diff options
-rw-r--r-- | flake.lock | 58 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia.nix | 14 | ||||
-rw-r--r-- | nixos/configurations/adm-omnia2.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/binky.nix | 2 | ||||
-rw-r--r-- | nixos/configurations/lipwig.nix | 98 | ||||
-rw-r--r-- | nixos/configurations/spt-mox.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/spt-mox2.nix | 8 | ||||
-rw-r--r-- | nixos/configurations/spt-omnia.nix | 8 | ||||
-rw-r--r-- | nixos/modules/bcg.nix | 167 | ||||
-rw-r--r-- | nixos/modules/default.nix | 1 | ||||
-rw-r--r-- | nixos/modules/desktop.nix | 1 | ||||
-rw-r--r-- | nixos/modules/develop.nix | 3 | ||||
-rw-r--r-- | nixos/modules/router.nix | 10 | ||||
-rw-r--r-- | nixos/modules/switch.nix | 6 | ||||
-rw-r--r-- | nixos/modules/wifi-adm.nix | 36 | ||||
-rw-r--r-- | nixos/modules/wifi-spt.nix | 16 | ||||
-rw-r--r-- | nixos/modules/wireguad.nix | 66 |
17 files changed, 191 insertions, 319 deletions
@@ -8,11 +8,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1714136352, - "narHash": "sha256-BtWQ2Th/jamO1SlD+2ASSW5Jaf7JhA/JLpQHk0Goqpg=", + "lastModified": 1716561646, + "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "owner": "ryantm", "repo": "agenix", - "rev": "24a7ea390564ccd5b39b7884f597cfc8d7f6f44e", + "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "type": "github" }, "original": { @@ -259,11 +259,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1714637027, - "narHash": "sha256-NykJkVlRjP7Rz4zMuibGtjFuGGBlneZ+53oWV9Lktik=", + "lastModified": 1718017207, + "narHash": "sha256-JQoiRu2+7PbRlPk4S0kX4ss7yK3O+D7GeXscx+87T3M=", "owner": "cynerd", "repo": "nixosdeploy", - "rev": "26e8b7e5b9a5310efcd50a8f94e0f40c4f4ddab7", + "rev": "a44b1eed846479923a968eb465ab39a4bd919434", "type": "gitlab" }, "original": { @@ -274,11 +274,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1714979072, - "narHash": "sha256-OfShHRR4QmVwEof1EWuZUygw/SFnmxfHogtCKc4vNRM=", + "lastModified": 1717995329, + "narHash": "sha256-lQJXEFHHVsFdFLx0bvoRbZH3IXUBsle6EWj9JroTJ/s=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "8a4adfe48b68b50ef62e9a299898093436269b6d", + "rev": "58b52b0dd191af70f538c707c66c682331cfdffc", "type": "github" }, "original": { @@ -332,11 +332,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1714906307, - "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=", + "lastModified": 1717974879, + "narHash": "sha256-GTO3C88+5DX171F/gVS3Qga/hOs/eRMxPFpiHq2t+D8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588", + "rev": "c7b821ba2e1e635ba5a76d299af62821cbcb09f3", "type": "github" }, "original": { @@ -347,11 +347,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1710252211, - "narHash": "sha256-hQChQpB4LDBaSrNlD6DPLhU9T+R6oyxMCg2V+S7Y1jg=", + "lastModified": 1715653339, + "narHash": "sha256-7lR9tpVXviSccl07GXI0+ve/natd24HAkuy1sQp0OlI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7eeacecff44e05a9fd61b9e03836b66ecde8a525", + "rev": "abd6d48f8c77bea7dc51beb2adfa6ed3950d2585", "type": "github" }, "original": { @@ -435,11 +435,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1711995409, - "narHash": "sha256-bA7nACBn5EQvt1kBHmguLeXMpOoiUv8O/8GneL1bBrc=", + "lastModified": 1715772678, + "narHash": "sha256-UxVyJzWt4/TzJhfbX2LcKAb1fhAH0PXJA9boUaHsyZ0=", "owner": "cynerd", "repo": "nixturris", - "rev": "4f049cddb61655f416c841d93deba524ed0cb2bb", + "rev": "c3cf29dba9af8a226e527f11b80305bcdd22e5dd", "type": "gitlab" }, "original": { @@ -450,11 +450,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1713645853, - "narHash": "sha256-K88bkJyfgCW27ezj+i/FCxiHcVbN8bQt56xiFiyoglU=", + "lastModified": 1716452759, + "narHash": "sha256-leiQrRghrECNEwkNA/TFVlNFLe+yu/qS+IHKcsLXUxw=", "ref": "refs/heads/master", - "rev": "c3a42c56249c26f67916fe332de1f59ec634679b", - "revCount": 