Compare commits

..

No commits in common. "190bff3ac0448aad3bed8aafe32c7fe84c283977" and "08d5181da848f6110d1fa08a6a62c4272a5a295a" have entirely different histories.

31 changed files with 327 additions and 106 deletions

12
flake.lock generated
View File

@ -23,11 +23,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1697723726, "lastModified": 1696019113,
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0", "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1697891198, "lastModified": 1696275639,
"narHash": "sha256-ckL4NDWuZaxu+sMUPze98xQCdMUm+Q11Yb7DFasE/7E=", "narHash": "sha256-3zShVFShYM2/n4p3Y2hzTzIE0zjR6/G1sDXo4awMR/w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8643a0aff085eb3fbb27cb30c0e1af9585168fcb", "rev": "cb1f8c37d44052b9fd2b6bd208ec4dbbe068cced",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -10,12 +10,13 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "wireguard" "tailscale" ];
locations."/" = { locations."/" = {
allowLan = true; allowLan = true;
port = 6767; port = 6767;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

View File

@ -32,6 +32,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

View File

@ -22,6 +22,7 @@ in
./bazarr.nix ./bazarr.nix
./nzbget.nix ./nzbget.nix
./nextcloud.nix ./nextcloud.nix
./wireguard.nix
./minio.nix ./minio.nix
./matrix.nix ./matrix.nix
./fail2ban.nix ./fail2ban.nix
@ -40,10 +41,9 @@ in
./keycloak.nix ./keycloak.nix
# ./runas.nix # ./runas.nix
./tailscale.nix ./tailscale.nix
./searx.nix # ./searx.nix
./plex.nix ./plex.nix
./headscale.nix ./headscale.nix
./llm.nix
]; ];
architect = { architect = {

View File

@ -39,13 +39,14 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
allowLan = true; allowLan = true;
port = 8112; port = 8112;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

View File

@ -8,7 +8,7 @@ in
firewall.openUDPVPN = [ 53 ]; firewall.openUDPVPN = [ 53 ];
vhost.${domain} = { vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = with config; { locations."/" = with config; {
port = services.adguardhome.settings.bind_port; port = services.adguardhome.settings.bind_port;

View File

@ -16,6 +16,23 @@ let
(deviceAddress "tailscale" "kmerr") (deviceAddress "tailscale" "kmerr")
(deviceAddress "tailscale" "chuck") (deviceAddress "tailscale" "chuck")
]; ];
wireguardToWAN = [
(deviceAddress "wireguard" "shield")
(deviceAddress "wireguard" "parina")
(deviceAddress "wireguard" "parina-ipad")
(deviceAddress "wireguard" "germano")
];
frameccaDevices = [
(deviceAddress "wireguard" "framecca")
(deviceAddress "wireguard" "framecca_one")
(deviceAddress "wireguard" "framecca_two")
(deviceAddress "wireguard" "framecca_three")
(deviceAddress "wireguard" "framecca_four")
];
clientToClientWireguard = frameccaDevices;
in in
{ {
networking = { networking = {
@ -54,6 +71,9 @@ in
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept; type nat hook postrouting priority srcnat; policy accept;
oifname ${lan.interface} ip saddr {${
lib.concatStringsSep "," wireguardToWAN
}} masquerade
oifname ${lan.interface} ip saddr ${docker.net} masquerade oifname ${lan.interface} ip saddr ${docker.net} masquerade
oifname ${lan.interface} ip saddr ${tailscale.net} masquerade oifname ${lan.interface} ip saddr ${tailscale.net} masquerade
} }
@ -65,8 +85,10 @@ in
ct state invalid,untracked drop comment "drop invalid" ct state invalid,untracked drop comment "drop invalid"
ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
iifname ${lan.interface} ip saddr ${wireguard.net} drop comment "bind any ip to intf ${lan.interface}"
iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}"
iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}"
iifname ${wireguard.interface} ip saddr ${wireguard.net} accept comment "bind ip ${wireguard.net} to intf ${wireguard.interface}"
iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}" iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}"
iifname ${tailscale.interface} ip saddr ${tailscale.net} accept iifname ${tailscale.interface} ip saddr ${tailscale.net} accept
iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept
@ -129,6 +151,10 @@ in
iifname ${lan.interface} tcp dport {${openTCP}} accept iifname ${lan.interface} tcp dport {${openTCP}} accept
iifname ${lan.interface} udp dport {${openUDP}} accept iifname ${lan.interface} udp dport {${openUDP}} accept
iifname ${wireguard.interface} tcp dport {${openTCPVPN}} accept
iifname ${wireguard.interface} udp dport {${openUDPVPN}} accept
iifname ${wireguard.interface} icmp type echo-request accept
jump filter_drop jump filter_drop
} }
@ -136,6 +162,16 @@ in
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
ct state established,related accept ct state established,related accept
# client to client
ip saddr {${lib.concatStringsSep "," clientToClientWireguard}} ip daddr {${
lib.concatStringsSep "," clientToClientWireguard
}} accept
# nat to wan
oifname ${lan.interface} ip saddr {${
lib.concatStringsSep "," wireguardToWAN
}} accept
oifname ${lan.interface} ip saddr ${docker.net} accept oifname ${lan.interface} ip saddr ${docker.net} accept
oifname ${lan.interface} ip saddr ${tailscale.net} accept oifname ${lan.interface} ip saddr ${tailscale.net} accept

