb
netdevs."10-wg-dumpdvb" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-dumpdvb";
Description = "dvb.solutions enterprise network";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
Endpoint = "academicstrokes.com:51820";
AllowedIPs = [ "10.13.37.0/24" ];
PersistentKeepalive = 25;
};
}
];
};
networks."10-wg-dumpdvb" = {
matchConfig = { Name = "wg-dumpdvb"; };
networkConfig = {
Address = "10.13.37.3";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.13.37.1"; Destination = "10.13.37.0/24"; }; }
];
};
# Dump-dvb
netdevs."10-wg-oxalab" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-oxalab";
Description = "lab of oxa";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
Endpoint = "95.216.166.21:51820";
AllowedIPs = [ "10.66.66.0/24" ];
PersistentKeepalive = 25;
};
}
];
};
networks."10-wg-oxalab" = {
matchConfig = { Name = "wg-oxalab"; };
networkConfig = {
Address = "10.66.66.10/24";
IPv6AcceptRA = true;
};
routes = [
{ routeConfig = { Gateway = "10.66.66.1"; Destination = "10.66.66.1/24"; }; }
];
};
# zentralwerk
netdevs."10-wg-zentralwerk" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-zentralwerk";
Description = "Tunnel to the best basement in Dresden";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."wg/wg-zw-seckey".path;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo=";
Endpoint = "81.201.149.152:1337";
AllowedIPs = [ "172.20.72.0/21" "172.22.90.0/24" ];
PersistentKeepalive = 25;
};
}
];
};
networks."10-wg-zentralwerk" = {
matchConfig = { Name = "wg-zentralwerk"; };
networkConfig = {
Address = "172.20.76.226";
IPv6AcceptRA = true;
DNS = "172.20.73.8";
};
routes = [
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.72.0/21";
};
}
{
routeConfig = {
Gateway = "172.20.72.4";
Destination = "172.20.90.0/24";
};
}
];
};
};
}

16
hosts/microwave/secrets.nix
View file

@ -4,9 +4,17 @@
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets = { sops.secrets = {
"wg/wg-zw-seckey" = { }; "wg/wg-zw-seckey" = {
"wg/wg-dvb-seckey" = { }; owner = config.users.users.systemd-network.name;
"wg/mlwd-nl-seckey" = { }; };
"wg/oxalab-seckey" = { }; "wg/wg-dvb-seckey" = {
owner = config.users.users.systemd-network.name;
};
"wg/mlwd-nl-seckey" = {
owner = config.users.users.systemd-network.name;
};
"wg/oxalab-seckey" = {
owner = config.users.users.systemd-network.name;
};
}; };
} }

54
modules/wireguard.nix
View file

@ -1,54 +0,0 @@
{ config, ... }:
{
networking.wg-quick.interfaces = {
wg-zw = {
privateKeyFile = config.sops.secrets."wg/wg-zw-seckey".path;
address = [ "172.20.76.226" ];
dns = [ "172.20.73.8" ];
peers = [
{
publicKey = "PG2VD0EB+Oi+U5/uVMUdO5MFzn59fAck6hz8GUyLMRo=";
endpoint = "81.201.149.152:1337";
allowedIPs = [ "172.20.72.0/21" "172.22.99.0/24" ];
}
];
};
wg-dvb = {
privateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path;
address = [ "10.13.37.3/32" ];
peers = [{
publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
allowedIPs = [ "10.13.37.0/24" ];
endpoint = "academicstrokes.com:51820";
persistentKeepalive = 25;
}];
};
mlwd-nl = {
privateKeyFile = config.sops.secrets."wg/mlwd-nl-seckey".path;
address = [ "10.65.79.164/32" "fc00:bbbb:bbbb:bb01::2:4fa3/128" ];
dns = [ "193.138.218.74" ];
peers = [{
publicKey = "StMPmol1+QQQQCJyAkm7t+l/QYTKe5CzXUhw0I6VX14=";
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = "92.60.40.194:51820";
}];
};
oxalab = {
privateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
address = [ "10.66.66.10/32" ];
peers = [{
publicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
allowedIPs = [ "10.66.66.0/24" ];
endpoint = "95.216.166.21:51820";
persistentKeepalive = 25;
}];
};
};
}