106, + "rev": "a437d31815d8ce9f5907884fd9d87a0d7f9011f0", + "revCount": 107, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, @@ -504,11 +504,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1710324061, - "narHash": "sha256-iljq1G7W3Pd18Dda9GhLlHoH7yDU15nCatOqpt0jeSY=", + "lastModified": 1716543407, + "narHash": "sha256-/Ly4X3SYtSCb8utV+lzRO6Rc2oig7uN6dhFT70uKG6A=", "ref": "refs/heads/master", - "rev": "4456b47318a9014b8fa2eeec34edb165cb4ca811", - "revCount": 107, + "rev": "31f5accaa54f6110cfeefa19e3e4ed6d1a71190b", + "revCount": 111, "type": "git", "url": "https://git.cynerd.cz/shellrc" }, @@ -693,11 +693,11 @@ }, "vpsadminos": { "locked": { - "lastModified": 1714347288, - "narHash": "sha256-jx3B+0TTcp+EDtrbOZgt3D3Rm2ReMmAI34WSTv/pZq8=", + "lastModified": 1717952947, + "narHash": "sha256-RAgrrmJvCJb4Kntsb49hbucPIY0833V9V9I7pKcqbl8=", "owner": "vpsfreecz", "repo": "vpsadminos", - "rev": "07e03c5f039ee02579124ea331393dcde562ba34", + "rev": "0330fef1b06f3b7186825d236381f94a5bed7938", "type": "github" }, "original": { diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 672788a..dad595b 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -37,12 +37,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; "lan0-guest" = { @@ -50,10 +48,8 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; diff --git a/nixos/configurations/adm-omnia2.nix b/nixos/configurations/adm-omnia2.nix index 19ee446..2848bd9 100644 --- a/nixos/configurations/adm-omnia2.nix +++ b/nixos/configurations/adm-omnia2.nix @@ -45,12 +45,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 6dfb6a5..4b552d5 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -75,7 +75,7 @@ in { DHCP = "yes"; IPv6AcceptRA = "yes"; }; - routes = [{routeConfig.Metric = 1088;}]; + routes = [{Metric = 1088;}]; linkConfig.RequiredForOnline = "routable"; }; }; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index e6ec96a..524a864 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -33,6 +33,10 @@ "/nas" = { device = "172.16.128.63:/nas/2682"; fsType = "nfs"; + options = [ + "_netdev" + "x-systemd.automount" + ]; }; "/nas/nextcloud-sync" = { device = "/nas/sync"; @@ -43,12 +47,11 @@ device = "nas@omnia.spt:/data/nas"; fsType = "fuse.sshfs"; options = [ - "noauto" - "x-systemd.automount" + "allow_other" "_netdev" + "x-systemd.automount" "reconnect" "identityfile=/run/secrets/nas.ssh.priv" - "allow_other" "idmap=user" "uid=nextcloud" "gid=nextcloud" @@ -104,8 +107,8 @@ root = "${pkgs.cgit}/cgit"; locations."/".tryFiles = "$uri @cgit"; locations."@cgit".extraConfig = '' - fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; fastcgi_param PATH_INFO $uri; fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; @@ -124,6 +127,14 @@ proxyWebsockets = true; }; }; + "searx.cynerd.cz" = { + forceSSL = true; + useACMEHost = "cynerd.cz"; + locations."/".extraConfig = '' + uwsgi_pass "unix:///run/searx/searx.sock"; + include ${config.services.nginx.package}/conf/uwsgi_params; + ''; + }; }; }; services.fcgiwrap = { @@ -134,9 +145,10 @@ acceptTerms = true; defaults.email = "cynerd+acme@email.cz"; certs."cynerd.cz".extraDomainNames = [ - "git.cynerd.cz" "cloud.cynerd.cz" + "git.cynerd.cz" "grafana.cynerd.cz" + "searx.cynerd.cz" ]; }; @@ -267,6 +279,82 @@ ensureDatabases = ["nextcloud"]; }; + # SearX #################################################################### + services.searx = { + enable = true; + environmentFile = "/run/secrets/searx.env"; + settings = { + server.secret_key = "@SEARX_SECRET_KEY@"; + search = { + autocomplete = "google"; + autocomplete_min = 2; + }; + ui = { + query_in_title = true; + infinite_scroll = true; + center_alignment = true; + hotkeys = "vim"; + }; + engines = [ + { + name = "seznam"; + disabled = false; + } + { + name = "material icons"; + disabled = false; + } + { + name = "svgrepo"; + disabled = false; + } + { + name = "peertube"; + disabled = false; + } + { + name = "lib.rs"; + disabled = false; + } + { + name = "gitlab"; + disabled = false; + } + { + name = "sourcehut"; + disabled = false; + } + { + name = "free software directory"; + disabled = false; + } + { + name = "cppreference"; + disabled = false; + } + { + name = "searchcode code"; + disabled = false; + } + { + name = "imdb"; + disabled = false; + } + { + name = "tmdb"; + disabled = false; + } + ]; + }; + runInUwsgi = true; + uwsgiConfig = { + socket = "/run/searx/searx.sock"; + chmod-socket = "660"; + }; + redisCreateLocally = true; + }; + users.groups.searx.members = ["nginx"]; + # Old Syncthing ############################################################ services.syncthing = { enable = true; diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 4e29bca..0bc7627 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -42,12 +42,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix index 9ffde96..085bb5f 100644 --- a/nixos/configurations/spt-mox2.nix +++ b/nixos/configurations/spt-mox2.nix @@ -41,12 +41,10 @@ networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index e97f29f..29fe8c4 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -156,12 +156,10 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 2;} ]; }; }; diff --git a/nixos/modules/bcg.nix b/nixos/modules/bcg.nix deleted file mode 100644 index 3146c15..0000000 --- a/nixos/modules/bcg.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.services.bcg; - configFile = (pkgs.formats.yaml {}).generate "bcg.conf.yaml" ( - filterAttrsRecursive (_: v: v != null) { - inherit (cfg) device name mqtt; - retain_node_messages = cfg.retainNodeMessages; - qos_node_messages = cfg.qosNodeMessages; - base_topic_prefix = cfg.baseTopicPrefix; - automatic_remove_kit_from_names = cfg.automaticRemoveKitFromNames; - automatic_rename_kit_nodes = cfg.automaticRenameKitNodes; - automatic_rename_generic_nodes = cfg.automaticRenameGenericNodes; - automatic_rename_nodes = cfg.automaticRenameNodes; - } - ); -in { - options = { - services.bcg = { - enable = mkEnableOption "BigClown gateway"; - package = mkPackageOption pkgs ["python3Packages" "bcg"] {}; - environmentFiles = mkOption { - type = types.listOf types.path; - default = []; - example = ["/run/keys/bcg.env"]; - description = '' - File to load as environment file. Environment variables from this file - will be interpolated into the config file using envsubst with this - syntax: `$ENVIRONMENT` or `''${VARIABLE}`. - This is useful to avoid putting secrets into the nix store. - ''; - }; - verbose = mkOption { - type = types.enum ["CRITICAL" "ERROR" "WARNING" "INFO" "DEBUG"]; - default = "WARNING"; - description = "Verbosity level."; - }; - device = mkOption { - type = types.str; - description = "Device name to configure gateway to use."; - }; - name = mkOption { - type = with types; nullOr str; - default = null; - description = '' - Name for the device. - - Supported variables: - * `{ip}` IP address - * `{id}` The ID of the connected usb-dongle or core-module - - `null` can be used for automatic detection from gateway firmware. - ''; - }; - mqtt = { - host = mkOption { - type = types.str; - default = "127.0.0.1"; - description = "Host where MQTT server is running."; - }; - port = mkOption { - type = types.port; - default = 1883; - description = "Port of MQTT server."; - }; - username = mkOption { - type = with types; nullOr str; - default = null; - description = "MQTT server access username."; - }; - password = mkOption { - type = with types; nullOr str; - default = null; - description = "MQTT server access password."; - }; - cafile = mkOption { - type = with types; nullOr