diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 475f163..0ebf66f 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -49,13 +49,9 @@ sway = true; hyprland = true; }; - # home-manager = { - # inherit (users) users; - # enable = true; - # }; libvirtd.enable = true; livebook = { - enable = true; + enable = false; dataDir = "/home/erwin/workspace/livebook"; userMapping = "1000:100"; }; @@ -93,7 +89,6 @@ firewall = { trustedInterfaces = [ "lo" ]; - # interfaces."enp4s0" = { allowedTCPPorts = [ # NFS 111 @@ -137,49 +132,21 @@ # Sunshine { from = 47998; to = 48000; } ]; - # }; }; - wg-quick.interfaces = { - wghorus = { - address = [ "10.10.4.2/24" ]; - autostart = false; - dns = [ "192.168.4.1" ]; - listenPort = 51820; - - privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; - - postUp = '' - ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu - ''; - postDown = '' - ${pkgs.systemd}/bin/resolvectl domain wghorus "" - ''; - - peers = [ - { - publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; - allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; - endpoint = "212.45.34.195:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; - - # wireguard.interfaces = { + # wg-quick.interfaces = { # wghorus = { - # ips = [ "10.10.4.2/24" ]; + # address = [ "10.10.4.2/24" ]; + # autostart = false; + # dns = [ "192.168.4.1" ]; # listenPort = 51820; # privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; - # postSetup = '' - # ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1 + # postUp = '' # ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu # ''; - # postShutdown = '' - # ${pkgs.systemd}/bin/resolvectl dns wghorus "" + # postDown = '' # ${pkgs.systemd}/bin/resolvectl domain wghorus "" # ''; @@ -198,10 +165,85 @@ systemd.network = { enable = true; + netdevs = { + "10-wghorus" = { + netdevConfig = { + Kind = "wireguard"; + MTUBytes = "1420"; + Name = "wghorus"; + }; + + wireguardConfig = { + PrivateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; + ListenPort = 51820; + }; + + wireguardPeers = [ + { + wireguardPeerConfig = { + PublicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; + AllowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; + Endpoint = "212.45.34.195:51820"; + PersistentKeepalive = 25; + }; + } + ]; + }; + }; + networks = { "40-enp4s0" = { DHCP = "yes"; }; + "40-wghorus" = { + matchConfig = { + Name = "wghorus"; + }; + + linkConfig = { + ActivationPolicy = "manual"; + }; + + networkConfig = { + DHCP = "no"; + DNS = "192.168.4.1"; + Domains = [ "bedum.horus.nu" "internal.horus.nu" ]; + }; + + address = [ + "10.10.4.2/24" + ]; + + routes = [ + { + routeConfig = + { + Destination = "192.168.4.0/23"; + Scope = "link"; + }; + } + { + routeConfig = { + Destination = "192.168.6.0/24"; + Scope = "link"; + }; + } + { + routeConfig = + { + Destination = "192.168.7.0/24"; + Scope = "link"; + }; + } + { + routeConfig = + { + Destination = "192.168.8.0/24"; + Scope = "link"; + }; + } + ]; + }; }; links = { @@ -215,12 +257,6 @@ }; }; }; - # nix = { - # package = pkgs.nixUnstable; - # extraOptions = '' - # experimental-features = nix-command flakes - # ''; - # }; services.openssh.enable = true; programs.ssh.startAgent = true; @@ -266,7 +302,9 @@ livebook-password = { owner = "erwin"; }; - wireguard-horus-privkey = { }; + wireguard-horus-privkey = { + owner = "systemd-network"; + }; }; # This value determines the NixOS release from which the default