jan-leila/nix-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

added wireguard config

Browse source
This commit is contained in:
Leyla Becker 2025-02-22 17:38:02 -06:00
parent 489106956b
commit 9471b1f393
3 changed files with 32 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -58,7 +58,8 @@ nix multi user, multi system, configuration with `sops` secret management, `home
- Open GL? - Open GL?
- rotate sops encryption keys periodically (and somehow sync between devices?) - rotate sops encryption keys periodically (and somehow sync between devices?)
- zfs email after scrubbing - zfs email after scrubbing
- tail scale clients - common wireguard config
- configure wireguard on all clients
- wake on LAN for updates - wake on LAN for updates
- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix - ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix
- Immich - Immich

24
configurations/nixos/horizon/hardware-configuration.nix
View file

@ -6,12 +6,19 @@
lib, lib,
pkgs, pkgs,
modulesPath, modulesPath,
inputs,
... ...
}: { }: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
sops.secrets = {
"wireguard-keys/proton/horizon" = {
sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
};
};
boot = { boot = {
initrd = { initrd = {
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
@ -90,8 +97,23 @@
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
hostName = "horizon"; # Define your hostname. hostName = "horizon"; # Define your hostname.
wireguard.interfaces = { wg-quick.interfaces = {
proton = { proton = {
# IP address of this machine in the *tunnel network*
address = ["10.2.0.1/32"];
listenPort = 51820;
privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path;
peers = [
{
publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q=";
allowedIPs = ["0.0.0.0/0"];
endpoint = "84.17.63.8:51820";
persistentKeepalive = 25;
}
];
}; };
}; };
}; };

14
flake.lock
View file

@ -114,11 +114,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1740254115, "lastModified": 1740265252,
"narHash": "sha256-MwxDtYB/MSGZlr/xS+ExGYH2QgHk73ShD40shxjad/Y=", "narHash": "sha256-+LFsCsIUF/pJWL9S21m5NLcK5bgwRB4MwfV0Iu7tggY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "cb3f6e9b59d3a5e51ef9f7da2b8418d5c72aaef8", "rev": "fb568d75cf6c81f30d49eeb73787e9b56454ba16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,11 +234,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1740265180, "lastModified": 1740267388,
"narHash": "sha256-VcS1aWKZQG1Com/OgL8RbTSG7IJphNLkFXAcFer0cMQ=", "narHash": "sha256-JCgjNQMrlzf8a0YAqRNGliGmgv6afnc0OTOD6Eg0RZ0=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "5ec7b1181a3ce76c8238819195f7e55f51407463", "rev": "f5af565aee98df0a78056c49c85cda640ce290fd",
"revCount": 7, "revCount": 10,
"type": "git", "type": "git",
"url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git" "url": "ssh://git@git.jan-leila.com/jan-leila/nix-config-secrets.git"
}, },