From e07202820509a9af4594489e5f8397479b5981be Mon Sep 17 00:00:00 2001 From: xqtc161 Date: Sun, 9 Jun 2024 20:48:07 +0200 Subject: [PATCH] beleth: wg config; disable dhcp --- flake.nix | 2 +- home/modules/firefox.nix | 2 +- home/modules/qt.nix | 16 +++-- hosts/aarch64-linux/alastor/default.nix | 2 +- hosts/x86_64-linux/beleth/default.nix | 62 +++++++++---------- hosts/x86_64-linux/beleth/docker.nix | 5 +- hosts/x86_64-linux/beleth/git.nix | 9 ++- .../beleth/hardware-configuration.nix | 2 +- hosts/x86_64-linux/beleth/networking.nix | 28 +++++++++ hosts/x86_64-linux/beleth/wireguard.nix | 30 +++++++++ 10 files changed, 113 insertions(+), 45 deletions(-) create mode 100644 hosts/x86_64-linux/beleth/networking.nix create mode 100644 hosts/x86_64-linux/beleth/wireguard.nix diff --git a/flake.nix b/flake.nix index 390e210..2b0fa02 100644 --- a/flake.nix +++ b/flake.nix @@ -76,7 +76,7 @@ }; "alastor" = lib.nixosSystem { system = "aarch64-linux"; - modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [ inputs.nixos-aarch64-widevine.overlays.default ];}]; + modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [inputs.nixos-aarch64-widevine.overlays.default];}]; specialArgs = {inherit inputs;}; }; }; diff --git a/home/modules/firefox.nix b/home/modules/firefox.nix index 484de2c..946333f 100644 --- a/home/modules/firefox.nix +++ b/home/modules/firefox.nix @@ -236,7 +236,7 @@ with inputs; { "browser.theme.toolbar-theme" = "0"; "browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; - "media.eme.enabled" = true; + "media.eme.enabled" = true; "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" = false; "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" = diff --git a/home/modules/qt.nix b/home/modules/qt.nix index 6302b44..b9bfd4a 100644 --- a/home/modules/qt.nix +++ b/home/modules/qt.nix @@ -1,10 +1,14 @@ -{config, lib, inputs, pkgs, ...}: { + config, + lib, + inputs, + pkgs, + ... +}: { qt.style.package = pkgs.catppuccin-kde.override { - accents = ["pink"]; - size = "compact"; - tweaks = ["rimless"]; - variant = "mocha"; + accents = ["pink"]; + size = "compact"; + tweaks = ["rimless"]; + variant = "mocha"; }; - } diff --git a/hosts/aarch64-linux/alastor/default.nix b/hosts/aarch64-linux/alastor/default.nix index 332ce19..095216b 100644 --- a/hosts/aarch64-linux/alastor/default.nix +++ b/hosts/aarch64-linux/alastor/default.nix @@ -36,7 +36,7 @@ services.pcscd.enable = true; - environment.sessionVariables.MOZ_GMP_PATH = [ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ]; + environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"]; networking.hostName = "alastor"; # Define your hostname. # Pick only one of the below networking options. diff --git a/hosts/x86_64-linux/beleth/default.nix b/hosts/x86_64-linux/beleth/default.nix index 4b4f968..85e6040 100644 --- a/hosts/x86_64-linux/beleth/default.nix +++ b/hosts/x86_64-linux/beleth/default.nix @@ -24,42 +24,42 @@ with lib; { enable = true; email = "xqtc@tutanota.com"; configFile = pkgs.writeText "Caddyfile" '' - heroin.trade { - root * /var/www/website/public/ - handle_errors { - rewrite * /404.html - file_server + heroin.trade { + root * /var/www/website/public/ + handle_errors { + rewrite * /404.html + file_server + } + file_server + } + syncthing.heroin.trade { + reverse_proxy http://localhost:8384 { + header_up Host {upstream_hostport} + } + } + demos.heroin.trade { + root * /var/www/demos/ + file_server browse + } + git.heroin.trade { + reverse_proxy http://localhost:3002 } - file_server - } - syncthing.heroin.trade { - reverse_proxy http://localhost:8384 { - header_up Host {upstream_hostport} - } - } - demos.heroin.trade { - root * /var/www/demos/ - file_server browse - } - git.heroin.trade { - reverse_proxy http://localhost:3002 - } - jellyfin.heroin.trade { - reverse_proxy http://127.0.0.1:8096 - } + jellyfin.heroin.trade { + reverse_proxy http://127.0.0.1:8096 + } - calibre.heroin.trade { - reverse_proxy http://localhost:3000 - } + calibre.heroin.trade { + reverse_proxy http://localhost:3000 + } - grafana.heroin.trade { - reverse_proxy http://127.0.0.1:2342 - } + grafana.heroin.trade { + reverse_proxy http://127.0.0.1:2342 + } - uptime.heroin.trade { - reverse_proxy 127.0.0.1:3001 - } + uptime.heroin.trade { + reverse_proxy 127.0.0.1:3001 + } ''; }; diff --git a/hosts/x86_64-linux/beleth/docker.nix b/hosts/x86_64-linux/beleth/docker.nix index 5d2483e..301b3ae 100644 --- a/hosts/x86_64-linux/beleth/docker.nix +++ b/hosts/x86_64-linux/beleth/docker.nix @@ -1,5 +1,8 @@ -{config, lib, ...}: { + config, + lib, + ... +}: { virtualisation.docker.enable = true; virtualisation.docker.autoPrune.enable = true; virtualisation.docker.autoPrune.dates = "daily"; diff --git a/hosts/x86_64-linux/beleth/git.nix b/hosts/x86_64-linux/beleth/git.nix index e0d4fe2..3c20ee3 100644 --- a/hosts/x86_64-linux/beleth/git.nix +++ b/hosts/x86_64-linux/beleth/git.nix @@ -1,5 +1,8 @@ -{lib, inputs, ...}: { + lib, + inputs, + ... +}: { services.forgejo = { enable = true; settings.server = { @@ -8,8 +11,8 @@ }; settings = { service = { - DISABLE_REGISTRATION = true; - REQUIRE_SIGNIN_VIEW = true; + DISABLE_REGISTRATION = true; + REQUIRE_SIGNIN_VIEW = true; }; }; }; diff --git a/hosts/x86_64-linux/beleth/hardware-configuration.nix b/hosts/x86_64-linux/beleth/hardware-configuration.nix index e1fe1b8..a613e7b 100644 --- a/hosts/x86_64-linux/beleth/hardware-configuration.nix +++ b/hosts/x86_64-linux/beleth/hardware-configuration.nix @@ -33,7 +33,7 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/x86_64-linux/beleth/networking.nix b/hosts/x86_64-linux/beleth/networking.nix new file mode 100644 index 0000000..39c21d9 --- /dev/null +++ b/hosts/x86_64-linux/beleth/networking.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + inputs, + ... +}: { + imports = [./wireguard.nix]; + networking.interfaces = { + enp0s31f6 = { + ipv4 = { + adresses = [ + { + address = "88.99.90.90"; + prefixLength = 26; + } + ]; + }; + ipv6 = { + adresses = [ + { + address = "2a01:4f8:10a:1aab::2"; + prefixLength = 80; + } + ]; + }; + }; + }; +} diff --git a/hosts/x86_64-linux/beleth/wireguard.nix b/hosts/x86_64-linux/beleth/wireguard.nix new file mode 100644 index 0000000..beac85b --- /dev/null +++ b/hosts/x86_64-linux/beleth/wireguard.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + inputs, + ... +}: { + # networking.nat.enable = true; + # networking.nat.externalInterface = "enp0s31f6"; + # networking.nat.internalInterfaces = "wg0"; + networking.firewall = { + allowedUDPPorts = [51820]; + }; + + networking.wireguard.interfaces = { + ips = ["2a01:4f8:10a:1aab::2/64"]; + + listenPort = 51820; + + privateKeyFile = "/home/xqtc/wireguard-keys/private"; + + peers = [ + { + #anner + publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So="; + allowedIPs = ["2a0f:be01::/48"]; + endpoint = "[2a0f:be01::1]:51822"; + } + ]; + }; +}