str; - default = null; - description = "Certificate Authority file for MQTT server access."; - }; - certfile = mkOption { - type = with types; nullOr str; - default = null; - description = "Certificate file for MQTT server access."; - }; - keyfile = mkOption { - type = with types; nullOr str; - default = null; - description = "Key file for MQTT server access."; - }; - }; - retainNodeMessages = mkOption { - type = types.bool; - default = false; - description = "Specify that node messages should be retaied in MQTT broker."; - }; - qosNodeMessages = mkOption { - type = types.int; - default = 1; - description = "Set the guarantee of MQTT message delivery."; - }; - baseTopicPrefix = mkOption { - type = types.str; - default = ""; - description = "Topic prefix added to all MQTT messages."; - }; - automaticRemoveKitFromNames = mkOption { - type = types.bool; - default = true; - description = "Automatically remove kits."; - }; - automaticRenameKitNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename kit's nodes."; - }; - automaticRenameGenericNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename generic nodes."; - }; - automaticRenameNodes = mkOption { - type = types.bool; - default = true; - description = "Automatically rename all nodes."; - }; - rename = mkOption { - type = with types; attrsOf str; - default = {}; - description = "Rename nodes to different name."; - }; - }; - }; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - python3Packages.bcg - python3Packages.bch - ]; - - systemd.services.bcg = let - envConfig = cfg.environmentFiles != []; - finalConfig = - if envConfig - then "$RUNTIME_DIRECTORY/bcg.config.yaml" - else configFile; - in { - description = "BigClown Gateway"; - wantedBy = ["multi-user.target"]; - wants = ["network-online.target"] ++ lib.optional config.services.mosquitto.enable "mosquitto.service"; - after = ["network-online.target"]; - preStart = '' - umask 077 - ${pkgs.envsubst}/bin/envsubst -i "${configFile}" -o "${finalConfig}" - ''; - serviceConfig = { - EnvironmentFile = cfg.environmentFiles; - ExecStart = "${cfg.package}/bin/bcg -c ${finalConfig} -v ${cfg.verbose}"; - RuntimeDirectory = "bcg"; - }; - }; - }; -} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 6bc0d70..d45cb0a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -17,6 +17,5 @@ in // { default = { imports = attrValues modules ++ default_modules; - disabledModules = ["services/misc/bcg.nix"]; }; } diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 0c8f287..2b19b93 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -81,7 +81,6 @@ in { exts.pass-otp #exts.pass-audit ])) - nextcloud-client chromium ferdium diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index a18c7ac..2a20527 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -61,6 +61,8 @@ in { # C clang-tools + massif-visualizer + qcachegrind # Python (python3.withPackages (pypkgs: @@ -75,6 +77,7 @@ in { mypy scipy + statsmodels sympy pygraphviz diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index c8b1283..a658515 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -98,8 +98,8 @@ in { matchConfig.Name = "brlan"; networkConfig.VLAN = ["home" "guest"]; bridgeVLANs = [ - {bridgeVLANConfig.VLAN = 1;} - {bridgeVLANConfig.VLAN = 2;} + {VLAN = 1;} + {VLAN = 2;} ]; }; "home" = { @@ -121,10 +121,8 @@ in { }; dhcpServerStaticLeases = mapAttrsToList (n: v: { - dhcpServerStaticLeaseConfig = { - MACAddress = n; - Address = v; - }; + MACAddress = n; + Address = v; }) cnf.staticLeases; dhcpPrefixDelegationConfig = { diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix index 37ac687..e74102a 100644 --- a/nixos/modules/switch.nix +++ b/nixos/modules/switch.nix @@ -42,10 +42,8 @@ in { matchConfig.Name = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - PVID = 1; - EgressUntagged = 1; - }; + PVID = 1; + EgressUntagged = 1; } ]; networkConfig = { diff --git a/nixos/modules/wifi-adm.nix b/nixos/modules/wifi-adm.nix index 40210e7..1db730c 100644 --- a/nixos/modules/wifi-adm.nix +++ b/nixos/modules/wifi-adm.nix @@ -117,10 +117,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -129,10 +127,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -141,10 +137,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -153,10 +147,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -165,10 +157,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; @@ -177,10 +167,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 2; - PVID = 2; - }; + EgressUntagged = 2; + PVID = 2; } ]; }; diff --git a/nixos/modules/wifi-spt.nix b/nixos/modules/wifi-spt.nix index 669439d..2ecc3a3 100644 --- a/nixos/modules/wifi-spt.nix +++ b/nixos/modules/wifi-spt.nix @@ -130,10 +130,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -142,10 +140,8 @@ in { # networkConfig.Bridge = "brlan"; # bridgeVLANs = [ # { - # bridgeVLANConfig = { # EgressUntagged = 2; # PVID = 2; - # }; # } # ]; #}; @@ -159,10 +155,8 @@ in { networkConfig.Bridge = "brlan"; bridgeVLANs = [ { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; + EgressUntagged = 1; + PVID = 1; } ]; }; @@ -171,10 +165,8 @@ in { # networkConfig.Bridge = "brlan"; # bridgeVLANs = [ # { - # bridgeVLANConfig = { # EgressUntagged = 2; # PVID = 2; - # }; # } # ]; #}; diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix index eb25a6e..69e1ccd 100644 --- a/nixos/modules/wireguad.nix +++ b/nixos/modules/wireguad.nix @@ -29,27 +29,21 @@ in { }; wireguardPeers = [ - { - wireguardPeerConfig = - { - Endpoint = "cynerd.cz:51820"; - AllowedIPs = ["0.0.0.0/0"]; - PublicKey = config.secrets.wireguardPubs.lipwig; - } - // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}); - } - { - wireguardPeerConfig = - { - Endpoint = "spt.cynerd.cz:51820"; - AllowedIPs = [ - "${config.cynerd.hosts.wg.spt-omnia}/32" - "10.8.2.0/24" - ]; - PublicKey = config.secrets.wireguardPubs.spt-omnia; - } - // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}); - } + ({ + Endpoint = "cynerd.cz:51820"; + AllowedIPs = ["0.0.0.0/0"]; + PublicKey = config.secrets.wireguardPubs.lipwig; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) + ({ + Endpoint = "spt.cynerd.cz:51820"; + AllowedIPs = [ + "${config.cynerd.hosts.wg.spt-omnia}/32" + "10.8.2.0/24" + ]; + PublicKey = config.secrets.wireguardPubs.spt-omnia; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) #{ # wireguardPeerConfig = # { @@ -64,10 +58,8 @@ in { #} ] ++ (optionals is_endpoint (mapAttrsToList (n: v: { - wireguardPeerConfig = { - AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; - PublicKey = v; - }; + AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; + PublicKey = v; }) (filterAttrs (n: _: all (v: v != n) endpoints) config.secrets.wireguardPubs))); }; networks."wg" = { @@ -82,27 +74,21 @@ in { routes = (optional (hostName != "lipwig") { # OpenVPN network - routeConfig = { - Gateway = config.cynerd.hosts.wg.lipwig; - Destination = "10.8.0.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.lipwig; + Destination = "10.8.0.0/24"; + Metric = 2048; }) ++ (optional (hostName != "spt-omnia") { # SPT network - routeConfig = { - Gateway = config.cynerd.hosts.wg.spt-omnia; - Destination = "10.8.2.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.spt-omnia; + Destination = "10.8.2.0/24"; + Metric = 2048; }) ++ (optional (hostName != "adm-omnia" && hostName != "lipwig") { # Adamkovi network - routeConfig = { - Gateway = config.cynerd.hosts.wg.adm-omnia; - Destination = "10.8.3.0/24"; - Metric = 2048; - }; + Gateway = config.cynerd.hosts.wg.adm-omnia; + Destination = "10.8.3.0/24"; + Metric = 2048; }); }; }; |