preparing for epic merger

2025-10-29 15:47:06 -04:00 · 2025-10-29 15:47:06 -04:00 · f04b6025d6
commit f04b6025d6
parent e5c40d5d2a
7 changed files with 152 additions and 75 deletions
--- a/clhickey-nixos/configuration.nix
+++ b/clhickey-nixos/configuration.nix
@ -3,13 +3,7 @@
  imports =
    [
      ./hardware-configuration.nix
-      "${inputs.home-manager}/nixos"
-      inputs.mapnix.nixosModules.default
-      ./cos.nix
-      #./docker-kubernetes.nix
-      ./mainWireguard.nix
-      ./hyprland.nix
-      ./winboat.nix
+      ../cos.nix
    ];

  cos.username = "clhickey";
@ -55,15 +49,9 @@
    hostName = config.cos.hostName;
    networkmanager.enable = true;
  };
-  
-  services.mapnix = {
-    openstreetmap-carto-src = inputs.osm-bikeability;
-    enable = false;
-  };

-  cos.mainWireguard = {
+  cos.wireguard = {
    enable = true;
-    ip = "10.100.0.3";
    privateKeyFile = "/home/${config.cos.username}/wireguard-keys/private";
  };

@ -79,7 +67,7 @@
  hardware.bluetooth.enable = true;

  # For languini
-  networking.firewall.interfaces.${config.cos.mainWireguard.interface}.allowedTCPPorts = [
+  networking.firewall.interfaces.${config.cos.wireguard.interface}.allowedTCPPorts = [
    8000
    8080
  ];
@ -94,7 +82,7 @@
      listenAddresses = [
        {
          port = 22;
-          addr = config.cos.mainWireguard.ip;
+          addr = config.cos.wireguard.clientInternalIP;
        }
      ];
    };
--- a/clhickey-nixos/hardware-configuration.nix
+++ b/clhickey-nixos/hardware-configuration.nix
--- a/cos.nix
+++ b/cos.nix
@ -1,11 +1,58 @@
-{ lib, ... }:
+{ lib, inputs, config, ... }:
 {
+  imports = [
+    ./hyprland.nix
+    ./wireguard.nix
+    ./winboat.nix
+    "${inputs.home-manager}/nixos"
+  ];
+
  options.cos = {
    username = lib.mkOption {
      type = lib.types.str;
    };
+    knownHosts = lib.mkOption {
+      default = [ "loadedskypotato" "clhickey-nixos" "nixnas" "phone" "desktop" ];
+      type = lib.types.listOf lib.types.str;
+    };
+    knownPublicIPs = lib.mkOption {
+      type = lib.types.submodule {
+        options = lib.attrsets.genAttrs config.cos.knownHosts (name: lib.mkOption {
+          type = lib.types.nullOr lib.types.str;
+          default = null;
+        });
+      };
+    };
    hostName = lib.mkOption {
-      type = lib.types.str;
+      type = lib.types.enum config.cos.knownHosts;
+    };
+  };
+
+  config.cos = {
+    knownPublicIPs = {
+      loadedskypotato = "50.116.49.95";
+    };
+    wireguard.clientPubOptionsMap = {
+      "loadedskypotato" = {
+        clientNumber = 1;
+        publicKey = "raOzdkhoag+sN2/KXz18F9ncmeTWhdmPJxQJkqsJ7FI=";
+      };
+      "clhickey-nixos" = {
+        clientNumber = 3;
+        publicKey = "7Hi/p1DEnAejX5vf46ul1ZWAeGM9nuWWGXXr9f6sUWA=";
+      };
+      "nixnas" = {
+        clientNumber = 2;
+        publicKey = "TnuODb+I5wfF6z5wlwOFiRr4CKImY557OIXyZCXPSio=";
+      };
+      "phone" = {
+        clientNumber = 4;
+        publicKey = "UAP8/k1zWInrksQQAf0NuDUD1b0K0djDVUcYl+DNMEE=";
+      };
+      "desktop" = {
+        clientNumber = 5;
+        publicKey = "w054mlSBBq4u0ilTYfwc2xbb5Z+7kEigikSZ3R0u73w=";
+      };
    };
  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -26,7 +26,7 @@
    nixosConfigurations.clhickey-nixos = nixpkgs.lib.nixosSystem {
      specialArgs = { inherit inputs; };
      modules = [
-        ./configuration.nix
+        ./clhickey-nixos/configuration.nix
      ];
    };
  };
--- a/mainWireguard.nix
+++ b/mainWireguard.nix
@ -1,54 +0,0 @@
-{config, lib, pkgs, ...}:
-let
-  cfg = config.cos.mainWireguard;
-in
-{
-  options.cos.mainWireguard = {
-    enable = lib.mkEnableOption "enable";
-    interface = lib.mkOption {
-      type = lib.types.str;
-      default = "wg0";
-    };
-    ip = lib.mkOption {
-      type = lib.types.str;
-    };
-    port = lib.mkOption {
-      type = lib.types.int;
-      default = 51820;
-    };
-    privateKeyFile = lib.mkOption {
-      type = lib.types.str;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking.firewall.interfaces.${cfg.interface}.allowedUDPPorts = [
-      cfg.port
-    ];
-
-    environment.systemPackages = with pkgs; [
-      wireguard-tools
-    ];
-
-    networking.wireguard = {
-      enable = true;
-      interfaces = {
-        ${cfg.interface} = {
-          ips = [ "${cfg.ip}/24" ];
-          listenPort = 51820;
-
-          privateKeyFile = cfg.privateKeyFile;
-
-          peers = [
-            {
-              publicKey = "raOzdkhoag+sN2/KXz18F9ncmeTWhdmPJxQJkqsJ7FI=";
-              allowedIPs = [ "10.100.0.0/24" ];
-              endpoint = "50.116.49.95:51820";
-              persistentKeepalive = 25;
-            }
-          ];
-        };
-      };
-    };
-  };
-}
--- a/winboat.nix
+++ b/winboat.nix
@ -1,6 +1,13 @@
-{inputs, config, pkgs, ...}:
+{inputs, config, pkgs, lib, ...}:
+let
+  cfg = config.cos.winboat;
+in
 {
-  config = {
+  options.cos.winboat = {
+    enable = lib.mkEnableOption "Enable winboat";
+  };
+
+  config = lib.mkIf cfg.enable {
    virtualisation.docker.enable = true;

