rico0: use common network config

2024-07-07 00:24:27 +05:30 · 2024-07-07 00:24:27 +05:30 · bfa4f3b586
commit bfa4f3b586
parent 97dcd239a5
2 changed files with 24 additions and 65 deletions
--- a/hosts/rico0/network.nix
+++ b/hosts/rico0/network.nix
@ -1,45 +1,31 @@
-{ lib, ... }: {
+{ config, ... }: {
-  imports = [ ./wireguard.nix ];
+  imports = [
-  networking = {
+    ../shared/network.nix
-    nameservers = [
+    ../shared/networkd.nix
-      "2620:fe::fe#dns.quad9.net"
+    ../shared/wireguard.nix
      "9.9.9.9#dns.quad9.net"
      "2620:fe::9#dns.quad9.net"
      "149.112.112.112#dns.quad9.net"
  ];
    useDHCP = lib.mkDefault false;
    useNetworkd = true;
  };
-  systemd.network = {
+  sops.secrets = {
-    enable = true;
+    "wireguard/rico0/pk" = {
-    networks = {
+      mode = "400";
-      "41-ether" = {
+      owner = config.users.users.root.name;
-        enable = true;
+      group = config.users.users.root.group;
        matchConfig = {
          Type = "ether";
        };
        networkConfig = {
          DHCP = "yes";
        };
        dhcpV4Config = {
          UseDomains = true;
        };
        ipv6AcceptRAConfig = {
          UseDomains = true;
        };
        linkConfig = {
          RequiredForOnline = "yes";
        };
    };
    "wireguard/rico0/psk" = {
      mode = "400";
      owner = config.users.users.root.name;
      group = config.users.users.root.group;
    };
  };
-  services.resolved = {
+  nodeconfig.wireguard = {
    enable = true;
-    dnssec = "true";
+    listen-port = 51830;
-    dnsovertls = "true";
+    pk-file = config.sops.secrets."wireguard/rico0/pk".path;
-    domains = [ "~." ];
+    psk-file = config.sops.secrets."wireguard/rico0/psk".path;
-    fallbackDns = [ ];
+    node-ips = [
      "10.10.10.10/24"
      "fd7c:585c:c4ae::10/64"
    ];
  };
 }
--- a/hosts/rico0/wireguard.nix
+++ b/hosts/rico0/wireguard.nix
@ -1,27 +0,0 @@
 { config, ... }: {
  imports = [ ../shared/wireguard.nix ];
  sops.secrets = {
    "wireguard/rico0/pk" = {
      mode = "400";
      owner = config.users.users.root.name;
      group = config.users.users.root.group;
    };
    "wireguard/rico0/psk" = {
      mode = "400";
      owner = config.users.users.root.name;
      group = config.users.users.root.group;
    };
  };
  nodeconfig.wireguard = {
    enable = true;
    listen-port = 51830;
    pk-file = config.sops.secrets."wireguard/rico0/pk".path;
    psk-file = config.sops.secrets."wireguard/rico0/psk".path;
    node-ips = [
      "10.10.10.10/24"
      "fd7c:585c:c4ae::10/64"
    ];
  };
 }