diff options
| -rw-r--r-- | nixos/configurations/adm-omnia.nix | 15 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/wireguad.nix | 21 |
5 files changed, 21 insertions, 23 deletions
diff --git a/nixos/configurations/adm-omnia.nix b/nixos/configurations/adm-omnia.nix index 056a68e..b332cab 100644 --- a/nixos/configurations/adm-omnia.nix +++ b/nixos/configurations/adm-omnia.nix @@ -3,8 +3,8 @@ in { turris.board = "omnia"; deploy = { - enable = false; - ssh.host = "omnia.adm"; + enable = true; + ssh.host = "adm.cynerd.cz"; }; cynerd = { @@ -54,6 +54,10 @@ in { }; systemd.network = { networks = { + "end2" = { + matchConfig.Name = "end2"; # Ensure that it is managed by systemd-networkd + networkConfig.IPv6AcceptRA = false; + }; "pppoe-wan" = { matchConfig.Name = "pppoe-wan"; networkConfig = { @@ -75,7 +79,7 @@ in { linkConfig.RequiredForOnline = "routable"; }; "lan-brlan" = { - matchConfig.Name = "lan[1-4]"; + matchConfig.Name = "lan4"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -86,7 +90,7 @@ in { ]; }; "lan-guest" = { - matchConfig.Name = "lan0"; + matchConfig.Name = "lan[0-3]"; networkConfig.Bridge = "brlan"; bridgeVLANs = [ { @@ -118,6 +122,7 @@ in { # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept + iifname {"home", "wg"} oifname {"home", "wg"} accept + iifname "home" oifname "guest" accept comment "Allow home to access guest devices" ''; } diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index ff3b5a0..8494988 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -67,10 +67,6 @@ in { systemd.network = { wait-online.enable = false; }; - #networking.vlans."enp6s0.adm" = { - #id = 2; - #interface = "enp6s0"; - #}; environment.systemPackages = [ pkgs.nvtopPackages.amd diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index f53fd8c..4b358b8 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -64,7 +64,7 @@ in { "ridcully" = "10.8.3.60"; "3dprint" = "10.8.3.80"; "mpd" = "10.8.3.51"; - "printer" = "192.168.0.20"; + "printer" = "192.168.1.20"; # Portable "albert" = "10.8.3.61"; "binky" = "10.8.3.63"; diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index d42cade..3dd4fbc 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -43,7 +43,6 @@ in { mc screen tmux - pv # ls tools tree @@ -73,6 +72,7 @@ in { ++ optionals (system == "x86_64-linux") [ nmap ltrace + pv ] ++ optionals (!isNative) [ ncdu_1 diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix index 1b1db90..dd9e978 100644 --- a/nixos/modules/wireguad.nix +++ b/nixos/modules/wireguad.nix @@ -44,18 +44,15 @@ in { PublicKey = config.secrets.wireguardPubs.spt-omnia; } // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) - #{ - # wireguardPeerConfig = - # { - # Endpoint = "adm.cynerd.cz:51820"; - # AllowedIPs = [ - # "${config.cynerd.hosts.wg.adm-omnia}/32" - # "10.8.3.0/24" - # ]; - # PublicKey = config.secrets.wireguardPubs.adm-omnia; - # } - # // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}); - #} + ({ + Endpoint = "adm.cynerd.cz:51820"; + AllowedIPs = [ + "${config.cynerd.hosts.wg.adm-omnia}/32" + "10.8.3.0/24" + ]; + PublicKey = config.secrets.wireguardPubs.adm-omnia; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) ] ++ (optionals is_endpoint (mapAttrsToList (n: v: { AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; |