    users.users.${config.cos.username}.extraGroups = [
--- a/wireguard.nix
+++ b/wireguard.nix
@ -0,0 +1,89 @@
+{config, lib, pkgs, ...}:
+let
+  cfg = config.cos.wireguard;
+in
+{
+  options.cos.wireguard = {
+    enable = lib.mkEnableOption "enable";
+    interface = lib.mkOption {
+      type = lib.types.str;
+      default = "wg0";
+    };
+    clientPubOptionsMap = lib.mkOption {
+      type = lib.types.submodule {
+        options = lib.attrsets.genAttrs config.cos.knownHosts (host: lib.mkOption {
+          type = lib.types.nullOr (lib.types.submodule {
+            options = {
+              clientNumber = lib.mkOption {
+                type = lib.types.ints.u8;
+                description = "appended to IP";
+              };
+              ip = lib.mkOption {
+                type = lib.types.str;
+                default = "${cfg.baseIP}.${builtins.toString cfg.clientPubOptionsMap.${host}.clientNumber}";
+              };
+              port = lib.mkOption {
+                type = lib.types.port;
+                default = 51820;
+              };
+              publicKey = lib.mkOption {
+                type = lib.types.str;
+              };
+            };
+          });
+          default = null;
+        });
+      };
+    };
+    baseIP = lib.mkOption {
+      type = lib.types.str;
+      default = "10.100.0";
+    };
+    clientInternalIP = lib.mkOption {
+      type = lib.types.str;
+      default = cfg.clientPubOptionsMap.${config.cos.hostName}.ip;
+    };
+    clientInternalPort = lib.mkOption {
+      type = lib.types.port;
+      default = cfg.clientPubOptionsMap.${config.cos.hostName}.port;
+    };
+    clientPublicKey = lib.mkOption {
+      type = lib.types.str;
+      default = cfg.clientPubOptionsMap.${config.cos.hostName}.publicKey;
+    };
+    privateKeyFile = lib.mkOption {
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.interfaces.${cfg.interface}.allowedUDPPorts = [
+      cfg.clientInternalPort
+    ];
+
+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+    ];
+
+    networking.wireguard = {
+      enable = true;
+      interfaces = {
+        ${cfg.interface} = {
+          ips = [ "${cfg.clientInternalIP}/24" ];
+          listenPort = cfg.clientInternalPort;
+
+          privateKeyFile = cfg.privateKeyFile;
+
+          peers = [
+            {
+              publicKey = cfg.clientPubOptionsMap.loadedskypotato.publicKey;
+              allowedIPs = [ "${cfg.baseIP}.0/24" ];
+              endpoint = "${config.cos.knownPublicIPs.loadedskypotato}:${builtins.toString cfg.clientPubOptionsMap.loadedskypotato.port}";
+              persistentKeepalive = 25;
+            }
+          ];
+        };
+      };
+    };
+  };
+}