muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add wireguard

Browse source
This commit is contained in:
muon 2024-11-28 18:04:31 +00:00
parent f92782f3d8
commit dffc51471b
3 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/muho/configuration.nix
View file

@ -32,7 +32,7 @@ in {
mods.server.sync.enable = false; mods.server.sync.enable = false;
mods.tailscale.enable = true; mods.tailscale.enable = true;
mods.openvpn.enable = false; mods.openvpn.enable = false;
mods.wireguard.enable = false; mods.wireguard.enable = true;
services.xserver.windowManager.i3.enable = true; services.xserver.windowManager.i3.enable = true;

29
modules/nixos/core/network.nix
View file

@ -3,7 +3,7 @@
tailscale.enable = lib.mkEnableOption "enables tailscale"; tailscale.enable = lib.mkEnableOption "enables tailscale";
wireguard.enable = lib.mkEnableOption "enables wireguard client"; wireguard.enable = lib.mkEnableOption "enables wireguard client";
openvpn.enable = lib.mkEnableOption "enables openvpn config"; openvpn.enable = lib.mkEnableOption "enables openvpn config";
openvpn.config = let openvpn.config = let
username = "${config.mods.user.name}"; username = "${config.mods.user.name}";
folder = "${config.users.users.${username}.home}/documents/openvpn/"; folder = "${config.users.users.${username}.home}/documents/openvpn/";
file = "${config.mods.user.name}.ovpn"; file = "${config.mods.user.name}.ovpn";
@ -20,29 +20,28 @@
services.tailscale.enable = config.mods.tailscale.enable; services.tailscale.enable = config.mods.tailscale.enable;
services.openvpn.servers = lib.mkIf config.mods.openvpn.enable { services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
remote.config = ''config ${config.mods.openvpn.config}''; remote.config = "config ${config.mods.openvpn.config}";
}; };
networking.firewall = lib.mkIf config.mods.wireguard.enable { networking.firewall = lib.mkIf config.mods.wireguard.enable {
allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport allowedUDPPorts =
[ 51820 ]; # Clients and peers can use the same port, see listenport
}; };
networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable { networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable {
wg0 = { wg0 = {
address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ]; address = [ "10.0.0.3/24" "fdc9:281f:04d7:9ee9::3/64" ];
dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ]; dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ];
mtu = 1500; mtu = 1500;
privateKeyFile = "/home/muon/wireguard-keys/private"; privateKeyFile = "/home/muon/wireguard-keys/private";
peers = [ peers = [{
{ publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; presharedKeyFile = "/home/muon/wireguard-keys/psk-muho";
presharedKeyFile = "/home/muon/wireguard-keys/psk-muon"; allowedIPs = [ "0.0.0.0/0" "::/0" ];
allowedIPs = [ "0.0.0.0/0" "::/0" ]; # ip route add 93.95.230.11 via 192.168.0.1
# ip route add 93.95.230.11 via 192.168.0.1 endpoint = "93.95.230.11:51820";
endpoint = "93.95.230.11:51820"; persistentKeepalive = 25;
persistentKeepalive = 25; }];
}
];
}; };
}; };

3
modules/nixos/server/media.nix
View file

@ -10,12 +10,13 @@
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
# user = "${config.mods.user.name}"; user = "${config.mods.user.name}";
}; };
services.immich = { services.immich = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
host = "0.0.0.0";
# user = "${config.mods.user.name}"; # user = "${config.mods.user.name}";
}; };
}; };