nixos: deploy to adm-omnia

author: Karel Kočí <cynerd@email.cz> 2024-12-27 17:47:20 +0100
committer: Karel Kočí <cynerd@email.cz> 2024-12-27 17:47:20 +0100
commit: 3fa889d41893ae35abb9801ccc1b60701459cc15 (patch)
tree: db85398ed60e472a8fb2d503ccd6f107246ea1ef
parent: c87480d287c68bb953aba6d603efad58ffea5e02 (diff)
download: nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.gz
nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.bz2
nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.zip
5 files changed, 21 insertions, 23 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix
index 056a68e..b332cab 100644
--- a/nixos/configurations/adm-omnia.nix
+++ b/nixos/configurations/adm-omnia.nix
@@ -3,8 +3,8 @@
 in {
   turris.board = "omnia";
   deploy = {
-    enable = false;
-    ssh.host = "omnia.adm";
+    enable = true;
+    ssh.host = "adm.cynerd.cz";
   };
 
   cynerd = {
@@ -54,6 +54,10 @@ in {
   };
   systemd.network = {
     networks = {
+      "end2" = {
+        matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd
+        networkConfig.IPv6AcceptRA = false;
+      };
       "pppoe-wan" = {
         matchConfig.Name = "pppoe-wan";
         networkConfig = {
@@ -75,7 +79,7 @@ in {
         linkConfig.RequiredForOnline = "routable";
       };
       "lan-brlan" = {
-        matchConfig.Name = "lan[1-4]";
+        matchConfig.Name = "lan4";
         networkConfig.Bridge = "brlan";
         bridgeVLANs = [
           {
@@ -86,7 +90,7 @@ in {
         ];
       };
       "lan-guest" = {
-        matchConfig.Name = "lan0";
+        matchConfig.Name = "lan[0-3]";
         networkConfig.Bridge = "brlan";
         bridgeVLANs = [
           {
@@ -118,6 +122,7 @@ in {
   # TODO limit NSS clamping to just pppoe-wan
   networking.firewall.extraForwardRules = ''
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
-    iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
+    iifname {"home", "wg"} oifname {"home", "wg"} accept
+    iifname "home" oifname "guest" accept comment "Allow home to access guest devices"
   '';
 }
diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix
index ff3b5a0..8494988 100644
--- a/nixos/configurations/ridcully.nix
+++ b/nixos/configurations/ridcully.nix
@@ -67,10 +67,6 @@ in {
   systemd.network = {
     wait-online.enable = false;
   };
-  #networking.vlans."enp6s0.adm" = {
-  #id = 2;
-  #interface = "enp6s0";
-  #};
 
   environment.systemPackages = [
     pkgs.nvtopPackages.amd
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index f53fd8c..4b358b8 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -64,7 +64,7 @@ in {
         "ridcully" = "10.8.3.60";
         "3dprint" = "10.8.3.80";
         "mpd" = "10.8.3.51";
-        "printer" = "192.168.0.20";
+        "printer" = "192.168.1.20";
         # Portable
         "albert" = "10.8.3.61";
         "binky" = "10.8.3.63";
diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix
index d42cade..3dd4fbc 100644
--- a/nixos/modules/packages.nix
+++ b/nixos/modules/packages.nix
@@ -43,7 +43,6 @@ in {
       mc
       screen
       tmux
-      pv
 
       # ls tools
       tree
@@ -73,6 +72,7 @@ in {
     ++ optionals (system == "x86_64-linux") [
       nmap
       ltrace
+      pv
     ]
     ++ optionals (!isNative) [
       ncdu_1
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index 1b1db90..dd9e978 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -44,18 +44,15 @@ in {
                 PublicKey = config.secrets.wireguardPubs.spt-omnia;
               }
               // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
-            #{
-            #  wireguardPeerConfig =
-            #    {
-            #      Endpoint = "adm.cynerd.cz:51820";
-            #      AllowedIPs = [
-            #        "${config.cynerd.hosts.wg.adm-omnia}/32"
-            #        "10.8.3.0/24"
-            #      ];
-            #      PublicKey = config.secrets.wireguardPubs.adm-omnia;
-            #    }
-            #    // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
-            #}
+            ({
+                Endpoint = "adm.cynerd.cz:51820";
+                AllowedIPs = [
+                  "${config.cynerd.hosts.wg.adm-omnia}/32"
+                  "10.8.3.0/24"
+                ];
+                PublicKey = config.secrets.wireguardPubs.adm-omnia;
+              }
+              // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
           ]
           ++ (optionals is_endpoint (mapAttrsToList (n: v: {
             AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32";
author	Karel Kočí <cynerd@email.cz>	2024-12-27 17:47:20 +0100
committer	Karel Kočí <cynerd@email.cz>	2024-12-27 17:47:20 +0100
commit	3fa889d41893ae35abb9801ccc1b60701459cc15 (patch)
tree	db85398ed60e472a8fb2d503ccd6f107246ea1ef
parent	c87480d287c68bb953aba6d603efad58ffea5e02 (diff)
download	nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.gz nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.tar.bz2 nixos-personal-3fa889d41893ae35abb9801ccc1b60701459cc15.zip