From e84e6dcf117080eaf7658b25fb20a9dc3b5d1cfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Sun, 24 Mar 2024 19:05:39 +0100 Subject: Add wireguard and more updates --- nixos/configurations/binky.nix | 24 ++++++++++++++--- nixos/configurations/dean.nix | 45 +++++++++++++++++--------------- nixos/configurations/lipwig.nix | 18 ++++++++++--- nixos/configurations/spt-omnia.nix | 6 +++-- nixos/configurations/spt-omniax.nix | 51 ------------------------------------- 5 files changed, 63 insertions(+), 81 deletions(-) delete mode 100644 nixos/configurations/spt-omniax.nix (limited to 'nixos/configurations') diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index c51f95b..bdfa47e 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -14,10 +14,8 @@ in { }; wifiClient = true; develop = true; - openvpn = { - oldpersonal = true; - elektroline = true; - }; + wireguard = true; + openvpn.elektroline = true; }; boot = { @@ -56,6 +54,24 @@ in { fileSystems = ["/"]; }; + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network = { + networks = { + "dhcp" = { + matchConfig.Name = "enp2s0f0 enp5s0f3u1u1 wlp3s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + wait-online.enable = false; + }; + services.syncthing = { enable = true; user = mkDefault "cynerd"; diff --git a/nixos/configurations/dean.nix b/nixos/configurations/dean.nix index b91083c..44feaea 100644 --- a/nixos/configurations/dean.nix +++ b/nixos/configurations/dean.nix @@ -1,35 +1,38 @@ {pkgs, ...}: { - nixpkgs.hostPlatform.system = "aarch64-linux"; + turris.board = "mox"; + deploy.enable = true; cynerd = { - openvpn = { - oldpersonal = true; - }; + wireguard = true; monitoring.speedtest = true; }; networking = { - bridges = { - brlan = { - interfaces = [ - "eth0" - "lan1" - "lan2" - "lan3" - "lan4" - ]; + useNetworkd = true; + useDHCP = false; + }; + systemd.network = { + netdevs."brlab".netdevConfig = { + Kind = "bridge"; + Name = "brlan"; + }; + networks = { + "brlan" = { + matchConfig.Name = "brlan"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + }; + "lan-brlan" = { + matchConfig.Name = "lan* end0"; + networkConfig.Bridge = "brlan"; }; }; - dhcpcd.allowInterfaces = ["brlan"]; + # TODO investigate why it doesn't work + wait-online.enable = false; }; - swapDevices = [ - { - device = "/var/swap"; - priority = 1; - } - ]; - environment.systemPackages = with pkgs; [ #openocd tio diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index c484541..0eefe5f 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -19,6 +19,7 @@ enable = false; baseDir = "/nas"; }; + wireguard = true; openvpn.oldpersonal = true; }; @@ -29,10 +30,21 @@ fsType = "nfs"; }; - networking.firewall = { - allowedTCPPorts = [80 443]; - allowedUDPPorts = [1194]; + networking = { + useNetworkd = true; + useDHCP = false; + nftables.enable = true; + firewall = { + allowedTCPPorts = [80 443]; + allowedUDPPorts = [1194]; + filterForward = true; + extraForwardRules = '' + iifname {"wg", "personalvpn"} oifname {"wg", "personalvpn"} accept + ''; + }; }; + systemd.network.wait-online.enable = false; + systemd.services.networking-setup.wantedBy = ["network-online.target"]; # Web ###################################################################### services.nginx = { diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index ca4d211..8456368 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -37,12 +37,13 @@ in { channel = 36; }; }; + wireguard = true; openvpn.oldpersonal = true; monitoring.speedtest = true; }; services.journald.extraConfig = '' - SystemMaxUse=512M + SystemMaxUse=8G ''; environment = { @@ -136,6 +137,7 @@ in { IPv6AcceptRA = "no"; DHCPPrefixDelegation = "yes"; }; + dhcpV6Config.PrefixDelegationHint = "::/56"; dhcpPrefixDelegationConfig = { UplinkInterface = ":self"; SubnetId = 0; @@ -179,7 +181,7 @@ in { # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4" - iifname {"home", "personalvpn"} oifname {"home", "personalvpn"} accept + iifname {"home", "personalvpn", "wg"} oifname {"home", "personalvpn", "wg"} accept ''; services.syncthing = { diff --git a/nixos/configurations/spt-omniax.nix b/nixos/configurations/spt-omniax.nix deleted file mode 100644 index 4f9e0e0..0000000 --- a/nixos/configurations/spt-omniax.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ - turris.board = "omnia"; - - cynerd = { - router = { - enable = true; - wan = "end2"; - lanIP = "192.168.2.1"; - }; - wifiAP.spt = { - enable = true; - ar9287.interface = "wlp3s0"; - qca988x.interface = "wlp2s0"; - }; - monitoring.speedtest = true; - }; - - networking.useDHCP = false; - systemd.network = { - networks = { - "end2" = { - matchConfig.Name = "end2"; - networkConfig = { - BindCarrier = "end2"; - DHCP = "yes"; - IPv6AcceptRA = "yes"; - DHCPPrefixDelegation = "yes"; - }; - dhcpPrefixDelegationConfig = { - UplinkInterface = ":self"; - SubnetId = 0; - Announce = "no"; - }; - linkConfig.RequiredForOnline = "routable"; - }; - "lan-brlan" = { - matchConfig.Name = "lan*"; - networkConfig.Bridge = "brlan"; - bridgeVLANs = [ - { - bridgeVLANConfig = { - EgressUntagged = 1; - PVID = 1; - }; - } - {bridgeVLANConfig.VLAN = 2;} - ]; - }; - }; - }; -} -- cgit v1.2.3