Begin wg forwarder testing
This commit is contained in:
parent
447b243a95
commit
acaebe08f7
7 changed files with 57 additions and 22 deletions
|
@ -22,4 +22,10 @@ creation_rules:
|
|||
- *host_nixos-rpi4-01
|
||||
- *host_nixos-rpi4-02
|
||||
- *host_nixos-rpi4-03
|
||||
- *host_nixos-vm-01
|
||||
- *host_nixos-vm-01
|
||||
|
||||
- path: secrets/wireguard.yaml
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *user_albert
|
||||
- *host_nixos-rpi4-03
|
|
@ -52,7 +52,7 @@ Completed ToDo List [here](docs/complete.md)
|
|||
* NixOS Packages / Options Search - [Link](https://search.nixos.org/)
|
||||
* Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/)
|
||||
* ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration)
|
||||
* NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introductiondddddd)
|
||||
* NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introduction)
|
||||
|
||||
### Useful Links
|
||||
* FlakeHub - [Link](https://flakehub.com)
|
||||
|
|
|
@ -50,4 +50,26 @@
|
|||
|
||||
# Temporary
|
||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
|
||||
# Set up the secrets file:
|
||||
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
|
||||
# Wireguard Forwarder
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces = {
|
||||
"exit" = {
|
||||
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
|
||||
# Testing
|
||||
peers."osaka-vultr-01" = {
|
||||
publicKey = "";
|
||||
persistentKeepalive = 5;
|
||||
endpoint = "64.176.54.57:51820"
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,7 +3,6 @@
|
|||
./disks.nix
|
||||
];
|
||||
nixpkgs.config.allowUnfree = false;
|
||||
# boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
|
@ -16,5 +15,29 @@
|
|||
time.timeZone = "Asia/Tokyo";
|
||||
networking.hostName = "osaka-vultr-01";
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
22
|
||||
];
|
||||
|
||||
# Set up the secrets file:
|
||||
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
|
||||
owner = "root";
|
||||
sopsFile = ../../../secrets/wireguard.yaml;
|
||||
};
|
||||
|
||||
# Wireguard Forwarder
|
||||
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||
networking.wireguard = {
|
||||
enable = true;
|
||||
interfaces = {
|
||||
"exit" = {
|
||||
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
||||
# Testing
|
||||
peers."nixos-rpi4-01" = {
|
||||
publicKey = "";
|
||||
persistentKeepalive = 5;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,11 +1,5 @@
|
|||
{
|
||||
# boot.loader.grub.enable = true;
|
||||
boot.loader.grub.enableCryptodisk = true;
|
||||
# boot.initrd.luks.devices."crypted".device = "/dev/vda2";
|
||||
|
||||
# services.btrfs.autoScrub.enable = true;
|
||||
# services.btrfs.autoScrub.interval = "weekly";
|
||||
|
||||
disko.devices.disk.vda = {
|
||||
device = "/dev/vda";
|
||||
type = "disk";
|
||||
|
|
|
@ -9,8 +9,9 @@
|
|||
|
||||
# NixOS Modules
|
||||
./common/modules/networking.nix # Initial Networking configs
|
||||
./common/modules/nixos.nix # Common NixOS Configurations
|
||||
|
||||
./users/${username}/small.nix
|
||||
./users/${username}
|
||||
./hosts/${hostname}
|
||||
];
|
||||
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
{ config, desktop, lib, pkgs, ... }: {
|
||||
users.mutableUsers = false;
|
||||
users.users.albert = {
|
||||
isNormalUser = true;
|
||||
description = "Albert J. Copeland";
|
||||
extraGroups = [ "networkmanager" "wheel" ];
|
||||
# mkpasswd -m sha-512
|
||||
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
||||
openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue