peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: peperunas:190bff3ac0448aad3bed8aafe32c7fe84c283977
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit
..
compare: peperunas:08d5181da848f6110d1fa08a6a62c4272a5a295a
Branches Tags
peperunas:master
peperunas:nixos-21.11
peperunas:laptopshit

No commits in common. "190bff3ac0448aad3bed8aafe32c7fe84c283977" and "08d5181da848f6110d1fa08a6a62c4272a5a295a" have entirely different histories.
190bff3ac0 ... 08d5181da8

31 changed files with 327 additions and 106 deletions
Show Stats Expand all files Collapse all files

12
flake.lock generated
View File

@ -23,11 +23,11 @@
}, },
"nixos-unstable": { "nixos-unstable": {
"locked": { "locked": {
"lastModified": 1697723726, "lastModified": 1696019113,
"narHash": "sha256-SaTWPkI8a5xSHX/rrKzUe+/uVNy6zCGMXgoeMb7T9rg=", "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7c9cc5a6e5d38010801741ac830a3f8fd667a7a0", "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -39,11 +39,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1697891198, "lastModified": 1696275639,
"narHash": "sha256-ckL4NDWuZaxu+sMUPze98xQCdMUm+Q11Yb7DFasE/7E=", "narHash": "sha256-3zShVFShYM2/n4p3Y2hzTzIE0zjR6/G1sDXo4awMR/w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8643a0aff085eb3fbb27cb30c0e1af9585168fcb", "rev": "cb1f8c37d44052b9fd2b6bd208ec4dbbe068cced",
"type": "github" "type": "github"
}, },
"original": { "original": {

3
hosts/architect/bazarr.nix
View File

@ -10,12 +10,13 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "wireguard" "tailscale" ];
locations."/" = { locations."/" = {
allowLan = true; allowLan = true;
port = 6767; port = 6767;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

1
hosts/architect/calibre.nix
View File

@ -32,6 +32,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

4
hosts/architect/default.nix
View File

@ -22,6 +22,7 @@ in
./bazarr.nix ./bazarr.nix
./nzbget.nix ./nzbget.nix
./nextcloud.nix ./nextcloud.nix
./wireguard.nix
./minio.nix ./minio.nix
./matrix.nix ./matrix.nix
./fail2ban.nix ./fail2ban.nix
@ -40,10 +41,9 @@ in
./keycloak.nix ./keycloak.nix
# ./runas.nix # ./runas.nix
./tailscale.nix ./tailscale.nix
./searx.nix # ./searx.nix
./plex.nix ./plex.nix
./headscale.nix ./headscale.nix
./llm.nix
]; ];
architect = { architect = {

3
hosts/architect/deluge.nix
View File

@ -39,13 +39,14 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
allowLan = true; allowLan = true;
port = 8112; port = 8112;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

2
hosts/architect/dns.nix
View File

@ -8,7 +8,7 @@ in
firewall.openUDPVPN = [ 53 ]; firewall.openUDPVPN = [ 53 ];
vhost.${domain} = { vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = with config; { locations."/" = with config; {
port = services.adguardhome.settings.bind_port; port = services.adguardhome.settings.bind_port;

36
hosts/architect/firewall.nix
View File

@ -16,6 +16,23 @@ let
(deviceAddress "tailscale" "kmerr") (deviceAddress "tailscale" "kmerr")
(deviceAddress "tailscale" "chuck") (deviceAddress "tailscale" "chuck")
]; ];
wireguardToWAN = [
(deviceAddress "wireguard" "shield")
(deviceAddress "wireguard" "parina")
(deviceAddress "wireguard" "parina-ipad")
(deviceAddress "wireguard" "germano")
];
frameccaDevices = [
(deviceAddress "wireguard" "framecca")
(deviceAddress "wireguard" "framecca_one")
(deviceAddress "wireguard" "framecca_two")
(deviceAddress "wireguard" "framecca_three")
(deviceAddress "wireguard" "framecca_four")
];
clientToClientWireguard = frameccaDevices;
in in
{ {
networking = { networking = {
@ -54,6 +71,9 @@ in
chain POSTROUTING { chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept; type nat hook postrouting priority srcnat; policy accept;
oifname ${lan.interface} ip saddr {${
lib.concatStringsSep "," wireguardToWAN
}} masquerade
oifname ${lan.interface} ip saddr ${docker.net} masquerade oifname ${lan.interface} ip saddr ${docker.net} masquerade
oifname ${lan.interface} ip saddr ${tailscale.net} masquerade oifname ${lan.interface} ip saddr ${tailscale.net} masquerade
} }
@ -65,8 +85,10 @@ in
ct state invalid,untracked drop comment "drop invalid" ct state invalid,untracked drop comment "drop invalid"
ip daddr 255.255.255.255 accept comment "allow broadcast traffic" ip daddr 255.255.255.255 accept comment "allow broadcast traffic"
ip daddr 224.0.0.0/4 accept comment "allow multicast traffic" ip daddr 224.0.0.0/4 accept comment "allow multicast traffic"
iifname ${lan.interface} ip saddr ${wireguard.net} drop comment "bind any ip to intf ${lan.interface}"
iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} ip saddr 127.0.0.0/8 drop comment "bind any ip to intf ${lan.interface}"
iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}" iifname ${lan.interface} accept comment "bind any ip to intf ${lan.interface}"
iifname ${wireguard.interface} ip saddr ${wireguard.net} accept comment "bind ip ${wireguard.net} to intf ${wireguard.interface}"
iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}" iifname ${docker.interface} ip saddr ${docker.net} accept comment "bind ip ${docker.net} to intf ${docker.interface}"
iifname ${tailscale.interface} ip saddr ${tailscale.net} accept iifname ${tailscale.interface} ip saddr ${tailscale.net} accept
iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept iifname ${tailscale.interface} ip saddr 100.100.100.100/32 accept
@ -129,6 +151,10 @@ in
iifname ${lan.interface} tcp dport {${openTCP}} accept iifname ${lan.interface} tcp dport {${openTCP}} accept
iifname ${lan.interface} udp dport {${openUDP}} accept iifname ${lan.interface} udp dport {${openUDP}} accept
iifname ${wireguard.interface} tcp dport {${openTCPVPN}} accept
iifname ${wireguard.interface} udp dport {${openUDPVPN}} accept
iifname ${wireguard.interface} icmp type echo-request accept
jump filter_drop jump filter_drop
} }
@ -136,6 +162,16 @@ in
type filter hook forward priority filter; policy drop; type filter hook forward priority filter; policy drop;
ct state established,related accept ct state established,related accept
# client to client
ip saddr {${lib.concatStringsSep "," clientToClientWireguard}} ip daddr {${
lib.concatStringsSep "," clientToClientWireguard
}} accept
# nat to wan
oifname ${lan.interface} ip saddr {${
lib.concatStringsSep "," wireguardToWAN
}} accept
oifname ${lan.interface} ip saddr ${docker.net} accept oifname ${lan.interface} ip saddr ${docker.net} accept
oifname ${lan.interface} ip saddr ${tailscale.net} accept oifname ${lan.interface} ip saddr ${tailscale.net} accept

7
hosts/architect/gitea.nix
View File

@ -7,11 +7,8 @@ in
architect = { architect = {
firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
vhost.${domain} = { vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/".port = config.services.gitea.settings.server.HTTP_PORT;
port = config.services.gitea.settings.server.HTTP_PORT;
allowWAN = true;
};
}; };
}; };

7
hosts/architect/invidious.nix
View File

@ -13,10 +13,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/".port = config.services.invidious.port;
port = config.services.invidious.port;
allowWAN = true;
};
}; };
} }

4
hosts/architect/jellyfin.nix
View File

@ -10,12 +10,13 @@ in
systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce ""; systemd.services.jellyfin.serviceConfig.StateDirectory = lib.mkForce "";
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
inherit port allowLan; inherit port allowLan;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };
@ -25,6 +26,7 @@ in
proxyWebsockets = true; proxyWebsockets = true;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

1
hosts/architect/keycloak.nix
View File

@ -76,6 +76,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

2
hosts/architect/libreddit.nix
View File

@ -10,7 +10,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/".port = config.services.libreddit.port; locations."/".port = config.services.libreddit.port;
}; };
} }

1
hosts/architect/lidarr.nix
View File

@ -28,6 +28,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

38
hosts/architect/llm.nix
View File

@ -1,38 +0,0 @@
{ config, ... }:
let
domain = "pino.giugl.io";
backendPort = 3000;
frontendPort = 3002;
in
{
architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ];
locations."/" = {
host = "172.17.0.1";
port = frontendPort;
allowLan = true;
allow = [ config.architect.networks."tailscale".net ];
};
};
virtualisation.oci-containers = {
containers = {
big-agi = {
image = "ghcr.io/enricoros/big-agi:main";
autoStart = true;
ports = [
"172.17.0.1:${toString frontendPort}:${toString backendPort}"
];
environmentFiles = [
"/var/lib/llm/big-agi.env"
];
extraOptions = [
"--pull=always"
];
};
};
};
}

1
hosts/architect/matrix.nix
View File

@ -111,6 +111,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

1
hosts/architect/minecraft.nix
View File

@ -19,6 +19,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

1
hosts/architect/minio.nix
View File

@ -30,6 +30,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

2
hosts/architect/navidrome.nix
View File

@ -22,7 +22,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 4533; port = 4533;
allowLan = true; allowLan = true;

