diff options
| -rw-r--r-- | flake.nix | 12 | ||||
| -rw-r--r-- | hosts/shinji/default.nix | 6 | ||||
| -rw-r--r-- | hosts/shinji/sops.nix | 25 | ||||
| -rw-r--r-- | hosts/shinji/wireguard.nix | 27 | ||||
| -rw-r--r-- | hosts/thinkpad/default.nix | 6 | ||||
| -rw-r--r-- | hosts/thinkpad/sops.nix | 25 | ||||
| -rw-r--r-- | hosts/thinkpad/wireguard.nix | 27 | ||||
| -rw-r--r-- | options.nix | 18 | ||||
| -rw-r--r-- | system/default.nix | 2 | ||||
| -rw-r--r-- | system/sops.nix | 27 | ||||
| -rw-r--r-- | system/vpn.nix | 38 |
11 files changed, 99 insertions, 114 deletions
@@ -55,22 +55,22 @@ } ) systems); - mkSystem = file: system: + mkSystem = hostDir: system: nixpkgs.lib.nixosSystem { inherit system; - specialArgs = {inherit inputs system;}; + specialArgs = {inherit inputs system hostDir;}; modules = [ ./system ./options.nix - file + hostDir ]; }; - mkHome = file: system: let - hostModule = mkSystem file system; + mkHome = hostDir: system: let + hostModule = mkSystem hostDir system; in home-manager.lib.homeManagerConfiguration { inherit (hostModule) pkgs; - extraSpecialArgs = {inherit inputs system;}; + extraSpecialArgs = {inherit inputs system hostDir;}; modules = [ ./home ./options.nix diff --git a/hosts/shinji/default.nix b/hosts/shinji/default.nix index cbe6834..405e0c9 100644 --- a/hosts/shinji/default.nix +++ b/hosts/shinji/default.nix @@ -3,8 +3,6 @@ {pkgs, ...}: { imports = [ ./hardware.nix - ./sops.nix - ./wireguard.nix ]; # options @@ -92,6 +90,10 @@ docker.enable = true; qemu.enable = true; }; + vpn = { + enable = true; + ip = "10.3.0.3/32"; + }; # modules amdgpu.enable = true; diff --git a/hosts/shinji/sops.nix b/hosts/shinji/sops.nix deleted file mode 100644 index 9169bbc..0000000 --- a/hosts/shinji/sops.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - inputs, - ... -}: { - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - - environment.systemPackages = with pkgs; [ - sops - ]; - - sops = { - defaultSopsFile = ./secrets.yaml; - - gnupg.home = config.homePath + "/.local/share/gnupg"; - gnupg.sshKeyPaths = []; - - secrets = { - freyanetWg = {}; - }; - }; -} diff --git a/hosts/shinji/wireguard.nix b/hosts/shinji/wireguard.nix deleted file mode 100644 index 8e42f9d..0000000 --- a/hosts/shinji/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - pkgs, - ... -}: { - environment.systemPackages = with pkgs; [ - wireguard-tools - ]; - - networking.wg-quick.interfaces = { - freyanet = { - address = ["10.3.0.3/32"]; - dns = ["10.2.0.1"]; - privateKeyFile = config.sops.secrets.freyanetWg.path; - autostart = false; - - peers = [ - { - publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk="; - allowedIPs = ["10.0.0.0/8"]; - endpoint = "freya.cat:3000"; - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 11b5bcb..8db964c 100644 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -3,8 +3,6 @@ _: { imports = [ ./hardware.nix - ./sops.nix - ./wireguard.nix ]; # options @@ -35,6 +33,10 @@ _: { homestuck.enable = true; minecraft.enable = true; }; + vpn = { + enable = true; + ip = "10.3.0.5/32"; + }; # modules battery.enable = true; diff --git a/hosts/thinkpad/sops.nix b/hosts/thinkpad/sops.nix deleted file mode 100644 index 9169bbc..0000000 --- a/hosts/thinkpad/sops.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - config, - pkgs, - inputs, - ... -}: { - imports = [ - inputs.sops-nix.nixosModules.sops - ]; - - environment.systemPackages = with pkgs; [ - sops - ]; - - sops = { - defaultSopsFile = ./secrets.yaml; - - gnupg.home = config.homePath + "/.local/share/gnupg"; - gnupg.sshKeyPaths = []; - - secrets = { - freyanetWg = {}; - }; - }; -} diff --git a/hosts/thinkpad/wireguard.nix b/hosts/thinkpad/wireguard.nix deleted file mode 100644 index 72eb113..0000000 --- a/hosts/thinkpad/wireguard.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - pkgs, - ... -}: { - environment.systemPackages = with pkgs; [ - wireguard-tools - ]; - - networking.wg-quick.interfaces = { - freyanet = { - address = ["10.3.0.5/32"]; - dns = ["10.2.0.1"]; - privateKeyFile = config.sops.secrets.freyanetWg.path; - autostart = false; - - peers = [ - { - publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk="; - allowedIPs = ["10.0.0.0/8"]; - endpoint = "freya.cat:3000"; - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/options.nix b/options.nix index d1bb7cb..9acd7e2 100644 --- a/options.nix +++ b/options.nix @@ -541,6 +541,24 @@ in { }; # + # FreyaNET Wireguard VPN + # + vpn = { + enable = mkEnableOption "Enable freyanet wireguard vpn"; + ip = mkOption { + type = types.str; + description = "Wireguard local address"; + }; + }; + + # + # Enable sops module + # + sops = { + enable = mkEnableOption "Enable sops module"; + }; + + # # Programs to auto start on launch # autoRun = mkOption { diff --git a/system/default.nix b/system/default.nix index 39d41bc..fd2e1cc 100644 --- a/system/default.nix +++ b/system/default.nix @@ -23,9 +23,11 @@ in { ./fingerprint.nix ./networking.nix ./nvidia.nix + ./sops.nix ./sshd.nix ./tpm.nix ./unfree.nix + ./vpn.nix ]; # allow flakes diff --git a/system/sops.nix b/system/sops.nix new file mode 100644 index 0000000..17f6f13 --- /dev/null +++ b/system/sops.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + lib, + inputs, + hostDir, + ... +}: let + inherit (lib) mkIf; + cfg = config.sops; +in { + imports = [ + inputs.sops-nix.nixosModules.sops + ]; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + sops + ]; + + sops = { + defaultSopsFile = hostDir + "/secrets.yaml"; + gnupg.home = config.homePath + "/.local/share/gnupg"; + gnupg.sshKeyPaths = []; + }; + }; +} diff --git a/system/vpn.nix b/system/vpn.nix new file mode 100644 index 0000000..c336f32 --- /dev/null +++ b/system/vpn.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit (lib) mkIf; + cfg = config.vpn; +in { + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + wireguard-tools + ]; + + networking.wg-quick.interfaces = { + freyanet = { + address = [cfg.ip]; + dns = ["10.2.0.1"]; + privateKeyFile = config.sops.secrets.freyanetWg.path; + autostart = false; + + peers = [ + { + publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk="; + allowedIPs = ["10.0.0.0/8"]; + endpoint = "freya.cat:3000"; + persistentKeepalive = 25; + } + ]; + }; + }; + + sops = { + enable = true; + secrets.freyanetWg = {}; + }; + }; +} |