diff options
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/desktop.nix | 28 | ||||
| -rw-r--r-- | nixos/modules/develop.nix | 35 | ||||
| -rw-r--r-- | nixos/modules/gaming.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/generic.nix | 12 | ||||
| -rw-r--r-- | nixos/modules/homeassistant.nix | 57 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 31 | ||||
| -rw-r--r-- | nixos/modules/openwrtone.nix | 120 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 15 | ||||
| -rw-r--r-- | nixos/modules/router.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/users.nix | 29 | ||||
| -rw-r--r-- | nixos/modules/wifi-zd.nix | 137 | ||||
| -rw-r--r-- | nixos/modules/wireguard.nix | 17 |
12 files changed, 425 insertions, 62 deletions
diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 06c8215..3d8bfb4 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -69,7 +69,6 @@ in { isync msmtp notmuch - astroid dodo taskwarrior3 gnupg @@ -79,15 +78,22 @@ in { exts.pass-otp exts.pass-audit ])) + ranger chromium + tangram ferdium signal-desktop - libreoffice mupdf zathura pdfgrep + libreoffice-qt6-fresh + hunspell + hunspellDicts.en_US-large + hunspellDicts.en_GB-large + hunspellDicts.cs_CZ + xdg-utils xdg-launch mesa-demos @@ -95,7 +101,7 @@ in { pulsemixer mpd - mpc-cli + mpc ncmpcpp feh shotwell @@ -140,7 +146,7 @@ in { gimp inkscape blender - tenacity + #tenacity #kdePackages.kdenlive # GStreamer @@ -155,7 +161,7 @@ in { # Writing typst - typstfmt + typstyle typst-live tinymist vale @@ -271,6 +277,7 @@ in { cnijfilter2 ]; }; + saned.enable = true; avahi.enable = true; samba-wsdd = { enable = true; @@ -297,19 +304,24 @@ in { }; fonts.packages = with pkgs; [ - nerd-fonts.hack arkpandora_ttf corefonts dejavu_fonts + fira-code + fira-code-symbols + fira-math + fira-mono + fira-sans font-awesome freefont_ttf hack-font liberation_ttf libertine + nerd-fonts.hack noto-fonts - noto-fonts-emoji + noto-fonts-color-emoji terminus_font_ttf - ubuntu_font_family + ubuntu-classic unifont ]; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index 6444473..bd84a87 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -32,6 +32,7 @@ in { vim-vint nodePackages.vim-language-server vale + can-utils # Required for neovim plugins editorconfig-checker @@ -49,6 +50,7 @@ in { deadnix agenix nix-tree + nix-output-monitor # Shell dash # Posix shell @@ -63,7 +65,7 @@ in { # C clang-tools massif-visualizer - qcachegrind + elf-size-analyze # Python (python3.withPackages (pypkgs: @@ -88,7 +90,7 @@ in { pygal python-gitlab - PyGithub + pygithub schema jinja2 @@ -112,6 +114,9 @@ in { pylxd selenium + + pyvisa + pyvisa-py ])) ruff geckodriver @@ -179,13 +184,17 @@ in { doc.enable = true; }; - services.udev.extraRules = '' - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE:="0660", GROUP="develop", SYMLINK+="stlinkv2_%n" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="a600", ATTRS{idProduct}=="a003", MODE:="0660", GROUP="develop", SYMLINK+="aix_forte_%n" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ab1", ATTRS{idProduct}=="0e11", MODE:="0660", GROUP="develop" - ''; + services = { + udev.extraRules = '' + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE:="0660", GROUP="develop", SYMLINK+="stlinkv2_%n" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="a600", ATTRS{idProduct}=="a003", MODE:="0660", GROUP="develop", SYMLINK+="aix_forte_%n" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ab1", ATTRS{idProduct}=="0e11", MODE:="0660", GROUP="develop" + ''; + + guix.enable = true; + }; virtualisation = { containers.enable = true; @@ -194,10 +203,10 @@ in { autoPrune.enable = true; storageDriver = "btrfs"; }; - lxd = { - enable = true; - recommendedSysctlSettings = true; - }; + #lxd = { + # enable = true; + # recommendedSysctlSettings = true; + #}; lxc.enable = true; libvirtd.enable = true; spiceUSBRedirection.enable = true; diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index 6e25320..4f957ed 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -38,7 +38,7 @@ in { with pkgs; [ ncurses xorg.libXpm - #flac134 + flac134 libopus ]; }; @@ -47,7 +47,7 @@ in { with pkgs; [ ncurses xorg.libXpm - #flac134 + flac134 # For Nebuchadnezzar libopus SDL SDL2_image diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix index e029058..3e8abaf 100644 --- a/nixos/modules/generic.nix +++ b/nixos/modules/generic.nix @@ -10,14 +10,6 @@ in { extraOptions = "experimental-features = nix-command flakes"; settings = { auto-optimise-store = true; - substituters = [ - "https://thefloweringash-armv7.cachix.org" - "https://arm.cachix.org" - ]; - trusted-public-keys = [ - "thefloweringash-armv7.cachix.org-1:v+5yzBD2odFKeXbmC+OPWVqx4WVoIVO6UXgnSAWFtso=" - "arm.cachix.org-1:K3XjAeWPgWkFtSS9ge5LJSLw3xgnNqyOaG7MDecmTQ8=" - ]; trusted-users = ["@wheel"]; }; registry = { @@ -37,8 +29,8 @@ in { kernelPackages = mkOverride 1100 pkgs.linuxPackages_latest; kernelParams = ["boot.shell_on_fail"]; }; - hardware.enableAllFirmware = true; - services.fwupd.enable = mkDefault (pkgs.system == "x86_64-linux"); + hardware.enableAllFirmware = mkDefault true; + services.fwupd.enable = mkDefault (pkgs.stdenv.hostPlatform.system == "x86_64-linux"); systemd.oomd.enable = false; networking = { diff --git a/nixos/modules/homeassistant.nix b/nixos/modules/homeassistant.nix new file mode 100644 index 0000000..f7ebe9c --- /dev/null +++ b/nixos/modules/homeassistant.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf; + cnf = config.cynerd.ha; +in { + options.cynerd.ha = { + enable = mkEnableOption "Home assistant setup on the primary router."; + domain = mkOption { + type = with types; str; + description = "The domain name of the system."; + }; + extraOptions = mkOption { + type = with types; listOf str; + default = []; + description = "Extra options passed to the container."; + }; + }; + + config = mkIf cnf.enable { + virtualisation.oci-containers = { + backend = "podman"; + containers.homeassistant = { + volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"]; + environment.TZ = "Europe/Prague"; + image = "ghcr.io/home-assistant/armv7-homeassistant:latest"; + extraOptions = + ["--privileged" "--network=host"] + ++ cnf.extraOptions; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "${cnf.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8123"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."${cnf.domain}" = {}; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + }; +} diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index 4b358b8..81bd844 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -19,7 +19,7 @@ in { default = true; description = "Use my personal static hosts"; }; - vpn = staticZoneOption; + zd = staticZoneOption; wg = staticZoneOption; spt = staticZoneOption; adm = staticZoneOption; @@ -28,9 +28,17 @@ in { config = { cynerd.hosts = { - vpn = { - "lipwig" = "10.8.0.1"; - "adm-omnia" = "10.8.0.51"; + zd = { + # Network + "mox" = "10.8.0.1"; + "one0" = "10.8.0.2"; + "camera1" = "10.8.0.21"; + "camera2" = "10.8.0.22"; + # Local + "ridcully" = "10.8.0.59"; + "tc" = "10.8.0.99"; + # Portable + "binky" = "10.8.0.63"; }; wg = { "lipwig" = "10.8.1.1"; @@ -40,6 +48,7 @@ in { # Endpoints "spt-omnia" = "10.8.1.50"; "adm-omnia" = "10.8.1.51"; + "zd-mox" = "10.8.1.52"; # Endpoints