beleth: wg config; disable dhcp

2024-11-22 09:10:32 +01:00 · 2024-06-09 20:48:07 +02:00 · 2024-06-09 20:48:07 +02:00 · e072028205
parent e1c3cae409
commit e072028205
10 changed files with 113 additions and 45 deletions
--- a/home/modules/qt.nix
+++ b/home/modules/qt.nix
@ -1,10 +1,14 @@
-{config, lib, inputs, pkgs, ...}:
 {
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}: {
  qt.style.package = pkgs.catppuccin-kde.override {
    accents = ["pink"];
    size = "compact";
    tweaks = ["rimless"];
    variant = "mocha";
  };
-
 }
--- a/hosts/x86_64-linux/beleth/docker.nix
+++ b/hosts/x86_64-linux/beleth/docker.nix
@ -1,5 +1,8 @@
-{config, lib, ...}:
 {
+  config,
+  lib,
+  ...
+}: {
  virtualisation.docker.enable = true;
  virtualisation.docker.autoPrune.enable = true;
  virtualisation.docker.autoPrune.dates = "daily";
--- a/hosts/x86_64-linux/beleth/git.nix
+++ b/hosts/x86_64-linux/beleth/git.nix
@ -1,5 +1,8 @@
-{lib, inputs, ...}:
 {
+  lib,
+  inputs,
+  ...
+}: {
  services.forgejo = {
    enable = true;
    settings.server = {
--- a/hosts/x86_64-linux/beleth/hardware-configuration.nix
+++ b/hosts/x86_64-linux/beleth/hardware-configuration.nix
@ -33,7 +33,7 @@
  # (the default) this is the recommended approach. When using systemd-networkd it's
  # still possible to use this option, but it's recommended to use it in conjunction
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
--- a/hosts/x86_64-linux/beleth/networking.nix
+++ b/hosts/x86_64-linux/beleth/networking.nix
@ -0,0 +1,28 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+  imports = [./wireguard.nix];
+  networking.interfaces = {
+    enp0s31f6 = {
+      ipv4 = {
+        adresses = [
+          {
+            address = "88.99.90.90";
+            prefixLength = 26;
+          }
+        ];
+      };
+      ipv6 = {
+        adresses = [
+          {
+            address = "2a01:4f8:10a:1aab::2";
+            prefixLength = 80;
+          }
+        ];
+      };
+    };
+  };
+}
--- a/hosts/x86_64-linux/beleth/wireguard.nix
+++ b/hosts/x86_64-linux/beleth/wireguard.nix
@ -0,0 +1,30 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}: {
+  # networking.nat.enable = true;
+  # networking.nat.externalInterface = "enp0s31f6";
+  # networking.nat.internalInterfaces = "wg0";
+  networking.firewall = {
+    allowedUDPPorts = [51820];
+  };
+
+  networking.wireguard.interfaces = {
+    ips = ["2a01:4f8:10a:1aab::2/64"];
+
+    listenPort = 51820;
+
+    privateKeyFile = "/home/xqtc/wireguard-keys/private";
+
+    peers = [
+      {
+        #anner
+        publicKey = "5ar4lh3Ra4TRmUJeeBtPgDvZnAkGssJDUN53y9oa3So=";
+        allowedIPs = ["2a0f:be01::/48"];
+        endpoint = "[2a0f:be01::1]:51822";
+      }
+    ];
+  };
+}