From f04b6025d68bbc16b06a39e5b08f2454a354c235 Mon Sep 17 00:00:00 2001 From: clay53 Date: Wed, 29 Oct 2025 15:47:06 -0400 Subject: [PATCH] preparing for epic merger --- .../configuration.nix | 20 +---- .../hardware-configuration.nix | 0 cos.nix | 51 ++++++++++- flake.nix | 2 +- mainWireguard.nix | 54 ----------- winboat.nix | 11 ++- wireguard.nix | 89 +++++++++++++++++++ 7 files changed, 152 insertions(+), 75 deletions(-) rename configuration.nix => clhickey-nixos/configuration.nix (90%) rename hardware-configuration.nix => clhickey-nixos/hardware-configuration.nix (100%) delete mode 100644 mainWireguard.nix create mode 100644 wireguard.nix diff --git a/configuration.nix b/clhickey-nixos/configuration.nix similarity index 90% rename from configuration.nix rename to clhickey-nixos/configuration.nix index 1d237f8..d5715be 100644 --- a/configuration.nix +++ b/clhickey-nixos/configuration.nix @@ -3,13 +3,7 @@ imports = [ ./hardware-configuration.nix - "${inputs.home-manager}/nixos" - inputs.mapnix.nixosModules.default - ./cos.nix - #./docker-kubernetes.nix - ./mainWireguard.nix - ./hyprland.nix - ./winboat.nix + ../cos.nix ]; cos.username = "clhickey"; @@ -55,15 +49,9 @@ hostName = config.cos.hostName; networkmanager.enable = true; }; - - services.mapnix = { - openstreetmap-carto-src = inputs.osm-bikeability; - enable = false; - }; - cos.mainWireguard = { + cos.wireguard = { enable = true; - ip = "10.100.0.3"; privateKeyFile = "/home/${config.cos.username}/wireguard-keys/private"; }; @@ -79,7 +67,7 @@ hardware.bluetooth.enable = true; # For languini - networking.firewall.interfaces.${config.cos.mainWireguard.interface}.allowedTCPPorts = [ + networking.firewall.interfaces.${config.cos.wireguard.interface}.allowedTCPPorts = [ 8000 8080 ]; @@ -94,7 +82,7 @@ listenAddresses = [ { port = 22; - addr = config.cos.mainWireguard.ip; + addr = config.cos.wireguard.clientInternalIP; } ]; }; diff --git a/hardware-configuration.nix b/clhickey-nixos/hardware-configuration.nix similarity index 100% rename from hardware-configuration.nix rename to clhickey-nixos/hardware-configuration.nix diff --git a/cos.nix b/cos.nix index 8df4925..6c3330e 100644 --- a/cos.nix +++ b/cos.nix @@ -1,11 +1,58 @@ -{ lib, ... }: +{ lib, inputs, config, ... }: { + imports = [ + ./hyprland.nix + ./wireguard.nix + ./winboat.nix + "${inputs.home-manager}/nixos" + ]; + options.cos = { username = lib.mkOption { type = lib.types.str; }; + knownHosts = lib.mkOption { + default = [ "loadedskypotato" "clhickey-nixos" "nixnas" "phone" "desktop" ]; + type = lib.types.listOf lib.types.str; + }; + knownPublicIPs = lib.mkOption { + type = lib.types.submodule { + options = lib.attrsets.genAttrs config.cos.knownHosts (name: lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + }); + }; + }; hostName = lib.mkOption { - type = lib.types.str; + type = lib.types.enum config.cos.knownHosts; + }; + }; + + config.cos = { + knownPublicIPs = { + loadedskypotato = "50.116.49.95"; + }; + wireguard.clientPubOptionsMap = { + "loadedskypotato" = { + clientNumber = 1; + publicKey = "raOzdkhoag+sN2/KXz18F9ncmeTWhdmPJxQJkqsJ7FI="; + }; + "clhickey-nixos" = { + clientNumber = 3; + publicKey = "7Hi/p1DEnAejX5vf46ul1ZWAeGM9nuWWGXXr9f6sUWA="; + }; + "nixnas" = { + clientNumber = 2; + publicKey = "TnuODb+I5wfF6z5wlwOFiRr4CKImY557OIXyZCXPSio="; + }; + "phone" = { + clientNumber = 4; + publicKey = "UAP8/k1zWInrksQQAf0NuDUD1b0K0djDVUcYl+DNMEE="; + }; + "desktop" = { + clientNumber = 5; + publicKey = "w054mlSBBq4u0ilTYfwc2xbb5Z+7kEigikSZ3R0u73w="; + }; }; }; } diff --git a/flake.nix b/flake.nix index 2be83c3..e20a1df 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ nixosConfigurations.clhickey-nixos = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs; }; modules = [ - ./configuration.nix + ./clhickey-nixos/configuration.nix ]; }; }; diff --git a/mainWireguard.nix b/mainWireguard.nix deleted file mode 100644 index d368e48..0000000 --- a/mainWireguard.nix +++ /dev/null @@ -1,54 +0,0 @@ -{config, lib, pkgs, ...