dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions

fix vpn config

Browse source
This commit is contained in:
Tim Schubert 2022-04-27 22:34:50 +02:00
parent 34feb8a8a5
commit 0308d6668a
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
4 changed files with 14 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

2
home/home/default.nix
View file

@ -2,7 +2,7 @@
let let
useFeatures = [ useFeatures = [
"alacritty" "alacritty"
"emacs" #"emacs"
"vim" "vim"
"direnv" "direnv"
"git" "git"

17
nixos/ifrit/configuration.nix
View file

@ -19,10 +19,6 @@ in
vpnServer.enable = true; vpnServer.enable = true;
vpnServer.peers = { vpnServer.peers = {
"metis" = {
id = "1";
key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns=";
};
"morax" = { "morax" = {
id = "2"; id = "2";
key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE=";
@ -39,14 +35,6 @@ in
id = "5"; id = "5";
key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk="; key = "o8B8rTA+u5XOJK4JI+TRCFjVJn/3T7UofLqFRIPoNQk=";
}; };
"fginfo" = {
id = "6";
key = "zadidMDiALJUHdhMrGqAa5RGjPN/x5XJ8aR5elnaeUc=";
};
"fginfo-git" = {
id = "7";
key = "5EaLm7uC8XzoN8+BaGzgGRUU4q5shM7gQJcs/d7n+Vo=";
};
}; };
ddns.domains = [ ddns.domains = [
"vpn.dadada.li" "vpn.dadada.li"
@ -134,11 +122,6 @@ in
networking.interfaces.ens3.useDHCP = true; networking.interfaces.ens3.useDHCP = true;
networking.interfaces.ens7.useDHCP = false; networking.interfaces.ens7.useDHCP = false;
boot.kernel.sysctl = {
# Enable forwarding for VPN
"net.ipv6.conf.ens3.forwarding" = true;
};
boot.kernelParams = [ boot.kernelParams = [
"console=ttyS0,115200" "console=ttyS0,115200"
]; ];

11
nixos/modules/networking.nix
View file

@ -56,12 +56,12 @@ in
"::ffff:0:0/96" "::ffff:0:0/96"
]; ];
private-domain = [ private-domain = [
"dyn.dadada.li" "dadada.li"
(mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.uwu "uwu")
(mkIf cfg.localResolver.s0 "s0") (mkIf cfg.localResolver.s0 "s0")
]; ];
domain-insecure = [ domain-insecure = [
"dyn.dadada.li" "dadada.li"
(mkIf cfg.localResolver.uwu "uwu") (mkIf cfg.localResolver.uwu "uwu")
(mkIf cfg.localResolver.s0 "s0") (mkIf cfg.localResolver.s0 "s0")
]; ];
@ -97,10 +97,9 @@ in
} }
) )
{ {
name = "dyn.dadada.li."; name = "dadada.li.";
forward-addr = [ forward-addr = [
"fd42:9c3b:f96d:101::1" "fd42:9c3b:f96d:201::1"
"192.168.101.1"
]; ];
} }
]; ];
@ -115,7 +114,7 @@ in
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
dadada = { dadada = {
ips = [ "fd42:9c3b:f96d:200::${cfg.vpnExtension}/64" ]; ips = [ "fd42:9c3b:f96d:201::${cfg.vpnExtension}/64" ];
listenPort = 51234; listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey"; privateKeyFile = "/var/lib/wireguard/privkey";

13
nixos/modules/vpnServer.nix
View file

@ -37,23 +37,26 @@ in
interfaces."wg0" = { interfaces."wg0" = {
allowedIPsAsRoutes = true; allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key"; privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0200::0/64" ]; ips = [ "fd42:9c3b:f96d:0201::0/64" ];
listenPort = 51234; listenPort = 51234;
peers = map peers = map
(peer: ( (peer: (
{ {
allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ]; allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
publicKey = peer.key; publicKey = peer.key;
})) }))
(attrValues cfg.peers); (attrValues cfg.peers);
postSetup = '' postSetup = ''
set -x
wg set wg0 fwmark 51234 wg set wg0 fwmark 51234
ip -6 rule add table 2468 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
ip -6 route add table 2468 default dev ens3 ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0
ip -6 rule add fwmark 51234 table 2468 ip -6 rule add fwmark 51234 table 2468
''; '';
}; };
}; };
boot.kernel.sysctl = {
# Enable forwarding for VPN
"net.ipv6.conf.all.forwarding" = true;
};
}; };
} }