From a9738a94e009610163e3c49e9686c12051917af7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Mon, 1 Apr 2024 12:14:45 +0200
Subject: nixos: few more fixes

---
 nixos/modules/develop.nix        |  5 +++++
 nixos/modules/generic.nix        |  5 ++++-
 nixos/modules/home-assistant.nix |  3 ++-
 nixos/modules/hosts.nix          | 10 ----------
 nixos/modules/openvpn.nix        |  8 --------
 nixos/modules/router.nix         |  1 -
 nixos/modules/switch.nix         |  5 +----
 nixos/modules/wireguad.nix       | 33 +++++++++++++++++++++++++++++++--
 8 files changed, 43 insertions(+), 27 deletions(-)

(limited to 'nixos/modules')

diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix
index e5510c6..d07bc66 100644
--- a/nixos/modules/develop.nix
+++ b/nixos/modules/develop.nix
@@ -73,8 +73,13 @@ in {
           coverage
           mypy
 
+          scipy
+          sympy
+
           pygraphviz
           matplotlib
+          plotly
+          pygal
 
           python-gitlab
           PyGithub
diff --git a/nixos/modules/generic.nix b/nixos/modules/generic.nix
index e4ac094..97391b8 100644
--- a/nixos/modules/generic.nix
+++ b/nixos/modules/generic.nix
@@ -177,7 +177,10 @@ in {
         commands = ["ALL"];
       }
     ];
-    networking.dhcpcd.extraConfig = "controlgroup wheel";
+    networking = {
+      nftables.enable = true;
+      dhcpcd.extraConfig = "controlgroup wheel";
+    };
 
     services.openssh = {
       enable = true;
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
index 769b1c7..ab16e8a 100644
--- a/nixos/modules/home-assistant.nix
+++ b/nixos/modules/home-assistant.nix
@@ -55,9 +55,10 @@ in {
       enable = true;
       device = "/dev/ttyUSB0";
       baseTopicPrefix = "bigclown/";
+      environmentFiles = ["/run/secrets/bigclown.env"];
       mqtt = {
         username = "bigclown";
-        keyfile = "/run/secrets/mqtt-bigclown.pass";
+        password = "\${MQTT_PASSWORD}";
       };
     };
 
diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix
index 054098d..e7ad76b 100644
--- a/nixos/modules/hosts.nix
+++ b/nixos/modules/hosts.nix
@@ -30,12 +30,6 @@ in {
     cynerd.hosts = {
       vpn = {
         "lipwig" = "10.8.0.1";
-        # Portable
-        "binky" = "10.8.0.2";
-        "albert" = "10.8.0.3";
-        "android" = "10.8.0.6";
-        # Endpoints
-        "spt-omnia" = "10.8.0.50";
         "adm-omnia" = "10.8.0.51";
       };
       wg = {
@@ -79,10 +73,6 @@ in {
     networking.hosts = mkIf cnf.enable {
       # VPN
       "${cnf.vpn.lipwig}" = ["lipwig.vpn"];
-      "${cnf.vpn.android}" = ["android.vpn"];
-      "${cnf.vpn.albert}" = ["albert.vpn"];
-      "${cnf.vpn.binky}" = ["binky.vpn"];
-      "${cnf.vpn.spt-omnia}" = ["spt.vpn"];
       "${cnf.vpn.adm-omnia}" = ["adm.vpn"];
       # Wireguard
       "${cnf.wg.lipwig}" = ["lipwig.wg"];
diff --git a/nixos/modules/openvpn.nix b/nixos/modules/openvpn.nix
index d80dd9d..789d430 100644
--- a/nixos/modules/openvpn.nix
+++ b/nixos/modules/openvpn.nix
@@ -8,11 +8,6 @@
 in {
   options = {
     cynerd.openvpn = {
-      personal = mkOption {
-        type = types.bool;
-        default = false;
-        description = "My personal OpenVPN";
-      };
       oldpersonal = mkOption {
         type = types.bool;
         default = false;
@@ -28,9 +23,6 @@ in {
 
   config = {
     services.openvpn.servers = {
-      personal = mkIf cnf.personal {
-        config = "config /run/secrets/personal.ovpn";
-      };
       oldpersonal = mkIf cnf.oldpersonal {
         config = "config /run/secrets/old.ovpn";
       };
diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix
index 3002d9b..c8b1283 100644
--- a/nixos/modules/router.nix
+++ b/nixos/modules/router.nix
@@ -50,7 +50,6 @@ in {
   config = mkIf cnf.enable {
     networking = {
       useNetworkd = true;
-      nftables.enable = true;
       firewall = {
         logRefusedConnections = false;
         interfaces = {
diff --git a/nixos/modules/switch.nix b/nixos/modules/switch.nix
index 669b6ab..37ac687 100644
--- a/nixos/modules/switch.nix
+++ b/nixos/modules/switch.nix
@@ -21,10 +21,7 @@ in {
   };
 
   config = mkIf cnf.enable {
-    networking = {
-      useNetworkd = true;
-      nftables.enable = true;
-    };
+    networking.useNetworkd = true;
 
     systemd.network = {
       netdevs = {
diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index d96fc9e..ca28818 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -81,18 +81,47 @@ in {
           IPForward = is_endpoint;
         };
         routes =
-          (optional (hostName != "spt-omnia") {
+          (optional (hostName != "lipwig") {
+            # OpenVPN network
+            routeConfig = {
+              Gateway = config.cynerd.hosts.wg.lipwig;
+              Destination = "10.8.0.0/24";
+              Metric = 2048;
+            };
+          })
+          ++ (optional (hostName != "spt-omnia") {
+            # SPT network
             routeConfig = {
               Gateway = config.cynerd.hosts.wg.spt-omnia;
               Destination = "10.8.2.0/24";
+              Metric = 2048;
             };
           })
           ++ (optional (hostName != "adm-omnia" && hostName != "lipwig") {
+            # Adamkovi network
             routeConfig = {
               Gateway = config.cynerd.hosts.wg.adm-omnia;
               Destination = "10.8.3.0/24";
+              Metric = 2048;
             };
-          });
+          })
+          ++ (optionals (hostName != "dean") [
+            # Elektroline
+            {
+              routeConfig = {
+                Gateway = config.cynerd.hosts.wg.dean;
+                Destination = "10.0.0.0/22";
+                Metric = 2048;
+              };
+            }
+            {
+              routeConfig = {
+                Gateway = config.cynerd.hosts.wg.dean;
+                Destination = "10.0.20.0/24";
+                Metric = 2048;
+              };
+            }
+          ]);
       };
     };
     networking.firewall.allowedUDPPorts = [51820];
-- 
cgit v1.2.3