From dffc51471be31a2f5f79250d2b5de4618178afbf Mon Sep 17 00:00:00 2001
From: muon <admin@muon.host>
Date: Thu, 28 Nov 2024 18:04:31 +0000
Subject: [PATCH] Add wireguard

---
 hosts/muho/configuration.nix   |  2 +-
 modules/nixos/core/network.nix | 29 ++++++++++++++---------------
 modules/nixos/server/media.nix |  3 ++-
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/hosts/muho/configuration.nix b/hosts/muho/configuration.nix
index aa870f2..e803946 100644
--- a/hosts/muho/configuration.nix
+++ b/hosts/muho/configuration.nix
@@ -32,7 +32,7 @@ in {
   mods.server.sync.enable = false;
   mods.tailscale.enable = true;
   mods.openvpn.enable = false;
-  mods.wireguard.enable = false;
+  mods.wireguard.enable = true;
 
   services.xserver.windowManager.i3.enable = true;
 
diff --git a/modules/nixos/core/network.nix b/modules/nixos/core/network.nix
index aab8f0b..62e828a 100644
--- a/modules/nixos/core/network.nix
+++ b/modules/nixos/core/network.nix
@@ -3,7 +3,7 @@
     tailscale.enable = lib.mkEnableOption "enables tailscale";
     wireguard.enable = lib.mkEnableOption "enables wireguard client";
     openvpn.enable = lib.mkEnableOption "enables openvpn config";
-    openvpn.config = let 
+    openvpn.config = let
       username = "${config.mods.user.name}";
       folder = "${config.users.users.${username}.home}/documents/openvpn/";
       file = "${config.mods.user.name}.ovpn";
@@ -20,29 +20,28 @@
     services.tailscale.enable = config.mods.tailscale.enable;
 
     services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
-      remote.config = ''config ${config.mods.openvpn.config}'';
+      remote.config = "config ${config.mods.openvpn.config}";
     };
 
     networking.firewall = lib.mkIf config.mods.wireguard.enable {
-      allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
+      allowedUDPPorts =
+        [ 51820 ]; # Clients and peers can use the same port, see listenport
     };
     networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable {
       wg0 = {
-        address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ];
+        address = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64" ];
         dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
         mtu = 1500;
         privateKeyFile = "/home/muon/wireguard-keys/private";
-      
-        peers = [
-          {
-            publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
-            presharedKeyFile = "/home/muon/wireguard-keys/psk-muon";
-            allowedIPs = [ "0.0.0.0/0" "::/0" ];
-            # ip route add 93.95.230.11 via 192.168.0.1
-            endpoint = "93.95.230.11:51820";
-            persistentKeepalive = 25;
-          }
-        ];
+
+        peers = [{
+          publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
+          presharedKeyFile = "/home/muon/wireguard-keys/psk-muho";
+          allowedIPs = [ "0.0.0.0/0" "::/0" ];
+          # ip route add 93.95.230.11 via 192.168.0.1
+          endpoint = "93.95.230.11:51820";
+          persistentKeepalive = 25;
+        }];
       };
     };
 
diff --git a/modules/nixos/server/media.nix b/modules/nixos/server/media.nix
index f2666b1..b58a008 100644
--- a/modules/nixos/server/media.nix
+++ b/modules/nixos/server/media.nix
@@ -10,12 +10,13 @@
     services.jellyfin = {
       enable = true;
       openFirewall = true;
-      # user = "${config.mods.user.name}";
+      user = "${config.mods.user.name}";
     };
 
     services.immich = {
       enable = true;
       openFirewall = true;
+      host = "0.0.0.0";
       # user = "${config.mods.user.name}";
     };
   };