1
hosts/architect/nextcloud.nix
View File

@ -78,6 +78,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

2
hosts/architect/nzbget.nix
View File

@ -10,7 +10,7 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" "lan" ]; dnsInterfaces = [ "tailscale" "wireguard" "lan" ];
locations."/" = { locations."/" = {
port = 6789; port = 6789;

10
hosts/architect/options.nix
View File

@ -113,12 +113,6 @@ in
default = ""; default = "";
}; };
allowWAN = mkOption {
type = types.bool;
default = false;
description = "If set to false, deny all WAN traffic.";
};
deny = mkOption { deny = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
@ -146,9 +140,9 @@ in
proxyPass = "http://${location.host}:${toString location.port}${location.path}"; proxyPass = "http://${location.host}:${toString location.port}${location.path}";
proxyWebsockets = location.proxyWebsockets; proxyWebsockets = location.proxyWebsockets;
extraConfig = '' extraConfig = ''
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} ${optionalString location.allowLan "deny 10.0.0.1;"}
${optionalString (!location.allowWAN) "deny all;"}
${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny} ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny}
${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow}
${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''} ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''}
'' + location.extraConfig; '' + location.extraConfig;
}) })

3
hosts/architect/plex.nix
View File

@ -17,7 +17,7 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "lan" "tailscale" ]; dnsInterfaces = [ "lan" "wireguard" "tailscale" ];
locations = { locations = {
"/" = { "/" = {
inherit port; inherit port;
@ -25,6 +25,7 @@ in
proxyWebsockets = true; proxyWebsockets = true;
# allowLan = true; # allowLan = true;
# allow = [ # allow = [
# wireguard.net
# tailscale.net # tailscale.net
# ]; # ];
extraConfig = '' extraConfig = ''

1
hosts/architect/prosody.nix
View File

@ -45,6 +45,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';

2
hosts/architect/prowlarr.nix
View File

@ -7,7 +7,7 @@ in
services.prowlarr.enable = true; services.prowlarr.enable = true;
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 9696; port = 9696;

3
hosts/architect/radarr.nix
View File

@ -10,12 +10,13 @@ in
}; };
architect.vhost.${domain} = with config.architect.networks; { architect.vhost.${domain} = with config.architect.networks; {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "wireguard" "tailscale" ];
locations."/" = { locations."/" = {
port = 7878; port = 7878;
allowLan = true; allowLan = true;
allow = [ allow = [
wireguard.net
tailscale.net tailscale.net
]; ];
}; };

1
hosts/architect/runas.nix
View File

@ -43,6 +43,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "lan"} ${domain}
${architectInterfaceAddress "wireguard"} ${domain}
${architectInterfaceAddress "tailscale"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain}
''; '';
} }

42
hosts/architect/searx.nix
View File

@ -1,7 +1,8 @@
{ config, pkgs, ... }: { mach-nix, lib, config, pkgs, ... }:
let let
domain = "search.giugl.io"; domain = "gugol.giugl.io";
network = import ./network.nix;
in in
{ {
services = { services = {
@ -18,14 +19,14 @@ in
}; };
general = { general = {
instance_name = "PepoSearch"; instance_name = "Pepe's Gugol";
contact_url = "mailto:search@depasquale.giugl.io"; contact_url = "mailto:gugol@depasquale.giugl.io";
enable_metrics = true; enable_metrics = false;
}; };
search = { search = {
safe_search = 0; safe_search = 0;
autocomplete = "google"; autocomplete = "qwant";
prefer_configured_language = false; prefer_configured_language = false;
}; };
@ -42,23 +43,24 @@ in
{ name = "google"; disabled = false; } { name = "google"; disabled = false; }
{ name = "bing"; disabled = false; } { name = "bing"; disabled = false; }
{ name = "qwant"; disabled = false; } { name = "qwant"; disabled = false; }
{ name = "brave"; disabled = false; } { name = "duckduckgo"; disabled = false; }
# keep getting access denied (!?)
{ name = "duckduckgo"; disabled = true; }
]; ];
}; };
}; };
nginx.virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.searx.settings.server.port}";
};
};
}; };
architect.vhost.${domain} = with config.architect.networks; { networking.extraHosts = ''
dnsInterfaces = [ "tailscale" ]; ${network.architect-lan} ${domain}
locations."/" = { ${network.architect-wg} ${domain}
port = config.services.searx.settings.server.port; ${network.architect-ts} ${domain}
allowLan = true; '';
allow = [
tailscale.net
];
};
};
} }

4
hosts/architect/sonarr.nix
View File

@ -10,10 +10,10 @@ in
}; };
architect.vhost.${domain} = { architect.vhost.${domain} = {
dnsInterfaces = [ "tailscale" ]; dnsInterfaces = [ "tailscale" "wireguard" ];
locations."/" = { locations."/" = {
port = 8989; port = 6969;
allowLan = true; allowLan = true;
}; };
}; };

