aboutsummaryrefslogtreecommitdiff
path: root/nixos/configurations
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2024-03-24 19:05:39 +0100
committerKarel Kočí <cynerd@email.cz>2024-03-24 19:05:39 +0100
commite84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe (patch)
tree55422d1fc9370dc331fa63125a2df5597310c452 /nixos/configurations
parent6c16e4133582def100c39b17369e46906a6d3337 (diff)
downloadnixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.tar.gz
nixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.tar.bz2
nixos-personal-e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe.zip
Add wireguard and more updates
Diffstat (limited to 'nixos/configurations')
-rw-r--r--nixos/configurations/binky.nix24
-rw-r--r--nixos/configurations/dean.nix45
-rw-r--r--nixos/configurations/lipwig.nix18
-rw-r--r--nixos/configurations/spt-omnia.nix6
-rw-r--r--nixos/configurations/spt-omniax.nix51
5 files changed, 63 insertions, 81 deletions
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix
index c51f95b..bdfa47e 100644
--- a/nixos/configurations/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -14,10 +14,8 @@ in {
};
wifiClient = true;
develop = true;
- openvpn = {
- oldpersonal = true;
- elektroline = true;
- };
+ wireguard = true;
+ openvpn.elektroline = true;
};
boot = {
@@ -56,6 +54,24 @@ in {
fileSystems = ["/"];
};
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ };
+ systemd.network = {
+ networks = {
+ "dhcp" = {
+ matchConfig.Name = "enp2s0f0 enp5s0f3u1u1 wlp3s0";
+ networkConfig = {
+ DHCP = "yes";
+ IPv6AcceptRA = "yes";
+ };
+ linkConfig.RequiredForOnline = "routable";
+ };
+ };
+ wait-online.enable = false;
+ };
+
services.syncthing = {
enable = true;
user = mkDefault "cynerd";
diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix
index b91083c..44feaea 100644
--- a/nixos/configurations/dean.nix
+++ b/nixos/configurations/dean.nix
@@ -1,35 +1,38 @@
{pkgs, ...}: {
- nixpkgs.hostPlatform.system = "aarch64-linux";
+ turris.board = "mox";
+ deploy.enable = true;
cynerd = {
- openvpn = {
- oldpersonal = true;
- };
+ wireguard = true;
monitoring.speedtest = true;
};
networking = {
- bridges = {
- brlan = {
- interfaces = [
- "eth0"
- "lan1"
- "lan2"
- "lan3"
- "lan4"
- ];
+ useNetworkd = true;
+ useDHCP = false;
+ };
+ systemd.network = {
+ netdevs."brlab".netdevConfig = {
+ Kind = "bridge";
+ Name = "brlan";
+ };
+ networks = {
+ "brlan" = {
+ matchConfig.Name = "brlan";
+ networkConfig = {
+ DHCP = "yes";
+ IPv6AcceptRA = "yes";
+ };
+ };
+ "lan-brlan" = {
+ matchConfig.Name = "lan* end0";
+ networkConfig.Bridge = "brlan";
};
};
- dhcpcd.allowInterfaces = ["brlan"];
+ # TODO investigate why it doesn't work
+ wait-online.enable = false;
};
- swapDevices = [
- {
- device = "/var/swap";
- priority = 1;
- }
- ];
-
environment.systemPackages = with pkgs; [
#openocd
tio
diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix
index c484541..0eefe5f 100644
--- a/nixos/configurations/lipwig.nix
+++ b/nixos/configurations/lipwig.nix
@@ -19,6 +19,7 @@
enable = false;
baseDir = "/nas";
};
+ wireguard = true;
openvpn.oldpersonal = true;
};
@@ -29,10 +30,21 @@
fsType = "nfs";
};
- networking.firewall = {
- allowedTCPPorts = [80 443];
- allowedUDPPorts = [1194];
+ networking = {
+ useNetworkd = true;
+ useDHCP = false;
+ nftables.enable = true;
+ firewall = {
+ allowedTCPPorts = [80 443];
+ allowedUDPPorts = [1194];
+ filterForward = true;
+ extraForwardRules = ''
+ iifname {"wg", "personalvpn"} oifname {"wg", "personalvpn"} accept
+ '';
+ };
};
+ systemd.network.wait-online.enable = false;
+ systemd.services.networking-setup.wantedBy = ["network-online.target"];
# Web ######################################################################
services.nginx = {
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index ca4d211..8456368 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -37,12 +37,13 @@ in {
channel = 36;
};
};
+ wireguard = true;
openvpn.oldpersonal = true;
monitoring.speedtest = true;
};
services.journald.extraConfig = ''
- SystemMaxUse=512M
+ SystemMaxUse=8G
'';
environment = {
@@ -136,6 +137,7 @@ in {
IPv6AcceptRA = "no";
DHCPPrefixDelegation = "yes";
};
+ dhcpV6Config.PrefixDelegationHint = "::/56";
dhcpPrefixDelegationConfig = {
UplinkInterface = ":self";
SubnetId = 0;
@@ -179,7 +181,7 @@ in {
# TODO limit NSS clamping to just pppoe-wan
networking.firewall.extraForwardRules = ''
tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
- iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept
+ iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept
'';
services.syncthing = {
diff --git a/nixos/configurations/spt-omniax.nix b/nixos/configurations/spt-omniax.nix
deleted file mode 100644
index 4f9e0e0..0000000
--- a/nixos/configurations/spt-omniax.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{
- turris.board = "omnia";
-
- cynerd = {
- router = {
- enable = true;
- wan = "end2";
- lanIP = "192.168.2.1";
- };
- wifiAP.spt = {
- enable = true;
- ar9287.interface = "wlp3s0";
- qca988x.interface = "wlp2s0";
- };
- monitoring.speedtest = true;
- };
-
- networking.useDHCP = false;
- systemd.network = {
- networks = {
- "end2" = {
- matchConfig.Name = "end2";
- networkConfig = {
- BindCarrier = "end2";
- DHCP = "yes";
- IPv6AcceptRA = "yes";
- DHCPPrefixDelegation = "yes";
- };
- dhcpPrefixDelegationConfig = {
- UplinkInterface = ":self";
- SubnetId = 0;
- Announce = "no";
- };
- linkConfig.RequiredForOnline = "routable";
- };
- "lan-brlan" = {
- matchConfig.Name = "lan*";
- networkConfig.Bridge = "brlan";
- bridgeVLANs = [
- {
- bridgeVLANConfig = {
- EgressUntagged = 1;
- PVID = 1;
- };
- }
- {bridgeVLANConfig.VLAN = 2;}
- ];
- };
- };
- };
-}