tried to fix wireguard config

2025-04-01 22:33:18 -05:00 · 2025-04-01 22:33:18 -05:00 · e293c83841
commit e293c83841
parent 89c8cff8a9
2 changed files with 81 additions and 41 deletions
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@ -11,6 +11,9 @@
    };
    "vpn-keys/proton-wireguard/defiant-p2p" = {
      sopsFile = "${inputs.secrets}/vpn-keys.yaml";
+      mode = "0640";
+      owner = "root";
+      group = "systemd-network";
    };
    "services/zfs_smtp_token" = {
      sopsFile = "${inputs.secrets}/defiant-services.yaml";
@ -102,26 +105,84 @@
      enable = false;
    };
  };
-  networking = {
-    hostId = "c51763d6";

-    wireguard.interfaces = {
-      p2p = {
-        ips = ["10.2.0.2/32"];
-        listenPort = 51820;
+  systemd.network = {
+    enable = true;

-        privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
+    config = {
+      routeTables = {
+        p2p = 1;
+      };
+    };

-        peers = [
+    netdevs = {
+      "10-bond0" = {
+        netdevConfig = {
+          Kind = "bond";
+          Name = "bond0";
+        };
+        bondConfig = {
+          Mode = "802.3ad";
+          TransmitHashPolicy = "layer3+4";
+        };
+      };
+
+      "15-p2p" = {
+        netdevConfig = {
+          Kind = "wireguard";
+          Name = "p2p0";
+          MTUBytes = "1300";
+        };
+        wireguardConfig = {
+          PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
+          ListenPort = 51820;
+          # RouteTable = "p2p";
+        };
+        wireguardPeers = [
          {
-            publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
-            allowedIPs = ["0.0.0.0/0"];
-            endpoint = "185.230.126.146:51820";
-            persistentKeepalive = 25;
+            PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
+            Endpoint = "185.230.126.146:51820";
+            AllowedIPs = ["0.0.0.0/0"];
+            RouteTable = "off";
          }
        ];
      };
    };
+    networks = {
+      "40-bond0" = {
+        matchConfig.Name = "bond0";
+        linkConfig = {
+          RequiredForOnline = "degraded-carrier";
+          RequiredFamilyForOnline = "any";
+        };
+        networkConfig.DHCP = "yes";
+
+        address = [
+          "192.168.1.10/32"
+        ];
+
+        gateway = ["192.168.1.1"];
+        dns = ["192.168.1.1"];
+      };
+
+      "45-p2p" = {
+        matchConfig.Name = "p2p0";
+        address = [
+          "10.2.0.2/32"
+        ];
+        # routingPolicyRules = [
+        #   {
+        #     From = "10.2.0.2/32";
+        #     Table = "p2p";
+        #   }
+        #   {
+        #     To = "10.2.0.2/32";
+        #     Table = "p2p";
+        #   }
+        # ];
+        linkConfig.RequiredForOnline = false;
+      };
+    };
  };

  services = {
@ -205,6 +266,13 @@
      networkBridge = "bond0";
      hostDevice = "0x10c4:0xea60";
    };
+
+    qbittorrent = {
+      enable = true;
+      mediaDir = "/srv/qbittorent";
+      openFirewall = true;
+      webPort = 8084;
+    };
  };

  # disable computer sleeping