Compare commits
No commits in common. "6c370451b88be4d72d22ca59438ef71057404a9d" and "8543999a8afea672f1bd815dbdd7600ec9a3a1ac" have entirely different histories.
6c370451b8
...
8543999a8a
|
@ -3,7 +3,6 @@ let
|
||||||
utils = import ../../util/include.nix { lib = lib; };
|
utils = import ../../util/include.nix { lib = lib; };
|
||||||
imports =
|
imports =
|
||||||
(utils.includeDir ./services) ++
|
(utils.includeDir ./services) ++
|
||||||
(utils.includeDir ./containers) ++
|
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
{
|
|
||||||
containers.test = {
|
|
||||||
autoStart = true;
|
|
||||||
privateNetwork = true;
|
|
||||||
hostAddress = "192.168.100.10";
|
|
||||||
localAddress = "192.168.100.11";
|
|
||||||
config = { config, pkgs, ... }: {
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [ 80 ];
|
|
||||||
};
|
|
||||||
useHostResolvConf = mkForce false;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.resolved.enable = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -19,28 +19,4 @@
|
||||||
|
|
||||||
networking.defaultGateway = "192.168.0.1";
|
networking.defaultGateway = "192.168.0.1";
|
||||||
networking.nameservers = [ "192.168.0.1" ];
|
networking.nameservers = [ "192.168.0.1" ];
|
||||||
|
|
||||||
networking.nat = {
|
|
||||||
enable = true;
|
|
||||||
internalInterfaces = ["ve-+"];
|
|
||||||
externalInterface = "wg0";
|
|
||||||
enableIPv6 = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ];
|
|
||||||
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
|
||||||
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
|
||||||
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
|
||||||
allowedIPs = [ "10.128.0.1" ];
|
|
||||||
endpoint = "134.19.179.213:1637";
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,23 +2,9 @@
|
||||||
{
|
{
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# MSMTP
|
# Vaultwarden
|
||||||
sops.secrets."services/msmtp/password" = {
|
sops.secrets."services/msmtp/password" = {
|
||||||
mode = "0777";
|
mode = "0777";
|
||||||
sopsFile = ./secrets/msmtp.yaml;
|
sopsFile = ./secrets/msmtp.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
# Wireguard
|
|
||||||
sops.secrets."services/wireguard/airvpn.private" = {
|
|
||||||
mode = "0400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
sopsFile = ./secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
sops.secrets."services/wireguard/airvpn.psk" = {
|
|
||||||
mode = "0400";
|
|
||||||
owner = config.users.users.root.name;
|
|
||||||
group = config.users.users.root.group;
|
|
||||||
sopsFile = ./secrets/wireguard.yaml;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
services:
|
|
||||||
wireguard:
|
|
||||||
airvpn.private: ENC[AES256_GCM,data:COgDVq0CpZcTsjLMx4FLHSv/ZI8eSPRLTxVtJ8XrevzRXc25sVSNMdHiMFA=,iv:QSFKc2U2v58PiOF79PFanx+QlFge3FiMjEOJudr7qKU=,tag:N7KjBhK+59IeRALJeGKc6A==,type:str]
|
|
||||||
airvpn.psk: ENC[AES256_GCM,data:bxZ/Pk75jCPU/Nhx96JJkmrJCqSAudZLDQjKCXnvAJf/pPpZdwJTw3o7ywM=,iv:EwHiUZTs8py8TZxJciqW53m7O/rU5V8+ZgSCEXlrIJc=,tag:tOtlgWs8VLgt7T6/apkZeA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTndabjF2YXFpTU5RcG9U
|
|
||||||
UFV4SXVQZDNIK3htYi93U1BhbGNGMUtPcENFCi9nWWR0TmdYV0NhdDJhMFExRm9K
|
|
||||||
SDYzVXVZbmdOWGFybGxOTWs0K3Y2MlUKLS0tIGJLendISXNaWWdpVU5zcVgyeitJ
|
|
||||||
ZTZ4eTlxdVpha0NxK3h4dEU2S1dGaXcKkGlvEp+aosaFlnO4zUiQHkU1EFxxIuUU
|
|
||||||
L3y56QiCJxHo9bv9yvn0cIbxWLl+ow7I88FBf89z0OQxTqKxcpniYQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUGwvZ3hzaXBkTlA0Z1JX
|
|
||||||
N2R2cWNzWUIzVml0WGZxQ3FDUXFWOVJkWXdnCnNNbnFrYUVWYzBpdnRSdkdFZXRv
|
|
||||||
UHFKL3FQZEtST0tiaHZ0QUNzZWpWbTQKLS0tIGpLVW1EVXU5V0Q4QXF1b0xCeWlL
|
|
||||||
TFlUV2Vkak94YnI0OWpQR1A1TUlaUzAKEDaX7yhVViNG2/2EOcWWEynOOCYlzWZS
|
|
||||||
tsnOZcBkIDWkk6ZrZFXZ/iKzQiYTSWcznGPJuNd1Q9CnCCVKXtJmbQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-02-04T18:18:03Z"
|
|
||||||
mac: ENC[AES256_GCM,data:WM8D1TKT48WomrVcoT84cr8y7GajxbZ7ErQXwDZoPvw3phRLn7PuVdljtykIaTjQ9c0KrjSlLlTeRUhVUdFLJ5qB1ZA5N15wlDSRl7jtuaF8VKeAoS4txmh9YQXutrst1ldjk13nboOdRirNrYjqycdPtCBYQZc/bfvJUekoU7s=,iv:wpi+GlNNrpeMdW6CsLqhchgoyfbFOdTs2bD2pAAORtk=,tag:4QBEhFWszcJ+Gsml4K3Q9A==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
Loading…
Reference in New Issue