john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updated and moved wireguard

Browse Source
This commit is contained in:
John Lancaster
2026-03-26 18:57:28 -05:00
parent 061d5a6f47
commit f0cab4ad1f
3 changed files with 64 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/wireguard.nix
-46
View File
@@ -1,46 +0,0 @@
{ self, inputs, ... }: {
flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: {
environment.systemPackages = with pkgs; [
wireguard-tools
wg-netmanager
(pkgs.writeShellScriptBin "wg-connect" ''
service="wg-quick-lola"
sudo systemctl start "$service.service"
start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
sudo journalctl -u "$service.service" --since "$start_time" --no-pager
'')
(pkgs.writeShellScriptBin "wg-disconnect" ''
service="wg-quick-lola"
sudo systemctl stop "$service.service"
start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
sudo journalctl -u "$service.service" --no-pager --since "$start_time"
'')
];
networking.extraHosts = ''
192.168.1.100 john-nas
192.168.1.130 pve5070
192.168.1.201 ad-nix
'';
sops.secrets.wireguard_private_key = { };
networking.wg-quick.interfaces = {
lola = {
# autostart = true;
postUp = "echo 'Post up command'";
address = [ "192.168.3.5/32" ];
# dns = [ "192.168.1.182" ];
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
peers = [
{
publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
allowedIPs = [ "192.168.1.0/24" ];
endpoint = "wg.john-stream.com:51830";
persistentKeepalive = 25;
}
];
};
};
};
}
modules/hosts/john-p14s/configuration.nix
+8 -1
View File
@@ -11,8 +11,15 @@
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ];
nixpkgs.config = { nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "openssl-1.1.1w" ]; permittedInsecurePackages = [ "openssl-1.1.1w" ];
# allowUnfree = true;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"1password"
"1password-cli"
"steam"
"steam-unwrapped"
"sublime4"
];
}; };
networking = { networking = {
modules/programs/wireguard.nix
+56
View File
@@ -0,0 +1,56 @@
{ self, inputs, ... }: {
flake.modules.nixos.wireguard = { config, pkgs, lib, ... }:
let
wgInterface = "platform";
systemctl = lib.getExe' pkgs.systemd "systemctl";
journalctl = lib.getExe' pkgs.systemd "journalctl";
mkConnect = interface:
let
serviceName = "wg-quick-${interface}";
service = "${serviceName}.service";
in
pkgs.writeShellScriptBin "wg-connect-${interface}" ''
${systemctl} start ${service}
start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
${journalctl} -u ${service} --since "$start_time" --no-pager
'';
mkDisconnect = interface:
let
serviceName = "wg-quick-${interface}";
service = "${serviceName}.service";
in
pkgs.writeShellScriptBin "wg-disconnect-${interface}" ''
${systemctl} stop ${service}
start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
${journalctl} -u ${service} --since "$start_time" --no-pager
'';
in
{
environment.systemPackages = with pkgs; [
wireguard-tools
wg-netmanager
(mkConnect "platform")
(mkDisconnect "platform")
];
sops.secrets.wireguard_private_key = { };
networking.wg-quick.interfaces = {
${wgInterface} = {
autostart = false; # Managed by dispatcher
postUp = "echo 'Post up command'";
address = [ "192.168.3.5/32" ];
dns = [ "192.168.1.150" ];
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
peers = [
{
publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
allowedIPs = [ "192.168.0.0/16" ];
endpoint = "wg.john-stream.com:51830";
persistentKeepalive = 25;
}
];
};
};
};
}