View File

@ -7,11 +7,8 @@ in
architect = { architect = {
firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
vhost.${domain} = { vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/".port = config.services.gitea.settings.server.HTTP_PORT;
port = config.services.gitea.settings.server.HTTP_PORT;
allowWAN = true;
};
}; };
}; };

View File

@ -13,10 +13,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/".port = config.services.invidious.port;
port = config.services.invidious.port;
allowWAN = true;
};
}; };
} }

View File

@ -10,12 +10,13 @@ in
systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce ""; systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce "";
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
inherit port allowLan; inherit port allowLan;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };
@ -25,6 +26,7 @@ in
proxyWebsockets = true; proxyWebsockets = true;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

View File

@ -76,6 +76,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

View File

@ -10,7 +10,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/".port = config.services.libreddit.port; locations."/".port = config.services.libreddit.port;
}; };
} }

View File

@ -28,6 +28,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

View File

@ -1,38 +0,0 @@
{ config, ... }:
let
domain = "pino.giugl.io";
backendPort = 3000;
frontendPort = 3002;
in
{
architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ];
locations."/" = {
host = "172.17.0.1";
port = frontendPort;
allowLan = true;
allow = [ config.architect.networks."tailscale".net ];
};
};
virtualisation.oci-containers = {
containers = {
big-agi = {
image = "ghcr.io/enricoros/big-agi:main";
autoStart = true;
ports = [
"172.17.0.1:${toString frontendPort}:${toString backendPort}"
];
environmentFiles = [
"/var/lib/llm/big-agi.env"
];
extraOptions = [
"--pull=always"
];
};
};
};
}

View File

@ -111,6 +111,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

View File

@ -19,6 +19,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

View File

@ -30,6 +30,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

View File

@ -22,7 +22,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 4533; port = 4533;
allowLan = true; allowLan = true;

View File

@ -78,6 +78,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

View File

@ -10,7 +10,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" "lan" ]; dnsInterfaces = [ "tailscale" "wireguard" "lan" ];
locations."/" = { locations."/" = {
port = 6789; port = 6789;

View File

@ -113,12 +113,6 @@ in
default = ""; default = "";
}; };
allowWAN = mkOption {
type = types.bool;
default = false;
description = "If set to false, deny all WAN traffic.";
};
deny = mkOption { deny = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
@ -146,9 +140,9 @@ in
proxyPass = "http://${location.host}:${toString location.port}${location.path}"; proxyPass = "http://${location.host}:${toString location.port}${location.path}";
proxyWebsockets = location.proxyWebsockets; proxyWebsockets = location.proxyWebsockets;
extraConfig = '' extraConfig = ''
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} ${optionalString location.allowLan "deny 10.0.0.1;"}
${optionalString (!location.allowWAN) "deny all;"}
${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny} ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''} ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''}
'' + location.extraConfig; '' + location.extraConfig;
}) })

View File

@ -17,7 +17,7 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
inherit port; inherit port;
@ -25,6 +25,7 @@ in
proxyWebsockets = true; proxyWebsockets = true;
# allowLan = true; # allowLan = true;
# allow = [ # allow = [
# wireguard.net
# tailscale.net # tailscale.net
# ]; # ];
extraConfig = '' extraConfig = ''

View File

@ -45,6 +45,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

View File

@ -7,7 +7,7 @@ in
services.prowlarr.enable = true; services.prowlarr.enable = true;
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 9696; port = 9696;

View File

@ -10,12 +10,13 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "wireguard" "tailscale" ];
locations."/" = { locations."/" = {
port = 7878; port = 7878;
allowLan = true; allowLan = true;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

View File

@ -43,6 +43,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

View File

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { mach-nix, lib, config, pkgs, ... }:
let let
domain = "search.giugl.io"; domain = "gugol.giugl.io";
network = import ./network.nix;
in in
{ {
services = { services = {
@ -18,14 +19,14 @@ in
}; };
general = { general = {
instance_name = "PepoSearch"; instance_name = "Pepe's Gugol";
contact_url = "mailto:search@depasquale.giugl.io"; contact_url = "mailto:gugol@depasquale.giugl.io";
enable_metrics = true; enable_metrics = false;
}; };
search = { search = {
safe_search = 0; safe_search = 0;
autocomplete = "google"; autocomplete = "qwant";
prefer_configured_language = false; prefer_configured_language = false;
}; };
@ -42,23 +43,24 @@ in
{ name = "google"; disabled = false; } { name = "google"; disabled = false; }
{ name = "bing"; disabled = false; } { name = "bing"; disabled = false; }
{ name = "qwant"; disabled = false; } { name = "qwant"; disabled = false; }
{ name = "brave"; disabled = false; } { name = "duckduckgo"; disabled = false; }
# keep getting access denied (!?)
{ name = "duckduckgo"; disabled = true; }
]; ];
}; };
}; };
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
};
};
}; };
architect.vhost.${domain} = with config.architect.networks; { networking.extraHosts = ''
dnsInterfaces = [ "tailscale" ]; ${network.architect-lan} ${domain}
locations."/" = { ${network.architect-wg} ${domain}
port = config.services.searx.settings.server.port; ${network.architect-ts} ${domain}
allowLan = true; '';
allow = [
tailscale.net
];
};
};
} }

View File

@ -10,10 +10,10 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 8989; port = 6969;
allowLan = true; allowLan = true;
}; };
}; };

View File

@ -19,8 +19,7 @@ in
dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; }; dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; }; manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; }; tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
# ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; }; ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
ucsb-workstation = { address = "100.64.0.10"; hostname = "ucsb-workstation.${domain}"; };
alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; }; alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; }; parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; };
}; };

View File

@ -0,0 +1,218 @@
{ config, lib, ... }:
let
listenPort = 1194;
domain = "devs.giugl.io";
interface = "wireguard";
utilities = import ./utilities.nix { inherit lib config; };
inherit (utilities) generateDeviceStrings getDeviceAddress;
getWireguardDeviceAddress = getDeviceAddress "wireguard";
in
{
architect = {
firewall = {
openUDP = lib.singleton listenPort;
openUDPVPN = lib.singleton listenPort;
};
networks.${interface} = {
interface = "wg0";
net = "10.3.0.0/24";
devices = {
architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
};
};
};
networking = {
extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;
wireguard = {
interfaces.${config.architect.networks.wireguard.interface} = {
inherit listenPort;
ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
privateKeyFile = "/secrets/wireguard/server.key";
peers = [
{
# Antonio
allowedIPs = [ (getWireguardDeviceAddress "antonio") ];
publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
}
{
# GBEAST
allowedIPs = [ (getWireguardDeviceAddress "gbeast") ];
publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
}
{
# shield
allowedIPs = [ (getWireguardDeviceAddress "shield") ];
publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
}
{
# salvatore
allowedIPs = [ (getWireguardDeviceAddress "salvatore") ];
publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
}
{
# papa
allowedIPs = [ (getWireguardDeviceAddress "papa") ];
publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
}
{
# defy
allowedIPs = [ (getWireguardDeviceAddress "defy") ];
publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
}
{
# germano
allowedIPs = [ (getWireguardDeviceAddress "germano") ];
publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
}
{
# flavio
allowedIPs = [ (getWireguardDeviceAddress "flavio") ];
publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
}
{
# alain
allowedIPs = [ (getWireguardDeviceAddress "alain") ];
publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
}
{
# dima
allowedIPs = [ (getWireguardDeviceAddress "dima") ];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
}
{
# mikey
allowedIPs = [ (getWireguardDeviceAddress "mikey") ];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
}
{
# andrew
allowedIPs = [ (getWireguardDeviceAddress "andrew") ];
publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
}
{
# mikey laptop
allowedIPs = [ (getWireguardDeviceAddress "mikeylaptop") ];
publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
}
{
# andrew desktop
allowedIPs = [ (getWireguardDeviceAddress "andrewdesktop") ];
publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
}
{
# laptop desktop
allowedIPs = [ (getWireguardDeviceAddress "jacopo") ];
publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
}
{
# frznn
allowedIPs = [ (getWireguardDeviceAddress "frznn") ];
publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
}
{
# ludo
allowedIPs = [ (getWireguardDeviceAddress "ludo") ];
publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
}
{
# parina
allowedIPs = [ (getWireguardDeviceAddress "parina") ];
publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
}
{
# nilo
allowedIPs = [ (getWireguardDeviceAddress "nilo") ];
publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
}
{
# parina ipad
allowedIPs = [ (getWireguardDeviceAddress "parina-ipad") ];
publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
}
{
# kcl vm
allowedIPs = [ (getWireguardDeviceAddress "kclvm") ];
publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca") ];
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_one") ];
publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_two") ];
publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_three") ];
publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_four") ];
publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
}
];
};
};
};
}

View File

@ -23,6 +23,7 @@ in
cursorline = true cursorline = true
true-color = true true-color = true
gutters = ["diff", "diagnostics", "line-numbers", "spacer"] gutters = ["diff", "diagnostics", "line-numbers", "spacer"]
completion-replace = true
[editor.cursor-shape] [editor.cursor-shape]
insert = "bar" insert = "bar"