initial commit

2021-03-13 15:32:44 +01:00 · 2021-03-13 15:32:44 +01:00 · 0e480bb6b6
commit 0e480bb6b6
36 changed files with 13615 additions and 0 deletions
--- a/hosts/arion/configuration.nix
+++ b/hosts/arion/configuration.nix
@ -0,0 +1,37 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ 
+      ./hardware-configuration.nix
+      ../../common/common.nix
+      #./wireguard.nix
+    ];
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
+
+  networking.hostName = "arion"; 
+
+  networking.useDHCP = false;
+  networking.interfaces.ens4.useDHCP = true;
+  networking.interfaces.ens3.ipv4.addresses = [ {
+    address = "91.228.52.159";
+    prefixLength = 24;
+  } ];
+  networking.defaultGateway = "91.228.52.1";
+  networking.interfaces.ens3.ipv6.addresses = [{
+    address = "2001:67c:12a0:264::2";
+    prefixLength = 64;
+  }];
+  networking.defaultGateway6 = {
+    address = "2001:67c:12a0:264::1";
+    interface = "ens3";
+  };
+}
--- a/hosts/arion/hardware-configuration.nix
+++ b/hosts/arion/hardware-configuration.nix
@ -0,0 +1,22 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/9afe949f-2c87-4b20-bbd2-893e0028ae2c";
+      fsType = "ext4";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/11072752-a36e-4a02-aa9f-8ca206d5a954"; }
+    ];
+
+}
--- a/hosts/arion/wireguard.nix
+++ b/hosts/arion/wireguard.nix
@ -0,0 +1,49 @@
+{ config, pkgs, ...}:
+
+{
+    environment.systemPackages = with pkgs; [
+        wireguard
+        wireguard-tools
+    ];
+
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+    
+    networking = {
+        firewall.allowedUDPPorts = [ 51820 52820];
+        firewall.trustedInterfaces = [ "wg0" "server"];
+
+        wireguard.enable = true;
+        wireguard.interfaces = {
+            wg0 = {
+                ips = [ "fd33:ab07:f877:23::1/64"];
+                listenPort = 52820;
+                privateKeyFile = "/run/keys/wg-arion_priv";
+                allowedIPsAsRoutes = false;
+                postSetup = ''
+                    ip route add 2001:67c:12a0:8003::0/64 via fd33:ab07:f877:23:300::1 dev wg0
+                '';
+                peers = [{
+                    publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
+                    allowedIPs = [ "2001:67c:12a0:8003::0/64" "fd33:ab07:f877:23:300::1/72" ];
+                    endpoint = "usg.net.entr0py.de:52820";
+                    persistentKeepalive = 25;
+                }];
+            };
+            server = {
+                ips = [ "fd33:ab07:f877:2342::1/64"];
+                listenPort = 51820;
+                privateKeyFile = "/run/keys/wg-arion_priv";
+                allowedIPsAsRoutes = true;
+                postSetup = ''
+                    ip route add 2001:67c:12a0:264:200::0/72 via fd33:ab07:f877:2342:200::1 dev server
+                '';
+                peers = [{
+                    publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo=";
+                    allowedIPs = [ "2001:67c:12a0:264:200::0/72"  "fd33:ab07:f877:2342:200::1/72" ];
+                    endpoint = "scotty-router:52820";
+                    persistentKeepalive = 25;
+                }]; 
+            };
+        };
+    };
+}