beleth: wg config; disable dhcp

2024-11-22 09:10:32 +01:00 · 2024-06-09 20:48:07 +02:00 · 2024-06-09 20:48:07 +02:00 · e072028205
parent e1c3cae409
commit e072028205
10 changed files with 113 additions and 45 deletions
--- a/flake.nix
+++ b/flake.nix
@ -76,7 +76,7 @@
      };
      "alastor" = lib.nixosSystem {
        system = "aarch64-linux";
-        modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [ inputs.nixos-aarch64-widevine.overlays.default ];}];
+        modules = [./hosts/aarch64-linux/alastor {nixpkgs.overlays = [inputs.nixos-aarch64-widevine.overlays.default];}];
        specialArgs = {inherit inputs;};
      };
    };
--- a/home/modules/firefox.nix
+++ b/home/modules/firefox.nix
@ -236,7 +236,7 @@ with inputs; {
        "browser.theme.toolbar-theme" = "0";
        "browser.newtabpage.activity-stream.showSponsored" = false;
        "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
-	"media.eme.enabled" = true;
+        "media.eme.enabled" = true;
        "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsored" =
          false;
        "services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSites" =
--- a/home/modules/qt.nix
+++ b/home/modules/qt.nix
@ -1,10 +1,14 @@
 {config, lib, inputs, pkgs, ...}:
 {
  config,
  lib,
  inputs,
  pkgs,
  ...
 }: {
  qt.style.package = pkgs.catppuccin-kde.override {
-        accents = ["pink"];
+    accents = ["pink"];
-        size = "compact";
+    size = "compact";
-        tweaks = ["rimless"];
+    tweaks = ["rimless"];
-        variant = "mocha";
+    variant = "mocha";
  };
 }
--- a/hosts/aarch64-linux/alastor/default.nix
+++ b/hosts/aarch64-linux/alastor/default.nix
@ -36,7 +36,7 @@
  services.pcscd.enable = true;
-  environment.sessionVariables.MOZ_GMP_PATH = [ "${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed" ];
+  environment.sessionVariables.MOZ_GMP_PATH = ["${pkgs.widevine-cdm-lacros}/gmp-widevinecdm/system-installed"];
  networking.hostName = "alastor"; # Define your hostname.
  # Pick only one of the below networking options.
--- a/hosts/x86_64-linux/beleth/default.nix
+++ b/hosts/x86_64-linux/beleth/default.nix
@ -24,42 +24,42 @@ with lib; {
    enable = true;
    email = "xqtc@tutanota.com";
    configFile = pkgs.writeText "Caddyfile" ''
-                 heroin.trade {
+                    heroin.trade {
-                 	root * /var/www/website/public/
+                    	root * /var/www/website/public/
-      		handle_errors {
+         		handle_errors {
-      	rewrite * /404.html
+         	rewrite * /404.html
-      	file_server
+         	file_server
         }
                    	file_server
                    }
                    syncthing.heroin.trade {
               reverse_proxy http://localhost:8384 {
        	header_up Host {upstream_hostport}
               }
                    }
                    demos.heroin.trade {
               root * /var/www/demos/
               file_server browse
                    }
      git.heroin.trade {
       reverse_proxy http://localhost:3002
      }
                 	file_server
                 }
                 syncthing.heroin.trade {
            reverse_proxy http://localhost:8384 {
 	    	header_up Host {upstream_hostport}
            }
                 }
                 demos.heroin.trade {
            root * /var/www/demos/
            file_server browse
                 }
 		 git.heroin.trade {
 		  reverse_proxy http://localhost:3002
 		 }
-                 jellyfin.heroin.trade {
+                    jellyfin.heroin.trade {
-                 	reverse_proxy http://127.0.0.1:8096
+                    	reverse_proxy http://127.0.0.1:8096
-                 }
+                    }
-                 calibre.heroin.trade {
+                    calibre.heroin.trade {
-            reverse_proxy http://localhost:3000
+               reverse_proxy http://localhost:3000
-                 }
+                    }
-                 grafana.heroin.trade {
+                    grafana.heroin.trade {
-            reverse_proxy http://127.0.0.1:2342
+               reverse_proxy http://127.0.0.1:2342
-                 }
+                    }
-      	   uptime.heroin.trade {
+         	   uptime.heroin.trade {
-      	      reverse_proxy 127.0.0.1:3001
+         	      reverse_proxy 127.0.0.1:3001
-      	    }
+         	    }
    '';
  };
--- a/hosts/x86_64-linux/beleth/docker.nix
+++ b/hosts/x86_64-linux/beleth/docker.nix
@ -1,5 +1,8 @@
 {config, lib, ...}:
 {
  config,
  lib,
  ...
 }: {
  virtualisation.docker.enable = true;
  virtualisation.docker.autoPrune.enable = true;
  virtualisation.docker.autoPrune.dates = "daily";
--- a/hosts/x86_64-linux/beleth/git.nix
+++ b/hosts/x86_64-linux/beleth/git.nix
@ -1,5 +1,8 @@
 {lib, inputs, ...}:
 {
  lib,
  inputs,
  ...
 }: {
  services.forgejo = {
    enable = true;
    settings.server = {
@ -8,8 +11,8 @@
    };
    settings = {
      service = {
-	DISABLE_REGISTRATION = true;
+        DISABLE_REGISTRATION = true;
-	REQUIRE_SIGNIN_VIEW = true;
+        REQUIRE_SIGNIN_VIEW = true;
      };
    };
  };
--- a/hosts/x86_64-linux/beleth/hardware-configuration.nix
+++ b/hosts/x86_64-linux/beleth/hardware-configuration.nix
@ -33,7 +33,7 @@
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/hosts/x86_64-linux/beleth/networking.nix
+++ b/hosts/x86_64-linux/beleth/networking.nix
@ -0,0 +1,28 @@
 {
  config,
  lib,
  inputs,
  ...
 }: {
  imports = [./wireguard.nix];
  networking.interfaces = {
    enp0s31f6 = {
      ipv4 = {
        adresses = [
          {
            address = "88.99.90.90";
            prefixLength = 26;
          }
        ];
      };
      ipv6 = {
        adresses = [
          {
            address = "2a01:4f8:10a:1aab::2";
            prefixLength = 80;
          }
        ];
      };
    };
  };
 }
--- a/hosts/x86_64-linux/beleth/wireguard.nix
+++ b/hosts/x86_64-linux/beleth/wireguard.nix
@ -0,0 +1,30 @@
 {
  config,
  lib,
  inputs,
  ...
 }: {
  # networking.nat.enable = true;
  # networking.nat.externalInterface = "enp0s31f6";
  # networking.nat.internalInterfaces = "wg0";
  networking.firewall = {
    allowedUDPPorts = [51820];
  };
  networking.wireguard.interfaces = {
    ips = ["2a01:4f8:10a:1aab::2/64"];
    listenPort = 51820;
    privateKeyFile = "/home/xqtc/wireguard-keys/private";
    peers = [
      {
        #anner
        publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
        allowedIPs = ["2a0f:be01::/48"];
        endpoint = "[2a0f:be01::1]:51822";
      }
    ];
  };
 }