adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

all: move stuff around

Browse source
This commit is contained in:
Adithya 2024-11-16 22:10:11 +05:30
parent b694f284f6
commit 940e3a811f
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
23 changed files with 430 additions and 396 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -267,7 +267,7 @@
}; };
}; };
Bifrost = { Bifrost = {
hostname = "Biforst"; hostname = "Bifrost";
sshUser = "adtya"; sshUser = "adtya";
profiles.system = { profiles.system = {
user = "root"; user = "root";

2
hosts/bifrost/default.nix
View file

@ -1,7 +1,7 @@
{ modulesPath, ... }: { { modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/virtualisation/digital-ocean-config.nix") (modulesPath + "/virtualisation/digital-ocean-config.nix")
./network.nix ./network
./programs ./programs
./services ./services
./security.nix ./security.nix

47
hosts/bifrost/network/default.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib, ... }: {
imports = [ ./wireguard.nix ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
nameservers = [
"1.1.1.1"
"10.10.10.11"
"1.0.0.1"
"10.10.10.12"
];
useDHCP = lib.mkDefault false;
useNetworkd = true;
};
}

43
hosts/bifrost/network.nix → hosts/bifrost/network/wireguard.nix
View file

@ -1,6 +1,6 @@
{ lib, config, ... }: { config, ... }:
let let
wireguard-peers = import ../shared/wireguard-peers.nix; wireguard-peers = import ../../shared/wireguard-peers.nix;
in in
{ {
sops.secrets = { sops.secrets = {
@ -10,45 +10,7 @@ in
group = config.users.users.root.group; group = config.users.users.root.group;
}; };
}; };
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = { networking = {
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useDHCP = lib.mkDefault false;
useNetworkd = true;
firewall = { firewall = {
allowedUDPPorts = [ 51821 ]; allowedUDPPorts = [ 51821 ];
trustedInterfaces = [ "Homelab" ]; trustedInterfaces = [ "Homelab" ];
@ -75,5 +37,4 @@ in
}; };
}; };
}; };
} }

2
hosts/layne/default.nix
View file

@ -3,7 +3,7 @@ _: {
./hardware ./hardware
./programs ./programs
./services ./services
./network.nix ./network
./security.nix ./security.nix
./users.nix ./users.nix
]; ];

77
hosts/layne/network.nix
View file

@ -1,77 +0,0 @@
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/layne/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51834 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51834;
privateKeyFile = config.sops.secrets."wireguard/layne/pk".path;
address = [
"10.10.10.14/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
wynne
];
};
};
};
};
}

44
hosts/layne/network/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, ... }:
{
imports = [ ./wireguard.nix ];
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
};
}

39
hosts/layne/network/wireguard.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, ...}:
let
wireguard-peers = import ../../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/layne/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
networking = {
firewall = {
allowedUDPPorts = [ 51834 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51834;
privateKeyFile = config.sops.secrets."wireguard/layne/pk".path;
address = [
"10.10.10.14/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
wynne
];
};
};
};
};
}

2
hosts/rico0/default.nix
View file

@ -4,7 +4,7 @@ _: {
./programs ./programs
./services ./services
./containers ./containers
./network.nix ./network
./security.nix ./security.nix
]; ];

77
hosts/rico0/network.nix
View file

@ -1,77 +0,0 @@
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico0/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51830 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51830;
privateKeyFile = config.sops.secrets."wireguard/rico0/pk".path;
address = [
"10.10.10.10/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico1
rico2
wynne
layne
];
};
};
};
};
}

44
hosts/rico0/network/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, ... }:
{
imports = [ ./wireguard.nix ];
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
};
}

38
hosts/rico0/network/wireguard.nix Normal file
View file

@ -0,0 +1,38 @@
{config, ...}:
let
wireguard-peers = import ../../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico0/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
networking = {
firewall = {
allowedUDPPorts = [ 51830 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51830;
privateKeyFile = config.sops.secrets."wireguard/rico0/pk".path;
address = [
"10.10.10.10/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico1
rico2
wynne
layne
];
};
};
};
};
}

2
hosts/rico1/default.nix
View file

@ -4,7 +4,7 @@ _: {
./programs ./programs
./services ./services
./containers ./containers
./network.nix ./network
./security.nix ./security.nix
]; ];

