Begin wg forwarder testing
This commit is contained in:
parent
447b243a95
commit
acaebe08f7
7 changed files with 57 additions and 22 deletions
|
@ -22,4 +22,10 @@ creation_rules:
|
||||||
- *host_nixos-rpi4-01
|
- *host_nixos-rpi4-01
|
||||||
- *host_nixos-rpi4-02
|
- *host_nixos-rpi4-02
|
||||||
- *host_nixos-rpi4-03
|
- *host_nixos-rpi4-03
|
||||||
- *host_nixos-vm-01
|
- *host_nixos-vm-01
|
||||||
|
|
||||||
|
- path: secrets/wireguard.yaml
|
||||||
|
key_groups:
|
||||||
|
- pgp:
|
||||||
|
- *user_albert
|
||||||
|
- *host_nixos-rpi4-03
|
|
@ -52,7 +52,7 @@ Completed ToDo List [here](docs/complete.md)
|
||||||
* NixOS Packages / Options Search - [Link](https://search.nixos.org/)
|
* NixOS Packages / Options Search - [Link](https://search.nixos.org/)
|
||||||
* Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/)
|
* Nix User Repository (NUR) Search - [Link](https://nur.nix-community.org/)
|
||||||
* ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration)
|
* ARM NixOS Building - [Link](https://nixos.wiki/wiki/NixOS_on_ARM#NixOS_installation_.26_configuration)
|
||||||
* NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introductiondddddd)
|
* NixOS Manual - [Link](https://nixos.org/manual/nix/unstable/introduction)
|
||||||
|
|
||||||
### Useful Links
|
### Useful Links
|
||||||
* FlakeHub - [Link](https://flakehub.com)
|
* FlakeHub - [Link](https://flakehub.com)
|
||||||
|
|
|
@ -50,4 +50,26 @@
|
||||||
|
|
||||||
# Temporary
|
# Temporary
|
||||||
# networking.firewall.allowedTCPPorts = [ 22 ];
|
# networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
|
# Set up the secrets file:
|
||||||
|
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../../secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Wireguard Forwarder
|
||||||
|
networking.wireguard = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = {
|
||||||
|
"exit" = {
|
||||||
|
privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-01";
|
||||||
|
# Testing
|
||||||
|
peers."osaka-vultr-01" = {
|
||||||
|
publicKey = "";
|
||||||
|
persistentKeepalive = 5;
|
||||||
|
endpoint = "64.176.54.57:51820"
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
|
@ -3,7 +3,6 @@
|
||||||
./disks.nix
|
./disks.nix
|
||||||
];
|
];
|
||||||
nixpkgs.config.allowUnfree = false;
|
nixpkgs.config.allowUnfree = false;
|
||||||
# boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
boot.initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "virtio_pci" "virtio_blk" "sr_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
|
@ -16,5 +15,29 @@
|
||||||
time.timeZone = "Asia/Tokyo";
|
time.timeZone = "Asia/Tokyo";
|
||||||
networking.hostName = "osaka-vultr-01";
|
networking.hostName = "osaka-vultr-01";
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
22
|
||||||
|
];
|
||||||
|
|
||||||
|
# Set up the secrets file:
|
||||||
|
sops.secrets."wireguard_keys/osaka-vultr-01/private" = {
|
||||||
|
owner = "root";
|
||||||
|
sopsFile = ../../../secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Wireguard Forwarder
|
||||||
|
boot.kernel.sysctl = { "net.ipv4.ip_forward" = true; };
|
||||||
|
networking.wireguard = {
|
||||||
|
enable = true;
|
||||||
|
interfaces = {
|
||||||
|
"exit" = {
|
||||||
|
privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
|
||||||
|
# Testing
|
||||||
|
peers."nixos-rpi4-01" = {
|
||||||
|
publicKey = "";
|
||||||
|
persistentKeepalive = 5;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
|
@ -1,11 +1,5 @@
|
||||||
{
|
{
|
||||||
# boot.loader.grub.enable = true;
|
|
||||||
boot.loader.grub.enableCryptodisk = true;
|
boot.loader.grub.enableCryptodisk = true;
|
||||||
# boot.initrd.luks.devices."crypted".device = "/dev/vda2";
|
|
||||||
|
|
||||||
# services.btrfs.autoScrub.enable = true;
|
|
||||||
# services.btrfs.autoScrub.interval = "weekly";
|
|
||||||
|
|
||||||
disko.devices.disk.vda = {
|
disko.devices.disk.vda = {
|
||||||
device = "/dev/vda";
|
device = "/dev/vda";
|
||||||
type = "disk";
|
type = "disk";
|
||||||
|
|
|
@ -9,8 +9,9 @@
|
||||||
|
|
||||||
# NixOS Modules
|
# NixOS Modules
|
||||||
./common/modules/networking.nix # Initial Networking configs
|
./common/modules/networking.nix # Initial Networking configs
|
||||||
|
./common/modules/nixos.nix # Common NixOS Configurations
|
||||||
|
|
||||||
./users/${username}/small.nix
|
./users/${username}
|
||||||
./hosts/${hostname}
|
./hosts/${hostname}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
{ config, desktop, lib, pkgs, ... }: {
|
|
||||||
users.mutableUsers = false;
|
|
||||||
users.users.albert = {
|
|
||||||
isNormalUser = true;
|
|
||||||
description = "Albert J. Copeland";
|
|
||||||
extraGroups = [ "networkmanager" "wheel" ];
|
|
||||||
# mkpasswd -m sha-512
|
|
||||||
hashedPassword = "$y$j9T$wKLsIWaA4Gf63RvjedwLJ0$EHKL6BBJV0CAxEKcHHjaBqW085KJ/MGvmbyWzmcWOy6";
|
|
||||||
openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue