diff --git a/modules/features/wireguard.nix b/modules/features/wireguard.nix deleted file mode 100644 index 60b9a29..0000000 --- a/modules/features/wireguard.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ self, inputs, ... }: { - flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - wireguard-tools - wg-netmanager - (pkgs.writeShellScriptBin "wg-connect" '' - service="wg-quick-lola" - sudo systemctl start "$service.service" - start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2) - sudo journalctl -u "$service.service" --since "$start_time" --no-pager - '') - (pkgs.writeShellScriptBin "wg-disconnect" '' - service="wg-quick-lola" - sudo systemctl stop "$service.service" - start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2) - sudo journalctl -u "$service.service" --no-pager --since "$start_time" - '') - ]; - - networking.extraHosts = '' - 192.168.1.100 john-nas - 192.168.1.130 pve5070 - 192.168.1.201 ad-nix - ''; - - sops.secrets.wireguard_private_key = { }; - networking.wg-quick.interfaces = { - lola = { - # autostart = true; - postUp = "echo 'Post up command'"; - address = [ "192.168.3.5/32" ]; - # dns = [ "192.168.1.182" ]; - privateKeyFile = config.sops.secrets.wireguard_private_key.path; - - peers = [ - { - publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic="; - allowedIPs = [ "192.168.1.0/24" ]; - endpoint = "wg.john-stream.com:51830"; - persistentKeepalive = 25; - } - ]; - }; - }; - }; -} \ No newline at end of file diff --git a/modules/hosts/john-p14s/configuration.nix b/modules/hosts/john-p14s/configuration.nix index 4a90dca..e715c2c 100644 --- a/modules/hosts/john-p14s/configuration.nix +++ b/modules/hosts/john-p14s/configuration.nix @@ -11,8 +11,15 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config = { - allowUnfree = true; permittedInsecurePackages = [ "openssl-1.1.1w" ]; + # allowUnfree = true; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "1password" + "1password-cli" + "steam" + "steam-unwrapped" + "sublime4" + ]; }; networking = { diff --git a/modules/programs/wireguard.nix b/modules/programs/wireguard.nix new file mode 100644 index 0000000..754379b --- /dev/null +++ b/modules/programs/wireguard.nix @@ -0,0 +1,56 @@ +{ self, inputs, ... }: { + flake.modules.nixos.wireguard = { config, pkgs, lib, ... }: + let + wgInterface = "platform"; + systemctl = lib.getExe' pkgs.systemd "systemctl"; + journalctl = lib.getExe' pkgs.systemd "journalctl"; + + mkConnect = interface: + let + serviceName = "wg-quick-${interface}"; + service = "${serviceName}.service"; + in + pkgs.writeShellScriptBin "wg-connect-${interface}" '' + ${systemctl} start ${service} + start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2) + ${journalctl} -u ${service} --since "$start_time" --no-pager + ''; + mkDisconnect = interface: + let + serviceName = "wg-quick-${interface}"; + service = "${serviceName}.service"; + in + pkgs.writeShellScriptBin "wg-disconnect-${interface}" '' + ${systemctl} stop ${service} + start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2) + ${journalctl} -u ${service} --since "$start_time" --no-pager + ''; + in + { + environment.systemPackages = with pkgs; [ + wireguard-tools + wg-netmanager + (mkConnect "platform") + (mkDisconnect "platform") + ]; + + sops.secrets.wireguard_private_key = { }; + networking.wg-quick.interfaces = { + ${wgInterface} = { + autostart = false; # Managed by dispatcher + postUp = "echo 'Post up command'"; + address = [ "192.168.3.5/32" ]; + dns = [ "192.168.1.150" ]; + privateKeyFile = config.sops.secrets.wireguard_private_key.path; + peers = [ + { + publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic="; + allowedIPs = [ "192.168.0.0/16" ]; + endpoint = "wg.john-stream.com:51830"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} \ No newline at end of file