aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--flake.lock32
-rw-r--r--nixos/configurations/binky.nix2
-rw-r--r--nixos/modules/wireguad.nix66
3 files changed, 43 insertions, 57 deletions
diff --git a/flake.lock b/flake.lock
index ebf311e..11b4b3c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1715290355,
- "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
+ "lastModified": 1716561646,
+ "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
+ "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
@@ -274,11 +274,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1716173274,
- "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
+ "lastModified": 1717248095,
+ "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
+ "rev": "7b49d3967613d9aacac5b340ef158d493906ba79",
"type": "github"
},
"original": {
@@ -332,11 +332,11 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1716330097,
- "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+ "lastModified": 1717196966,
+ "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
+ "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github"
},
"original": {
@@ -504,11 +504,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
- "lastModified": 1716301159,
- "narHash": "sha256-xQktzvsY3YnOKyZ2sh+tYTGuV3QAXjmWJjqC9XRxEKQ=",
+ "lastModified": 1716543407,
+ "narHash": "sha256-/Ly4X3SYtSCb8utV+lzRO6Rc2oig7uN6dhFT70uKG6A=",
"ref": "refs/heads/master",
- "rev": "d1581b0cd33341fd9a9184d43b1479ded6b8f03b",
- "revCount": 110,
+ "rev": "31f5accaa54f6110cfeefa19e3e4ed6d1a71190b",
+ "revCount": 111,
"type": "git",
"url": "https://git.cynerd.cz/shellrc"
},
@@ -693,11 +693,11 @@
},
"vpsadminos": {
"locked": {
- "lastModified": 1716394591,
- "narHash": "sha256-EcIj4UshRNQFgTS27ZcWsXj97us9GVStzn+ObkHxUSE=",
+ "lastModified": 1717346803,
+ "narHash": "sha256-FGlzOxBqbzkd9m8P7J4olpYFyyovKZ6uAomHRJg2a28=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
- "rev": "be3b41df1d7285e72e37dd3dff9c9df2acdf37b7",
+ "rev": "6a7b974362d8625dad63e46168ff383663de6a57",
"type": "github"
},
"original": {
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix
index 6dfb6a5..4b552d5 100644
--- a/nixos/configurations/binky.nix
+++ b/nixos/configurations/binky.nix
@@ -75,7 +75,7 @@ in {
DHCP = "yes";
IPv6AcceptRA = "yes";
};
- routes = [{routeConfig.Metric = 1088;}];
+ routes = [{Metric = 1088;}];
linkConfig.RequiredForOnline = "routable";
};
};
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index eb25a6e..69e1ccd 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -29,27 +29,21 @@ in {
};
wireguardPeers =
[
- {
- wireguardPeerConfig =
- {
- Endpoint = "cynerd.cz:51820";
- AllowedIPs = ["0.0.0.0/0"];
- PublicKey = config.secrets.wireguardPubs.lipwig;
- }
- // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
- }
- {
- wireguardPeerConfig =
- {
- Endpoint = "spt.cynerd.cz:51820";
- AllowedIPs = [
- "${config.cynerd.hosts.wg.spt-omnia}/32"
- "10.8.2.0/24"
- ];
- PublicKey = config.secrets.wireguardPubs.spt-omnia;
- }
- // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
- }
+ ({
+ Endpoint = "cynerd.cz:51820";
+ AllowedIPs = ["0.0.0.0/0"];
+ PublicKey = config.secrets.wireguardPubs.lipwig;
+ }
+ // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
+ ({
+ Endpoint = "spt.cynerd.cz:51820";
+ AllowedIPs = [
+ "${config.cynerd.hosts.wg.spt-omnia}/32"
+ "10.8.2.0/24"
+ ];
+ PublicKey = config.secrets.wireguardPubs.spt-omnia;
+ }
+ // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;}))
#{
# wireguardPeerConfig =
# {
@@ -64,10 +58,8 @@ in {
#}
]
++ (optionals is_endpoint (mapAttrsToList (n: v: {
- wireguardPeerConfig = {
- AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32";
- PublicKey = v;
- };
+ AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32";
+ PublicKey = v;
}) (filterAttrs (n: _: all (v: v != n) endpoints) config.secrets.wireguardPubs)));
};
networks."wg" = {
@@ -82,27 +74,21 @@ in {
routes =
(optional (hostName != "lipwig") {
# OpenVPN network
- routeConfig = {
- Gateway = config.cynerd.hosts.wg.lipwig;
- Destination = "10.8.0.0/24";
- Metric = 2048;
- };
+ Gateway = config.cynerd.hosts.wg.lipwig;
+ Destination = "10.8.0.0/24";
+ Metric = 2048;
})
++ (optional (hostName != "spt-omnia") {
# SPT network
- routeConfig = {
- Gateway = config.cynerd.hosts.wg.spt-omnia;
- Destination = "10.8.2.0/24";
- Metric = 2048;
- };
+ Gateway = config.cynerd.hosts.wg.spt-omnia;
+ Destination = "10.8.2.0/24";
+ Metric = 2048;
})
++ (optional (hostName != "adm-omnia" && hostName != "lipwig") {
# Adamkovi network
- routeConfig = {
- Gateway = config.cynerd.hosts.wg.adm-omnia;
- Destination = "10.8.3.0/24";
- Metric = 2048;
- };
+ Gateway = config.cynerd.hosts.wg.adm-omnia;
+ Destination = "10.8.3.0/24";
+ Metric = 2048;
});
};
};