without routing "dean" = "10.8.1.59"; }; @@ -61,7 +70,6 @@ in { "omnia" = "10.8.3.1"; "omnia2" = "10.8.3.3"; # Local - "ridcully" = "10.8.3.60"; "3dprint" = "10.8.3.80"; "mpd" = "10.8.3.51"; "printer" = "192.168.1.20"; @@ -72,15 +80,19 @@ in { }; networking.hosts = mkIf cnf.enable { - # VPN - "${cnf.vpn.lipwig}" = ["lipwig.vpn"]; - "${cnf.vpn.adm-omnia}" = ["adm.vpn"]; + # Zd + "${cnf.zd.mox}" = ["mox.zd"]; + "${cnf.zd.one0}" = ["one0.zd"]; + "${cnf.zd.ridcully}" = ["ridcully"]; + "${cnf.zd.tc}" = ["tc.zd"]; + "${cnf.zd.binky}" = ["binky.zd"]; # Wireguard "${cnf.wg.lipwig}" = ["lipwig.wg"]; "${cnf.wg.binky}" = ["binky.wg"]; "${cnf.wg.android}" = ["android.wg"]; "${cnf.wg.spt-omnia}" = ["spt.wg"]; "${cnf.wg.adm-omnia}" = ["adm.wg"]; + "${cnf.wg.zd-mox}" = ["zd.wg"]; "${cnf.wg.dean}" = ["dean" "dean.wg"]; # Spt "${cnf.spt.omnia}" = ["omnia.spt"]; @@ -88,14 +100,13 @@ in { "${cnf.spt.mox2}" = ["mox2.spt"]; "10.8.2.4" = ["mi3g.spt"]; "${cnf.spt.mpd}" = ["mpd.spt"]; - "${cnf.spt.errol}" = ["errol" "desktop.spt"]; + "${cnf.spt.errol}" = ["errol"]; "${cnf.spt.albert}" = ["albert.spt"]; "${cnf.spt.binky}" = ["binky.spt"]; # Adm "${cnf.adm.omnia}" = ["omnia.adm"]; "10.8.3.2" = ["redmi.adm"]; "${cnf.adm.omnia2}" = ["omnia2.adm"]; - "${cnf.adm.ridcully}" = ["ridcully" "desktop.adm"]; "${cnf.adm.albert}" = ["albert.adm"]; "${cnf.adm.binky}" = ["binky.adm"]; "${cnf.adm."3dprint"}" = ["3dprint"]; diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix new file mode 100644 index 0000000..85ddbd2 --- /dev/null +++ b/nixos/modules/openwrtone.nix @@ -0,0 +1,120 @@ +{ + config, + lib, + pkgs, + modulesPath, + extendModules, + ... +}: let + inherit (lib) mkEnableOption mkIf mkDefault; + variant = extendModules { + modules = [ + { + boot.postBootCommands = '' + # On the first boot do some maintenance tasks + if [ -f /nix-path-registration ]; then + set -euo pipefail + + # Register the contents of the initial Nix store + ${config.nix.package.out}/bin/nix-store --load-db < /nix-path-registration + + # nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag. + touch /etc/NIXOS + ${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + + # Prevents this from running on later boots. + rm -f /nix-path-registration + fi + ''; + # We do not have generations in the initial image + boot.loader.generic-extlinux-compatible.configurationLimit = 0; + } + ]; + }; + inherit (variant.config.system.build) toplevel; +in { + options.cynerd.openwrtone = mkEnableOption "Configuration for OpenWrt One"; + + config = mkIf config.cynerd.openwrtone { + nixpkgs = { + hostPlatform = { + config = "aarch64-unknown-linux-gnu"; + system = "aarch64-linux"; + }; + buildPlatform = { + config = "x86_64-unknown-linux-gnu"; + system = "x86_64-linux"; + }; + }; + + # We do not need Grub as U-Boot supports boot using extlinux like file + boot = { + loader = { + grub.enable = mkDefault false; + systemd-boot.enable = mkDefault false; + generic-extlinux-compatible.enable = mkDefault true; + }; + + # Use OpenWrt One specific kernel. It fixes SError with patch. + kernelPackages = mkDefault (pkgs.linuxPackagesFor pkgs.linuxOpenWrtOne); + kernelParams = [ + "fw_devlink=permissive" + "clk_ignore_unused" + "pcie_aspm=off" + ]; + + initrd = { + kernelModules = ["pcie-mediatek-gen3" "nvme"]; + # This includes modules to support common PC manufacturers but is not + # something required on embedded device. + includeDefaultModules = false; + supportedFilesystems = ["btrfs"]; + }; + supportedFilesystems = ["btrfs"]; + }; + hardware.deviceTree.name = mkDefault "mediatek/mt7981b-openwrt-one.dtb"; + + # Cover nix memory consumption peaks by compressing the RAM + zramSwap = mkDefault { + enable = true; + memoryPercent = 80; + }; + + fileSystems = { + "/boot" = mkDefault { + device = "/dev/nvme0n1p1"; + fsType = "vfat"; + }; + "/" = mkDefault { + device = "/dev/nvme0n1p2"; + fsType = "btrfs"; + }; + }; + + environment.systemPackages = with pkgs; [ + iw + ]; + + # No need for installer tools in standard system + system.disableInstallerTools = true; + # No need for NixOS documentation in headless system + documentation.nixos.enable = mkDefault false; + + system.build.tarball = pkgs.callPackage "${modulesPath}/../lib/make-system-tarball.nix" { + extraCommands = pkgs.buildPackages.writeShellScript "tarball-extra-commands" '' + ${variant.config.boot.loader.generic-extlinux-compatible.populateCmd} \ + -c ${toplevel} -d ./boot + ''; + contents = []; + + storeContents = + map (x: { + object = x; + symlink = "none"; + }) [ + toplevel + pkgs.stdenv + ]; + }; + }; +} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index 155d8a5..f6961af 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -1,11 +1,11 @@ { - config, lib, pkgs, ... }: let inherit (lib) optionals; - isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform; + inherit (pkgs.stdenv.hostPlatform) isx86_64; + isNative = pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform; in { nixpkgs = { config.allowUnfree = true; @@ -41,12 +41,12 @@ in { btop iotop mc - tmux # ls tools tree lsof strace + ripgrep sourceHighlight # Colors for less unrar @@ -63,17 +63,14 @@ in { wakeonlan speedtest-cli librespeed-cli - #termshark + termshark w3m lm_sensors ] - ++ optionals (system != "armv7l-linux") [ - ranger - ] - ++ optionals (system == "x86_64-linux") [ + ++ optionals isx86_64 [ nmap - ltrace + #ltrace pv screen ] diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index 224037b..01110ae 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -178,7 +178,7 @@ in { services.resolved = { enable = true; - dnssec = "true"; + #dnssec = "true"; fallbackDns = ["1.1.1.1" "8.8.8.8"]; extraConfig = '' DNSStubListenerExtra=${cnf.lanIP} diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index 7d0dc77..9c65f8b 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -3,8 +3,8 @@ config, ... }: let - isNative = config.nixpkgs.hostPlatform == config.nixpkgs.buildPlatform; - isArm = pkgs.hostPlatform.isAarch; + isNative = pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform; + isArm = pkgs.stdenv.hostPlatform.isAarch; in { users = { mutableUsers = false; @@ -43,12 +43,25 @@ in { }; }; - security.sudo.extraRules = [ - { - groups = ["wheel"]; - commands = ["ALL"]; - } - ]; + security = { + doas = { + enable = true; + extraRules = [ + { + groups = ["wheel"]; + keepEnv = true; + persist = true; + } + ]; + }; + + sudo.extraRules = [ + { + groups = ["wheel"]; + commands = ["ALL"]; + } + ]; + }; services.openssh = { enable = true; diff --git a/nixos/modules/wifi-zd.nix b/nixos/modules/wifi-zd.nix new file mode 100644 index 0000000..107fdf4 --- /dev/null +++ b/nixos/modules/wifi-zd.nix @@ -0,0 +1,137 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf mkForce mkMerge hostapd elemAt; + cnf = config.cynerd.wifiAP.zd; + + wifi-networks = name: let + is2g = cnf."${name}".channel <= 14; + in { + "${cnf."${name}".interface}" = { + bssid = elemAt cnf."${name}".bssids 0; + ssid = "UNas${ + if is2g + then "" + else "5" + }"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-UNas.pass"; + }; + settings = mkIf is2g { + ieee80211w = 0; + wpa_key_mgmt = mkForce "WPA-PSK"; # force use without sha256 + }; + }; + "${cnf."${name}".interface}.guest" = { + bssid = elemAt cnf."${name}".bssids 1; + ssid = "Koci"; + authentication = { + mode = "wpa2-sha256"; + wpaPasswordFile = "/run/secrets/hostapd-Koci.pass"; + }; + }; + }; + + net-networks = name: { + "lan-${cnf."${name}".interface}" = { + matchConfig = { + Name = cnf."${name}".interface; + WLANInterfaceType = "ap"; + }; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 1; + PVID = 1; + } + ]; + }; + "lan-${cnf."${name}".interface}-guest" = { + matchConfig.Name = "${cnf."${name}".interface}.guest"; + networkConfig.Bridge = "brlan"; + bridgeVLANs = [ + { + EgressUntagged = 2; + PVID = 2; + } + ]; + }; + }; + + wOptions = card: channelDefault: { + interface = mkOption { + type = with types; nullOr str; + default = null; + description = "Specify interface for ${card}"; + }; + bssids = mkOption { + type = with types; listOf str; + default = []; + description = "BSSIDs for networks."; + }; + channel = mkOption { + type = types.ints.positive; + default = channelDefault; + description = "Channel to be used for ${card}"; + }; + }; +in { + options = { + cynerd.wifiAP.zd = { + enable = mkEnableOption "Enable Wi-Fi Access Point support"; + ar9287 = wOptions "Qualcom Atheros AR9287" 7; + qca988x = wOptions "Qualcom Atheros QCA988x" 36; + }; + }; + + config = mkIf cnf.enable { + # TODO regdom doesn't work for some reason + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="CZ" + ''; + services.hostapd = { + enable = true; + radios = mkMerge [ + (mkIf (cnf.ar9287.interface != null) { + "${cnf.ar9287.interface}" = { + inherit (cnf.ar9287) channel; + countryCode = "CZ"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosAR9287.wifi4) capabilities; + }; + networks = wifi-networks "ar9287"; + }; + }) + (mkIf (cnf.qca988x.interface != null) { + "${cnf.qca988x.interface}" = let + is2g = cnf.qca988x.channel <= 14; + in { + inherit (cnf.qca988x) channel; + countryCode = "CZ"; + band = + if is2g + then "2g" + else "5g"; + wifi4 = { + enable = true; + inherit (hostapd.qualcomAtherosQCA988x.wifi4) capabilities; + }; + wifi5 = { + enable = !is2g; + inherit (hostapd.qualcomAtherosQCA988x.wifi5) capabilities; + }; + networks = wifi-networks "qca988x"; + }; + }) + ]; + }; + systemd.network.networks = mkMerge [ + (mkIf (cnf.ar9287.interface != null) (net-networks "ar9287")) + (mkIf (cnf.qca988x.interface != null) (net-networks "qca988x")) + ]; + }; +} diff --git a/nixos/modules/wireguard.nix b/nixos/modules/wireguard.nix index b49eaae..4fd942c 100644 --- a/nixos/modules/wireguard.nix +++ b/nixos/modules/wireguard.nix @@ -6,7 +6,7 @@ }: let inherit (lib) any all mkEnableOption mkIf mapAttrsToList optional optionals optionalAttrs filterAttrs; inherit (config.networking) hostName; - endpoints = ["lipwig" "spt-omnia" "adm-omnia"]; + endpoints = ["lipwig" "spt-omnia" "adm-omnia" "zd-mox"]; is_endpoint = any (v: v == hostName) endpoints; in { options = { @@ -53,6 +53,15 @@ in { PublicKey = config.secrets.wireguardPubs.adm-omnia; } // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) + ({ + Endpoint = "zd.cynerd.cz:51820"; + AllowedIPs = [ + "${config.cynerd.hosts.wg.zd-mox}/32" + "10.8.0.0/24" + ]; + PublicKey = config.secrets.wireguardPubs.zd-mox; + } + // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;})) ] ++ (optionals is_endpoint (mapAttrsToList (n: v: { AllowedIPs = "${config.cynerd.hosts.wg."${n}"}/32"; @@ -77,6 +86,12 @@ in { Gateway = config.cynerd.hosts.wg.adm-omnia; Destination = "10.8.3.0/24"; Metric = 2048; + }) + ++ (optional (hostName != "zd-mox") { + # ZD network + Gateway = config.cynerd.hosts.wg.zd-mox; + Destination = "10.8.0.0/24"; + Metric = 2048; }); }; }; |