From e293c838417da265765183073cf7ced505423122 Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Tue, 1 Apr 2025 22:33:18 -0500 Subject: [PATCH] tried to fix wireguard config --- .../nixos/defiant/configuration.nix | 92 ++++++++++++++++--- .../nixos/defiant/hardware-configuration.nix | 30 +----- 2 files changed, 81 insertions(+), 41 deletions(-) diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index ae69c26..199c1ba 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -11,6 +11,9 @@ }; "vpn-keys/proton-wireguard/defiant-p2p" = { sopsFile = "${inputs.secrets}/vpn-keys.yaml"; + mode = "0640"; + owner = "root"; + group = "systemd-network"; }; "services/zfs_smtp_token" = { sopsFile = "${inputs.secrets}/defiant-services.yaml"; @@ -102,26 +105,84 @@ enable = false; }; }; - networking = { - hostId = "c51763d6"; - wireguard.interfaces = { - p2p = { - ips = ["10.2.0.2/32"]; - listenPort = 51820; + systemd.network = { + enable = true; - privateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + config = { + routeTables = { + p2p = 1; + }; + }; - peers = [ + netdevs = { + "10-bond0" = { + netdevConfig = { + Kind = "bond"; + Name = "bond0"; + }; + bondConfig = { + Mode = "802.3ad"; + TransmitHashPolicy = "layer3+4"; + }; + }; + + "15-p2p" = { + netdevConfig = { + Kind = "wireguard"; + Name = "p2p0"; + MTUBytes = "1300"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."vpn-keys/proton-wireguard/defiant-p2p".path; + ListenPort = 51820; + # RouteTable = "p2p"; + }; + wireguardPeers = [ { - publicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; - allowedIPs = ["0.0.0.0/0"]; - endpoint = "185.230.126.146:51820"; - persistentKeepalive = 25; + PublicKey = "rRO6yJim++Ezz6scCLMaizI+taDjU1pzR2nfW6qKbW0="; + Endpoint = "185.230.126.146:51820"; + AllowedIPs = ["0.0.0.0/0"]; + RouteTable = "off"; } ]; }; }; + networks = { + "40-bond0" = { + matchConfig.Name = "bond0"; + linkConfig = { + RequiredForOnline = "degraded-carrier"; + RequiredFamilyForOnline = "any"; + }; + networkConfig.DHCP = "yes"; + + address = [ + "192.168.1.10/32" + ]; + + gateway = ["192.168.1.1"]; + dns = ["192.168.1.1"]; + }; + + "45-p2p" = { + matchConfig.Name = "p2p0"; + address = [ + "10.2.0.2/32" + ]; + # routingPolicyRules = [ + # { + # From = "10.2.0.2/32"; + # Table = "p2p"; + # } + # { + # To = "10.2.0.2/32"; + # Table = "p2p"; + # } + # ]; + linkConfig.RequiredForOnline = false; + }; + }; }; services = { @@ -205,6 +266,13 @@ networkBridge = "bond0"; hostDevice = "0x10c4:0xea60"; }; + + qbittorrent = { + enable = true; + mediaDir = "/srv/qbittorent"; + openFirewall = true; + webPort = 8084; + }; }; # disable computer sleeping diff --git a/configurations/nixos/defiant/hardware-configuration.nix b/configurations/nixos/defiant/hardware-configuration.nix index 3b3ac45..d4a638b 100644 --- a/configurations/nixos/defiant/hardware-configuration.nix +++ b/configurations/nixos/defiant/hardware-configuration.nix @@ -34,25 +34,13 @@ networking = { hostName = "defiant"; # Define your hostname. + hostId = "c51763d6"; useNetworkd = true; }; systemd.network = { enable = true; - netdevs = { - "10-bond0" = { - netdevConfig = { - Kind = "bond"; - Name = "bond0"; - }; - bondConfig = { - Mode = "802.3ad"; - TransmitHashPolicy = "layer3+4"; - }; - }; - }; - networks = { "30-eno1" = { matchConfig.Name = "eno1"; @@ -62,22 +50,6 @@ matchConfig.Name = "eno2"; networkConfig.Bond = "bond0"; }; - - "40-bond0" = { - matchConfig.Name = "bond0"; - linkConfig = { - RequiredForOnline = "degraded-carrier"; - RequiredFamilyForOnline = "any"; - }; - networkConfig.DHCP = "yes"; - - address = [ - "192.168.1.10" - ]; - - gateway = ["192.168.1.1"]; - dns = ["192.168.1.1"]; - }; }; };