From acaebe08f7a3fd0b68a1c14a233b1a72b8fbf48a Mon Sep 17 00:00:00 2001 From: iFargle Date: Fri, 6 Oct 2023 12:52:40 +0900 Subject: [PATCH] Begin wg forwarder testing --- .sops.yaml | 8 +++++++- README.md | 2 +- nixos/hosts/nixos-rpi4-01/default.nix | 22 +++++++++++++++++++++ nixos/hosts/osaka-vultr-01/default.nix | 27 ++++++++++++++++++++++++-- nixos/hosts/osaka-vultr-01/disks.nix | 6 ------ nixos/small.nix | 3 ++- nixos/users/albert/small.nix | 11 ----------- 7 files changed, 57 insertions(+), 22 deletions(-) delete mode 100644 nixos/users/albert/small.nix diff --git a/.sops.yaml b/.sops.yaml index 7de480ec..66c0a552 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -22,4 +22,10 @@ creation_rules: - *host_nixos-rpi4-01 - *host_nixos-rpi4-02 - *host_nixos-rpi4-03 - - *host_nixos-vm-01 \ No newline at end of file + - *host_nixos-vm-01 + + - path: secrets/wireguard.yaml + key_groups: + - pgp: + - *user_albert + - *host_nixos-rpi4-03 \ No newline at end of file diff --git a/README.md b/README.md index 46583000..3671f348 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Completed ToDo List [here](docs/complete.md) * NixOS Packages / Options Search - [Link](https://search.nixos.org/) * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) * ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration) - * NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introductiondddddd) + * NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introduction) ### Useful Links * FlakeHub - [Link](https://flakehub.com) diff --git a/nixos/hosts/nixos-rpi4-01/default.nix b/nixos/hosts/nixos-rpi4-01/default.nix index dd87f879..d442da00 100644 --- a/nixos/hosts/nixos-rpi4-01/default.nix +++ b/nixos/hosts/nixos-rpi4-01/default.nix @@ -50,4 +50,26 @@ # Temporary # networking.firewall.allowedTCPPorts = [ 22 ]; + + # Set up the secrets file: + sops.secrets."wireguard_keys/osaka-vultr-01/private" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; + + # Wireguard Forwarder + networking.wireguard = { + enable = true; + interfaces = { + "exit" = { + privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01"; + # Testing + peers."osaka-vultr-01" = { + publicKey = ""; + persistentKeepalive = 5; + endpoint = "64.176.54.57:51820" + }; + }; + }; + }; } \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix index cdf8b331..e57ef71f 100644 --- a/nixos/hosts/osaka-vultr-01/default.nix +++ b/nixos/hosts/osaka-vultr-01/default.nix @@ -3,7 +3,6 @@ ./disks.nix ]; nixpkgs.config.allowUnfree = false; - # boot.loader.efi.canTouchEfiVariables = lib.mkForce false; boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ]; boot.initrd.kernelModules = [ ]; @@ -16,5 +15,29 @@ time.timeZone = "Asia/Tokyo"; networking.hostName = "osaka-vultr-01"; - networking.firewall.allowedTCPPorts = [ 22 ]; + networking.firewall.allowedTCPPorts = [ + 22 + ]; + + # Set up the secrets file: + sops.secrets."wireguard_keys/osaka-vultr-01/private" = { + owner = "root"; + sopsFile = ../../../secrets/wireguard.yaml; + }; + + # Wireguard Forwarder + boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; }; + networking.wireguard = { + enable = true; + interfaces = { + "exit" = { + privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01"; + # Testing + peers."nixos-rpi4-01" = { + publicKey = ""; + persistentKeepalive = 5; + }; + }; + }; + }; } \ No newline at end of file diff --git a/nixos/hosts/osaka-vultr-01/disks.nix b/nixos/hosts/osaka-vultr-01/disks.nix index a5bcafa7..d8102680 100644 --- a/nixos/hosts/osaka-vultr-01/disks.nix +++ b/nixos/hosts/osaka-vultr-01/disks.nix @@ -1,11 +1,5 @@ { - # boot.loader.grub.enable = true; boot.loader.grub.enableCryptodisk = true; - # boot.initrd.luks.devices."crypted".device = "/dev/vda2"; - - # services.btrfs.autoScrub.enable = true; - # services.btrfs.autoScrub.interval = "weekly"; - disko.devices.disk.vda = { device = "/dev/vda"; type = "disk"; diff --git a/nixos/small.nix b/nixos/small.nix index 4501c9d0..1e7aa06d 100644 --- a/nixos/small.nix +++ b/nixos/small.nix @@ -9,8 +9,9 @@ # NixOS Modules ./common/modules/networking.nix # Initial Networking configs + ./common/modules/nixos.nix # Common NixOS Configurations - ./users/${username}/small.nix + ./users/${username} ./hosts/${hostname} ]; diff --git a/nixos/users/albert/small.nix b/nixos/users/albert/small.nix deleted file mode 100644 index b1792049..00000000 --- a/nixos/users/albert/small.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, desktop, lib, pkgs, ... }: { - users.mutableUsers = false; - users.users.albert = { - isNormalUser = true; - description = "Albert J. Copeland"; - extraGroups = [ "networkmanager" "wheel" ]; - # mkpasswd -m sha-512 - hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6"; - openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ]; - }; -} \ No newline at end of file