Begin wg forwarder testing

This commit is contained in:
iFargle 2023-10-06 12:52:40 +09:00
parent 447b243a95
commit acaebe08f7
7 changed files with 57 additions and 22 deletions

View file

@ -23,3 +23,9 @@ creation_rules:
- *host_nixos-rpi4-02 - *host_nixos-rpi4-02
- *host_nixos-rpi4-03 - *host_nixos-rpi4-03
- *host_nixos-vm-01 - *host_nixos-vm-01
- path: secrets/wireguard.yaml
key_groups:
- pgp:
- *user_albert
- *host_nixos-rpi4-03

View file

@ -52,7 +52,7 @@ Completed ToDo List [here](docs/complete.md)
* NixOS Packages / Options Search - [Link](https://search.nixos.org/) * NixOS Packages / Options Search - [Link](https://search.nixos.org/)
* Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/) * Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/)
* ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration) * ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration)
* NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introductiondddddd) * NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introduction)
### Useful Links ### Useful Links
* FlakeHub - [Link](https://flakehub.com) * FlakeHub - [Link](https://flakehub.com)

View file

@ -50,4 +50,26 @@
# Temporary # Temporary
# networking.firewall.allowedTCPPorts = [ 22 ]; # networking.firewall.allowedTCPPorts = [ 22 ];
# Set up the secrets file:
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
networking.wireguard = {
enable = true;
interfaces = {
"exit" = {
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
# Testing
peers."osaka-vultr-01" = {
publicKey = "";
persistentKeepalive = 5;
endpoint = "64.176.54.57:51820"
};
};
};
};
} }

View file

@ -3,7 +3,6 @@
./disks.nix ./disks.nix
]; ];
nixpkgs.config.allowUnfree = false; nixpkgs.config.allowUnfree = false;
# boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
@ -16,5 +15,29 @@
time.timeZone = "Asia/Tokyo"; time.timeZone = "Asia/Tokyo";
networking.hostName = "osaka-vultr-01"; networking.hostName = "osaka-vultr-01";
networking.firewall.allowedTCPPorts = [ 22 ]; networking.firewall.allowedTCPPorts = [
22
];
# Set up the secrets file:
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
owner = "root";
sopsFile = ../../../secrets/wireguard.yaml;
};
# Wireguard Forwarder
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
networking.wireguard = {
enable = true;
interfaces = {
"exit" = {
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
# Testing
peers."nixos-rpi4-01" = {
publicKey = "";
persistentKeepalive = 5;
};
};
};
};
} }

View file

@ -1,11 +1,5 @@
{ {
# boot.loader.grub.enable = true;
boot.loader.grub.enableCryptodisk = true; boot.loader.grub.enableCryptodisk = true;
# boot.initrd.luks.devices."crypted".device = "/dev/vda2";
# services.btrfs.autoScrub.enable = true;
# services.btrfs.autoScrub.interval = "weekly";
disko.devices.disk.vda = { disko.devices.disk.vda = {
device = "/dev/vda"; device = "/dev/vda";
type = "disk"; type = "disk";

View file

@ -9,8 +9,9 @@
# NixOS Modules # NixOS Modules
./common/modules/networking.nix # Initial Networking configs ./common/modules/networking.nix # Initial Networking configs
./common/modules/nixos.nix # Common NixOS Configurations
./users/${username}/small.nix ./users/${username}
./hosts/${hostname} ./hosts/${hostname}
]; ];

View file

@ -1,11 +0,0 @@
{ config, desktop, lib, pkgs, ... }: {
users.mutableUsers = false;
users.users.albert = {
isNormalUser = true;
description = "Albert J. Copeland";
extraGroups = [ "networkmanager" "wheel" ];
# mkpasswd -m sha-512
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ];
};
}