Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

tried to fix wireguard config

Browse source
This commit is contained in:
Leyla Becker 2025-04-01 22:33:18 -05:00
parent 89c8cff8a9
commit e293c83841
2 changed files with 81 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

92
configurations/nixos/defiant/configuration.nix
View file

@ -11,6 +11,9 @@
}; };
"vpn-keys/proton-wireguard/defiant-p2p" = { "vpn-keys/proton-wireguard/defiant-p2p" = {
sopsFile = "${inputs.secrets}/vpn-keys.yaml"; sopsFile = "${inputs.secrets}/vpn-keys.yaml";
mode = "0640";
owner = "root";
group = "systemd-network";
}; };
"services/zfs_smtp_token" = { "services/zfs_smtp_token" = {
sopsFile = "${inputs.secrets}/defiant-services.yaml"; sopsFile = "${inputs.secrets}/defiant-services.yaml";
@ -102,26 +105,84 @@
enable = false; enable = false;
}; };
}; };
networking = {
hostId = "c51763d6";
wireguard.interfaces = { systemd.network = {
p2p = { enable = true;
ips = ["10.2.0.2/32"];
listenPort = 51820;
privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; config = {
routeTables = {
p2p = 1;
};
};
peers = [ netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
"15-p2p" = {
netdevConfig = {
Kind = "wireguard";
Name = "p2p0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path;
ListenPort = 51820;
# RouteTable = "p2p";
};
wireguardPeers = [
{ {
publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0=";
allowedIPs = ["0.0.0.0/0"]; Endpoint = "185.230.126.146:51820";
endpoint = "185.230.126.146:51820"; AllowedIPs = ["0.0.0.0/0"];
persistentKeepalive = 25; RouteTable = "off";
} }
]; ];
}; };
}; };
networks = {
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "degraded-carrier";
RequiredFamilyForOnline = "any";
};
networkConfig.DHCP = "yes";
address = [
"192.168.1.10/32"
];
gateway = ["192.168.1.1"];
dns = ["192.168.1.1"];
};
"45-p2p" = {
matchConfig.Name = "p2p0";
address = [
"10.2.0.2/32"
];
# routingPolicyRules = [
# {
# From = "10.2.0.2/32";
# Table = "p2p";
# }
# {
# To = "10.2.0.2/32";
# Table = "p2p";
# }
# ];
linkConfig.RequiredForOnline = false;
};
};
}; };
services = { services = {
@ -205,6 +266,13 @@
networkBridge = "bond0"; networkBridge = "bond0";
hostDevice = "0x10c4:0xea60"; hostDevice = "0x10c4:0xea60";
}; };
qbittorrent = {
enable = true;
mediaDir = "/srv/qbittorent";
openFirewall = true;
webPort = 8084;
};
}; };
# disable computer sleeping # disable computer sleeping

30
configurations/nixos/defiant/hardware-configuration.nix
View file

@ -34,25 +34,13 @@
networking = { networking = {
hostName = "defiant"; # Define your hostname. hostName = "defiant"; # Define your hostname.
hostId = "c51763d6";
useNetworkd = true; useNetworkd = true;
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
netdevs = {
"10-bond0" = {
netdevConfig = {
Kind = "bond";
Name = "bond0";
};
bondConfig = {
Mode = "802.3ad";
TransmitHashPolicy = "layer3+4";
};
};
};
networks = { networks = {
"30-eno1" = { "30-eno1" = {
matchConfig.Name = "eno1"; matchConfig.Name = "eno1";
@ -62,22 +50,6 @@
matchConfig.Name = "eno2"; matchConfig.Name = "eno2";
networkConfig.Bond = "bond0"; networkConfig.Bond = "bond0";
}; };
"40-bond0" = {
matchConfig.Name = "bond0";
linkConfig = {
RequiredForOnline = "degraded-carrier";
RequiredFamilyForOnline = "any";
};
networkConfig.DHCP = "yes";
address = [
"192.168.1.10"
];
gateway = ["192.168.1.1"];
dns = ["192.168.1.1"];
};
}; };
}; };