77
hosts/rico1/network.nix
View file

@ -1,77 +0,0 @@
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico1/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51831 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51831;
privateKeyFile = config.sops.secrets."wireguard/rico1/pk".path;
address = [
"10.10.10.11/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico2
wynne
layne
];
};
};
};
};
}

44
hosts/rico1/network/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, ... }:
{
imports = [ ./wireguard.nix ];
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
};
}

38
hosts/rico1/network/wireguard.nix Normal file
View file

@ -0,0 +1,38 @@
{config, ...}:
let
wireguard-peers = import ../../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/rico1/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
networking = {
firewall = {
allowedUDPPorts = [ 51831 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51831;
privateKeyFile = config.sops.secrets."wireguard/rico1/pk".path;
address = [
"10.10.10.11/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico2
wynne
layne
];
};
};
};
};
}

2
hosts/rico2/default.nix
View file

@ -4,7 +4,7 @@ _: {
./programs ./programs
./services ./services
./containers ./containers
./network.nix ./network
./security.nix ./security.nix
]; ];

44
hosts/rico2/network/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, ... }:
{
imports = [ ./wireguard.nix ];
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
};
}

41
hosts/rico2/network.nix → hosts/rico2/network/wireguard.nix
View file

@ -1,4 +1,4 @@
{ lib, config, ... }: { config, ...}:
let let
wireguard-peers = import ../shared/wireguard-peers.nix; wireguard-peers = import ../shared/wireguard-peers.nix;
in in
@ -10,46 +10,7 @@ in
group = config.users.users.root.group; group = config.users.users.root.group;
}; };
}; };
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = { networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = { firewall = {
allowedUDPPorts = [ 51832 ]; allowedUDPPorts = [ 51832 ];
trustedInterfaces = [ "Homelab" ]; trustedInterfaces = [ "Homelab" ];

2
hosts/wynne/default.nix
View file

@ -3,7 +3,7 @@ _: {
./hardware ./hardware
./programs ./programs
./services ./services
./network.nix ./network
./security.nix ./security.nix
]; ];

77
hosts/wynne/network.nix
View file

@ -1,77 +0,0 @@
{ lib, config, ... }:
let
wireguard-peers = import ../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/wynne/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
firewall = {
allowedUDPPorts = [ 51833 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51833;
privateKeyFile = config.sops.secrets."wireguard/wynne/pk".path;
address = [
"10.10.10.13/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
layne
];
};
};
};
};
}

44
hosts/wynne/network/default.nix Normal file
View file

@ -0,0 +1,44 @@
{ lib, ... }:
{
imports = [ ./wireguard.nix ];
systemd = {
network = {
enable = true;
wait-online.enable = false;
networks = {
"41-ether" = {
enable = true;
matchConfig = {
Type = "ether";
Name = "e*";
};
networkConfig = {
DHCP = "yes";
IPv4Forwarding = "yes";
};
dhcpV4Config = {
UseDomains = true;
};
linkConfig = {
RequiredForOnline = "yes";
};
};
};
};
};
services.resolved = {
enable = true;
domains = [ "~." ];
fallbackDns = [ ];
};
networking = {
useDHCP = lib.mkDefault false;
nameservers = [
"10.10.10.11"
"10.10.10.12"
];
useNetworkd = true;
};
}

38
hosts/wynne/network/wireguard.nix Normal file
View file

@ -0,0 +1,38 @@
{ config, ... }:
let
wireguard-peers = import ../../shared/wireguard-peers.nix;
in
{
sops.secrets = {
"wireguard/wynne/pk" = {
mode = "400";
owner = config.users.users.root.name;
group = config.users.users.root.group;
};
};
networking = {
firewall = {
allowedUDPPorts = [ 51833 ];
trustedInterfaces = [ "Homelab" ];
};
wg-quick = {
interfaces = {
Homelab = {
listenPort = 51833;
privateKeyFile = config.sops.secrets."wireguard/wynne/pk".path;
address = [
"10.10.10.13/24"
];
dns = [ "10.10.10.11" "10.10.10.12" ];
peers = with wireguard-peers; [
(bifrost // { persistentKeepalive = 20; })
rico0
rico1
rico2
layne
];
};
};
};
};
}