From ec634535313526984a6094bab9c6654abff46c21 Mon Sep 17 00:00:00 2001 From: albert Date: Sat, 30 Mar 2024 23:53:56 +0900 Subject: [PATCH] Test --- home-manager/common/software/cli/bash.nix | 6 +++--- home-manager/common/software/cli/tmux.nix | 2 +- nixos/hosts/framework-server/firewall.nix | 4 ++-- nixos/hosts/framework-server/wireguard.nix | 5 ++--- nixos/hosts/osaka-linode-01/firewall.nix | 14 +++++++------- nixos/hosts/osaka-linode-01/wireguard.nix | 15 ++++++++++++--- 6 files changed, 27 insertions(+), 19 deletions(-) diff --git a/home-manager/common/software/cli/bash.nix b/home-manager/common/software/cli/bash.nix index 954b7df9..d1b773c2 100644 --- a/home-manager/common/software/cli/bash.nix +++ b/home-manager/common/software/cli/bash.nix @@ -48,11 +48,11 @@ }; bashrcExtra = '' restart-docker() { - pushd /Storage/Data/docker-compose/sysctl.io + pushd /Storage/Data/docker compose/sysctl.io docker stop $1 docker rm $1 git pull - docker-compose up -d $1 + docker compose up -d $1 popd } # Build ISOs/SD Card Images @@ -162,7 +162,7 @@ # docker d = "docker"; - dc = "docker-compose"; + dc = "docker compose"; de = "docker exec -it"; dl = "docker logs -f "; dps = ''docker ps --format "table [{{.ID}}] {{.Names}}\t{{.Status}}\t{{.State}}\t{{.Label \"type\"}}"''; diff --git a/home-manager/common/software/cli/tmux.nix b/home-manager/common/software/cli/tmux.nix index 6a4cf5c6..b009e5f5 100644 --- a/home-manager/common/software/cli/tmux.nix +++ b/home-manager/common/software/cli/tmux.nix @@ -8,7 +8,7 @@ { plugin = power-theme; extraConfig = '' - set -g @tmux_power_theme '#${config.lib.stylix.colors.base01}' + set -g @tmux_power_theme '#${config.lib.stylix.colors.base06}' set -g @tmux_power_right_arrow_icon ' ' set -g @tmux_power_left_arrow_icon ' ' set -g @tmux_power_prefix_highlight_pos 'R' diff --git a/nixos/hosts/framework-server/firewall.nix b/nixos/hosts/framework-server/firewall.nix index 697e1420..4397eedc 100644 --- a/nixos/hosts/framework-server/firewall.nix +++ b/nixos/hosts/framework-server/firewall.nix @@ -22,8 +22,8 @@ allowedUDPPorts = [ 53 # DNS (udp) 10000 # Jitsi Meet (udp) - 15636 # Enshrouded - 15637 # Enshrouded + 15636 # Enshrouded - Game + 15637 # Enshrouded - Query Port ]; }; }; diff --git a/nixos/hosts/framework-server/wireguard.nix b/nixos/hosts/framework-server/wireguard.nix index 5ac7732c..b8ac5780 100644 --- a/nixos/hosts/framework-server/wireguard.nix +++ b/nixos/hosts/framework-server/wireguard.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... }: { +{ ... }: { # Allow these hosts to directly communicate with their hostnames networking.extraHosts = '' @@ -19,7 +19,6 @@ }; # Wireguard Forwarder - networking.firewall.allowPing = true; networking.wireguard = { enable = true; interfaces = { @@ -40,4 +39,4 @@ }; }; }; -} \ No newline at end of file +} diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 8ae27b5a..5c78d708 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -19,8 +19,8 @@ allowedUDPPorts = [ 3478 # Headscale DERP (udp) 10000 # Jitsi Meet (udp) - 15636 # Enshrouded - 15637 # Enshrouded + 15636 # Enshrouded - Game + 15637 # Enshrouded - Query Port ]; }; @@ -31,8 +31,8 @@ chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:10000; - iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:15636; - iifname "enp0s4" udp dport 10000 dnat to 10.100.0.2:15637; + iifname "enp0s4" udp dport 15636 dnat to 10.100.1.2:15636; + iifname "enp0s4" udp dport 15637 dnat to 10.100.1.2:15637; } } ''; @@ -44,8 +44,8 @@ externalInterface = "wireguard0"; forwardPorts = [ { sourcePort = 10000; proto = "udp"; destination = "10.100.0.2:10000"; } - { sourcePort = 15636; proto = "udp"; destination = "10.100.0.2:15636"; } - { sourcePort = 15637; proto = "udp"; destination = "10.100.0.2:15637"; } + { sourcePort = 15636; proto = "udp"; destination = "10.100.1.2:15636"; } + { sourcePort = 15637; proto = "udp"; destination = "10.100.1.2:15637"; } ]; }; }; @@ -71,7 +71,7 @@ bind :4190 bind :4443 default_backend backend_tcp - + backend backend_tcp mode tcp option forwarded diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index 8b7383a3..6ef1e970 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -38,7 +38,10 @@ enable = true; interfaces = { "wireguard0" = { - ips = [ "10.100.0.1/24" ]; + ips = [ + "10.100.0.1/24" + "10.100.1.1/24" + ]; listenPort = 51820; privateKeyFile = "/run/secrets/wireguard_key"; postSetup = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp0s4 -j MASQUERADE''; @@ -47,14 +50,20 @@ { # framework-server publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek="; presharedKeyFile = "/run/secrets/preshared_key"; - persistentKeepalive = 5; allowedIPs = [ "10.100.0.2/32" ]; + persistentKeepalive = 5; } { # backups-rpi4 publicKey = "cqocpMyY8Z0Jl0hoAdghn3dR3VhkkOYyeSwW6UKk9Fs="; presharedKeyFile = "/run/secrets/preshared_key"; - persistentKeepalive = 5; allowedIPs = [ "10.100.0.3/32" ]; + persistentKeepalive = 5; + } + { # framewrk-server docker:wg-enshrouded + publicKey = "ucV6LgUwSbEyyxPlS83OayFPK6ysQKu6cVBV97S07mI="; + presharedKeyFile = "/run/secrets/preshared_key"; + allowedIPs = [ "10.100.1.2/32" ]; + persistentKeepalive = 5; } ]; };