3
hosts/architect/tailscale.nix
View File

@ -19,8 +19,7 @@ in
dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; }; dodino = { address = "100.64.0.5"; hostname = "dodino.${domain}"; };
manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; }; manduria = { address = "100.64.0.6"; hostname = "manduria.${domain}"; };
tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; }; tommy = { address = "100.64.0.7"; hostname = "tommy.${domain}"; };
# ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; }; ucsb-workstation = { address = "100.64.0.8"; hostname = "ucsb-workstation.${domain}"; };
ucsb-workstation = { address = "100.64.0.10"; hostname = "ucsb-workstation.${domain}"; };
alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; }; alfredo = { address = "100.64.0.9"; hostname = "alfredo.${domain}"; };
parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; }; parallels = { address = "100.64.0.3"; hostname = "parallels.${domain}"; };
}; };

218
hosts/architect/wireguard.nix Normal file
View File

@ -0,0 +1,218 @@
{ config, lib, ... }:
let
listenPort = 1194;
domain = "devs.giugl.io";
interface = "wireguard";
utilities = import ./utilities.nix { inherit lib config; };
inherit (utilities) generateDeviceStrings getDeviceAddress;
getWireguardDeviceAddress = getDeviceAddress "wireguard";
in
{
architect = {
firewall = {
openUDP = lib.singleton listenPort;
openUDPVPN = lib.singleton listenPort;
};
networks.${interface} = {
interface = "wg0";
net = "10.3.0.0/24";
devices = {
architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
};
};
};
networking = {
extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;
wireguard = {
interfaces.${config.architect.networks.wireguard.interface} = {
inherit listenPort;
ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
privateKeyFile = "/secrets/wireguard/server.key";
peers = [
{
# Antonio
allowedIPs = [ (getWireguardDeviceAddress "antonio") ];
publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
}
{
# GBEAST
allowedIPs = [ (getWireguardDeviceAddress "gbeast") ];
publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
}
{
# shield
allowedIPs = [ (getWireguardDeviceAddress "shield") ];
publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
}
{
# salvatore
allowedIPs = [ (getWireguardDeviceAddress "salvatore") ];
publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
}
{
# papa
allowedIPs = [ (getWireguardDeviceAddress "papa") ];
publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
}
{
# defy
allowedIPs = [ (getWireguardDeviceAddress "defy") ];
publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
}
{
# germano
allowedIPs = [ (getWireguardDeviceAddress "germano") ];
publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
}
{
# flavio
allowedIPs = [ (getWireguardDeviceAddress "flavio") ];
publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
}
{
# alain
allowedIPs = [ (getWireguardDeviceAddress "alain") ];
publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
}
{
# dima
allowedIPs = [ (getWireguardDeviceAddress "dima") ];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
}
{
# mikey
allowedIPs = [ (getWireguardDeviceAddress "mikey") ];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
}
{
# andrew
allowedIPs = [ (getWireguardDeviceAddress "andrew") ];
publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
}
{
# mikey laptop
allowedIPs = [ (getWireguardDeviceAddress "mikeylaptop") ];
publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
}
{
# andrew desktop
allowedIPs = [ (getWireguardDeviceAddress "andrewdesktop") ];
publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
}
{
# laptop desktop
allowedIPs = [ (getWireguardDeviceAddress "jacopo") ];
publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
}
{
# frznn
allowedIPs = [ (getWireguardDeviceAddress "frznn") ];
publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
}
{
# ludo
allowedIPs = [ (getWireguardDeviceAddress "ludo") ];
publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
}
{
# parina
allowedIPs = [ (getWireguardDeviceAddress "parina") ];
publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
}
{
# nilo
allowedIPs = [ (getWireguardDeviceAddress "nilo") ];
publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
}
{
# parina ipad
allowedIPs = [ (getWireguardDeviceAddress "parina-ipad") ];
publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
}
{
# kcl vm
allowedIPs = [ (getWireguardDeviceAddress "kclvm") ];
publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca") ];
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_one") ];
publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_two") ];
publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_three") ];
publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
}
{
allowedIPs = [ (getWireguardDeviceAddress "framecca_four") ];
publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
}
];
};
};
};
}

1
roles/home/helix.nix
View File

@ -23,6 +23,7 @@ in
cursorline = true cursorline = true
true-color = true true-color = true
gutters = ["diff", "diagnostics", "line-numbers", "spacer"] gutters = ["diff", "diagnostics", "line-numbers", "spacer"]
completion-replace = true
[editor.cursor-shape] [editor.cursor-shape]
insert = "bar" insert = "bar"