add lumi-vpn module
parent
3bb79a0945
commit
ab081f14ea
|
@ -5,20 +5,11 @@
|
|||
../roles/workstation.nix
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
|
||||
system.stateVersion = "19.09";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-lumi = {
|
||||
privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick-homepc.key";
|
||||
ips = [ "10.109.0.18" ];
|
||||
peers = [ {
|
||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||
endpoint = "wg.lumi.guide:31727";
|
||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
||||
}];
|
||||
postSetup = "ip link set dev wg-lumi mtu 1408";
|
||||
};
|
||||
yorick.lumi-vpn = {
|
||||
name = "yorick-homepc";
|
||||
mtu = 1408;
|
||||
};
|
||||
environment.systemPackages = [ pkgs.spice_gtk ];
|
||||
security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
|
||||
|
|
|
@ -5,19 +5,7 @@
|
|||
../roles/workstation.nix
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
|
||||
system.stateVersion = "17.09";
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
wg-lumi = {
|
||||
privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick.key";
|
||||
ips = [ "10.109.0.10" ];
|
||||
peers = [ {
|
||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||
endpoint = "wg.lumi.guide:31727";
|
||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
||||
}];
|
||||
postSetup = "ip link set dev wg-lumi mtu 1371";
|
||||
};
|
||||
};
|
||||
yorick.lumi-vpn.name = "yorick";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,42 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.yorick.lumi-vpn;
|
||||
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
|
||||
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
|
||||
in
|
||||
{
|
||||
options.yorick.lumi-vpn = with lib; {
|
||||
enable = mkEnableOption "lumi vpn";
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
example = "yorick-homepc";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "yorick";
|
||||
};
|
||||
mtu = mkOption {
|
||||
type = types.int;
|
||||
default = 1371;
|
||||
};
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
example = "10.109.0.1";
|
||||
default = addresses.workstations."${cfg.name}";
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
networking.wireguard.interfaces = {
|
||||
wg-lumi = {
|
||||
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
||||
ips = [ cfg.ip ];
|
||||
peers = [ {
|
||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||
endpoint = "wg.lumi.guide:31727";
|
||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
||||
}];
|
||||
postSetup = "ip link set dev wg-lumi mtu ${toString cfg.mtu}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -9,6 +9,7 @@ in
|
|||
imports = [
|
||||
../modules/tor-hidden-service.nix
|
||||
../modules/nginx.nix
|
||||
../modules/lumi-vpn.nix
|
||||
../deploy/keys.nix
|
||||
../services
|
||||
];
|
||||
|
|
|
@ -97,4 +97,6 @@ in
|
|||
|
||||
# git
|
||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||
|
||||
yorick.lumi-vpn.enable = true;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue