Compare commits
2 Commits
8543999a8a
...
6c370451b8
Author | SHA1 | Date |
---|---|---|
Ciapa | 6c370451b8 | |
Ciapa | 7a704851c0 |
|
@ -3,6 +3,7 @@ let
|
||||||
utils = import ../../util/include.nix { lib = lib; };
|
utils = import ../../util/include.nix { lib = lib; };
|
||||||
imports =
|
imports =
|
||||||
(utils.includeDir ./services) ++
|
(utils.includeDir ./services) ++
|
||||||
|
(utils.includeDir ./containers) ++
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
|
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
containers.test = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.100.10";
|
||||||
|
localAddress = "192.168.100.11";
|
||||||
|
config = { config, pkgs, ... }: {
|
||||||
|
system.stateVersion = "24.05";
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedTCPPorts = [ 80 ];
|
||||||
|
};
|
||||||
|
useHostResolvConf = mkForce false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.resolved.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -19,4 +19,28 @@
|
||||||
|
|
||||||
networking.defaultGateway = "192.168.0.1";
|
networking.defaultGateway = "192.168.0.1";
|
||||||
networking.nameservers = [ "192.168.0.1" ];
|
networking.nameservers = [ "192.168.0.1" ];
|
||||||
|
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
internalInterfaces = ["ve-+"];
|
||||||
|
externalInterface = "wg0";
|
||||||
|
enableIPv6 = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.wireguard.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ];
|
||||||
|
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||||
|
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
||||||
|
allowedIPs = [ "10.128.0.1" ];
|
||||||
|
endpoint = "134.19.179.213:1637";
|
||||||
|
persistentKeepalive = 25;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,9 +2,23 @@
|
||||||
{
|
{
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
# Vaultwarden
|
# MSMTP
|
||||||
sops.secrets."services/msmtp/password" = {
|
sops.secrets."services/msmtp/password" = {
|
||||||
mode = "0777";
|
mode = "0777";
|
||||||
sopsFile = ./secrets/msmtp.yaml;
|
sopsFile = ./secrets/msmtp.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Wireguard
|
||||||
|
sops.secrets."services/wireguard/airvpn.private" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
|
sops.secrets."services/wireguard/airvpn.psk" = {
|
||||||
|
mode = "0400";
|
||||||
|
owner = config.users.users.root.name;
|
||||||
|
group = config.users.users.root.group;
|
||||||
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,33 @@
|
||||||
|
services:
|
||||||
|
wireguard:
|
||||||
|
airvpn.private: ENC[AES256_GCM,data:COgDVq0CpZcTsjLMx4FLHSv/ZI8eSPRLTxVtJ8XrevzRXc25sVSNMdHiMFA=,iv:QSFKc2U2v58PiOF79PFanx+QlFge3FiMjEOJudr7qKU=,tag:N7KjBhK+59IeRALJeGKc6A==,type:str]
|
||||||
|
airvpn.psk: ENC[AES256_GCM,data:bxZ/Pk75jCPU/Nhx96JJkmrJCqSAudZLDQjKCXnvAJf/pPpZdwJTw3o7ywM=,iv:EwHiUZTs8py8TZxJciqW53m7O/rU5V8+ZgSCEXlrIJc=,tag:tOtlgWs8VLgt7T6/apkZeA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age17wdazshqnfe63cy7mmsmwld75e5wedgn8gngvmvlqdktlr86c4us87tjxv
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvTndabjF2YXFpTU5RcG9U
|
||||||
|
UFV4SXVQZDNIK3htYi93U1BhbGNGMUtPcENFCi9nWWR0TmdYV0NhdDJhMFExRm9K
|
||||||
|
SDYzVXVZbmdOWGFybGxOTWs0K3Y2MlUKLS0tIGJLendISXNaWWdpVU5zcVgyeitJ
|
||||||
|
ZTZ4eTlxdVpha0NxK3h4dEU2S1dGaXcKkGlvEp+aosaFlnO4zUiQHkU1EFxxIuUU
|
||||||
|
L3y56QiCJxHo9bv9yvn0cIbxWLl+ow7I88FBf89z0OQxTqKxcpniYQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tf5077gpdp3cp4hedvng5wltzvp9jg0ehpt7czhnczlx6ctvqpjstvrmmh
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUGwvZ3hzaXBkTlA0Z1JX
|
||||||
|
N2R2cWNzWUIzVml0WGZxQ3FDUXFWOVJkWXdnCnNNbnFrYUVWYzBpdnRSdkdFZXRv
|
||||||
|
UHFKL3FQZEtST0tiaHZ0QUNzZWpWbTQKLS0tIGpLVW1EVXU5V0Q4QXF1b0xCeWlL
|
||||||
|
TFlUV2Vkak94YnI0OWpQR1A1TUlaUzAKEDaX7yhVViNG2/2EOcWWEynOOCYlzWZS
|
||||||
|
tsnOZcBkIDWkk6ZrZFXZ/iKzQiYTSWcznGPJuNd1Q9CnCCVKXtJmbQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-02-04T18:18:03Z"
|
||||||
|
mac: ENC[AES256_GCM,data:WM8D1TKT48WomrVcoT84cr8y7GajxbZ7ErQXwDZoPvw3phRLn7PuVdljtykIaTjQ9c0KrjSlLlTeRUhVUdFLJ5qB1ZA5N15wlDSRl7jtuaF8VKeAoS4txmh9YQXutrst1ldjk13nboOdRirNrYjqycdPtCBYQZc/bfvJUekoU7s=,iv:wpi+GlNNrpeMdW6CsLqhchgoyfbFOdTs2bD2pAAORtk=,tag:4QBEhFWszcJ+Gsml4K3Q9A==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in New Issue