add lumi-vpn module
parent
3bb79a0945
commit
ab081f14ea
|
@ -5,20 +5,11 @@
|
||||||
../roles/workstation.nix
|
../roles/workstation.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
|
|
||||||
system.stateVersion = "19.09";
|
system.stateVersion = "19.09";
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
yorick.lumi-vpn = {
|
||||||
wg-lumi = {
|
name = "yorick-homepc";
|
||||||
privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick-homepc.key";
|
mtu = 1408;
|
||||||
ips = [ "10.109.0.18" ];
|
|
||||||
peers = [ {
|
|
||||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
|
||||||
endpoint = "wg.lumi.guide:31727";
|
|
||||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
|
||||||
}];
|
|
||||||
postSetup = "ip link set dev wg-lumi mtu 1408";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
environment.systemPackages = [ pkgs.spice_gtk ];
|
environment.systemPackages = [ pkgs.spice_gtk ];
|
||||||
security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
|
security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";
|
||||||
|
|
|
@ -5,19 +5,7 @@
|
||||||
../roles/workstation.nix
|
../roles/workstation.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
|
|
||||||
system.stateVersion = "17.09";
|
system.stateVersion = "17.09";
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
yorick.lumi-vpn.name = "yorick";
|
||||||
wg-lumi = {
|
|
||||||
privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick.key";
|
|
||||||
ips = [ "10.109.0.10" ];
|
|
||||||
peers = [ {
|
|
||||||
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
|
||||||
endpoint = "wg.lumi.guide:31727";
|
|
||||||
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
|
||||||
}];
|
|
||||||
postSetup = "ip link set dev wg-lumi mtu 1371";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,42 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.yorick.lumi-vpn;
|
||||||
|
addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
|
||||||
|
{ lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.yorick.lumi-vpn = with lib; {
|
||||||
|
enable = mkEnableOption "lumi vpn";
|
||||||
|
name = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "yorick-homepc";
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "yorick";
|
||||||
|
};
|
||||||
|
mtu = mkOption {
|
||||||
|
type = types.int;
|
||||||
|
default = 1371;
|
||||||
|
};
|
||||||
|
ip = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
example = "10.109.0.1";
|
||||||
|
default = addresses.workstations."${cfg.name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg-lumi = {
|
||||||
|
privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
||||||
|
ips = [ cfg.ip ];
|
||||||
|
peers = [ {
|
||||||
|
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
||||||
|
endpoint = "wg.lumi.guide:31727";
|
||||||
|
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
||||||
|
}];
|
||||||
|
postSetup = "ip link set dev wg-lumi mtu ${toString cfg.mtu}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -9,6 +9,7 @@ in
|
||||||
imports = [
|
imports = [
|
||||||
../modules/tor-hidden-service.nix
|
../modules/tor-hidden-service.nix
|
||||||
../modules/nginx.nix
|
../modules/nginx.nix
|
||||||
|
../modules/lumi-vpn.nix
|
||||||
../deploy/keys.nix
|
../deploy/keys.nix
|
||||||
../services
|
../services
|
||||||
];
|
];
|
||||||
|
|
|
@ -97,4 +97,6 @@ in
|
||||||
|
|
||||||
# git
|
# git
|
||||||
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
|
||||||
|
|
||||||
|
yorick.lumi-vpn.enable = true;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue