pim/nixos-configs
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

create wireguard tunnel to home

Browse source
This commit is contained in:
Pim Kunis 2023-10-14 19:08:02 +02:00
parent b4dd52e7e2
commit 24f564ecf4
7 changed files with 95 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
configuration.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }@args:
{ pkgs, config, ... }:
let
stateVersion = "23.05";
@ -29,8 +29,6 @@ in
excludePackages = with pkgs; [ xterm ];
};
# home-manager.users.pim = import ./home/home.nix;
users.users.pim = {
isNormalUser = true;
extraGroups = [ "wheel" ];
@ -74,4 +72,29 @@ in
experimental-features = nix-command flakes
'';
};
age.secrets.wg-quick-home-privkey.file = ./secrets/wg-quick-home-privkey.age;
age.secrets.wg-quick-home-preshared-key.file = ./secrets/wg-quick-home-preshared-key.age;
age.identityPaths = [ "/home/pim/.ssh/id_ed25519" ];
networking.wg-quick = {
interfaces.home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [
"10.225.191.4/24"
"fd11:5ee:bad:c0de::4/64"
];
dns = [ "192.168.30.8" ];
peers = [{
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
endpoint = "84.245.14.149:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [
"0.0.0.0/0"
"::0/0"
];
}];
};
};
}

47
flake.lock
View file

@ -1,5 +1,51 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -69,6 +115,7 @@
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager",
"homeage": "homeage",
"nixpkgs": "nixpkgs",

8
flake.nix
View file

@ -12,14 +12,20 @@
url = "github:jordanisaacs/homeage";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { nixpkgs, home-manager, homeage, ... }: {
outputs = { nixpkgs, home-manager, homeage, agenix, ... }: {
nixosConfigurations = {
pim = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
agenix.nixosModules.default
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;

1
secrets/README.md Normal file
View file

@ -0,0 +1 @@
nix run github:ryantm/agenix# -- -e secret1.age

7
secrets/secrets.nix Normal file
View file

@ -0,0 +1,7 @@
let
pim = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTxn6fDUyEOWhuapt5GptYPZay+3tNH+UeY7aq8KSbh pim@x260";
in
{
"wg-quick-home-privkey.age".publicKeys = [ pim ];
"wg-quick-home-preshared-key.age".publicKeys = [ pim ];
}

7
secrets/wg-quick-home-preshared-key.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 vBZj5g 7qZySIRklLEiFuGWmZCzA7o2gFmrj3MaxlpHFv6QQEE
8JYbQk0j+VQWejVSdO+zSVzJbv1hyfDr13/2D4OEvKU
-> >9W|B`-grease We!hy%z EIO'3;.3 s} W`
KNmYbqbYWksSynw
--- +wtolstlFP+wW8GMh9WvZMwXk+V1VYfaQQq4Wa/j1N4
þI„{©‹éè¢Cµ¸§×<C2A7>´# ¦M2g‚Ã8ßµÆ;nRMEö%rÿõ <0C>²1(oå @R[ÊÚe½©/CÚ"™ÇÊÄUû=8^-Ü‹±

BIN
secrets/wg-quick-home-privkey.age Normal file
View file

Binary file not shown.