}: -let - cfg = config.cos.mainWireguard; -in -{ - options.cos.mainWireguard = { - enable = lib.mkEnableOption "enable"; - interface = lib.mkOption { - type = lib.types.str; - default = "wg0"; - }; - ip = lib.mkOption { - type = lib.types.str; - }; - port = lib.mkOption { - type = lib.types.int; - default = 51820; - }; - privateKeyFile = lib.mkOption { - type = lib.types.str; - }; - }; - - config = lib.mkIf cfg.enable { - networking.firewall.interfaces.${cfg.interface}.allowedUDPPorts = [ - cfg.port - ]; - - environment.systemPackages = with pkgs; [ - wireguard-tools - ]; - - networking.wireguard = { - enable = true; - interfaces = { - ${cfg.interface} = { - ips = [ "${cfg.ip}/24" ]; - listenPort = 51820; - - privateKeyFile = cfg.privateKeyFile; - - peers = [ - { - publicKey = "raOzdkhoag+sN2/KXz18F9ncmeTWhdmPJxQJkqsJ7FI="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "50.116.49.95:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; - }; - }; -} diff --git a/winboat.nix b/winboat.nix index 8ef3c15..e3d4a8a 100644 --- a/winboat.nix +++ b/winboat.nix @@ -1,6 +1,13 @@ -{inputs, config, pkgs, ...}: +{inputs, config, pkgs, lib, ...}: +let + cfg = config.cos.winboat; +in { - config = { + options.cos.winboat = { + enable = lib.mkEnableOption "Enable winboat"; + }; + + config = lib.mkIf cfg.enable { virtualisation.docker.enable = true; users.users.${config.cos.username}.extraGroups = [ diff --git a/wireguard.nix b/wireguard.nix new file mode 100644 index 0000000..d5606e6 --- /dev/null +++ b/wireguard.nix @@ -0,0 +1,89 @@ +{config, lib, pkgs, ...}: +let + cfg = config.cos.wireguard; +in +{ + options.cos.wireguard = { + enable = lib.mkEnableOption "enable"; + interface = lib.mkOption { + type = lib.types.str; + default = "wg0"; + }; + clientPubOptionsMap = lib.mkOption { + type = lib.types.submodule { + options = lib.attrsets.genAttrs config.cos.knownHosts (host: lib.mkOption { + type = lib.types.nullOr (lib.types.submodule { + options = { + clientNumber = lib.mkOption { + type = lib.types.ints.u8; + description = "appended to IP"; + }; + ip = lib.mkOption { + type = lib.types.str; + default = "${cfg.baseIP}.${builtins.toString cfg.clientPubOptionsMap.${host}.clientNumber}"; + }; + port = lib.mkOption { + type = lib.types.port; + default = 51820; + }; + publicKey = lib.mkOption { + type = lib.types.str; + }; + }; + }); + default = null; + }); + }; + }; + baseIP = lib.mkOption { + type = lib.types.str; + default = "10.100.0"; + }; + clientInternalIP = lib.mkOption { + type = lib.types.str; + default = cfg.clientPubOptionsMap.${config.cos.hostName}.ip; + }; + clientInternalPort = lib.mkOption { + type = lib.types.port; + default = cfg.clientPubOptionsMap.${config.cos.hostName}.port; + }; + clientPublicKey = lib.mkOption { + type = lib.types.str; + default = cfg.clientPubOptionsMap.${config.cos.hostName}.publicKey; + }; + privateKeyFile = lib.mkOption { + type = lib.types.str; + }; + }; + + config = lib.mkIf cfg.enable { + networking.firewall.interfaces.${cfg.interface}.allowedUDPPorts = [ + cfg.clientInternalPort + ]; + + environment.systemPackages = with pkgs; [ + wireguard-tools + ]; + + networking.wireguard = { + enable = true; + interfaces = { + ${cfg.interface} = { + ips = [ "${cfg.clientInternalIP}/24" ]; + listenPort = cfg.clientInternalPort; + + privateKeyFile = cfg.privateKeyFile; + + peers = [ + { + publicKey = cfg.clientPubOptionsMap.loadedskypotato.publicKey; + allowedIPs = [ "${cfg.baseIP}.0/24" ]; + endpoint = "${config.cos.knownPublicIPs.loadedskypotato}:${builtins.toString cfg.clientPubOptionsMap.loadedskypotato.port}"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; + }; +}