initial commit

2021-03-13 15:32:44 +01:00 · 2021-03-13 15:32:44 +01:00 · 0e480bb6b6
commit 0e480bb6b6
36 changed files with 13615 additions and 0 deletions
--- a/hosts/dyon/configuration.nix
+++ b/hosts/dyon/configuration.nix
@ -0,0 +1,41 @@
+{ ... }: {
+  imports = [
+    ./hardware-configuration.nix
+    ../../common/common.nix
+    ../../common/nginx.nix
+    ../../common/netdata.nix
+    ./wireguard.nix
+  ];
+
+  
+  networking.hostName = "dyon";  
+  
+  networking.interfaces.ens3.ipv4.addresses = [ {
+    address = "168.119.153.98";
+    prefixLength = 32;
+  }];
+  networking.interfaces.ens3.ipv6.addresses = [{
+    address = "2a01:4f8:c010:61dc::1";
+    prefixLength = 64;
+  }];
+  networking.defaultGateway6 = {
+    address = "fe80::1";
+    interface = "ens3";
+  };
+  networking.defaultGateway = { address = "172.31.1.1"; interface = "ens3"; };
+
+  clerie.monitoring = {
+    enable = true;
+    id = "201";
+    privKeyFile = "/run/keys/wg-dyon_priv";
+    pubkey = "4faakn5yfzukxRwo79iTawag4jzAFkErXHLeEvtoLCc=";
+  };
+
+  clerie.nginx-port-forward = {
+    enable = true;
+    tcpPorts."2222" = {
+      host = "geon.net.entr0py.de";
+      port = 2222;
+    };
+  };
+}
--- a/hosts/dyon/hardware-configuration.nix
+++ b/hosts/dyon/hardware-configuration.nix
@ -0,0 +1,6 @@
+{ modulesPath, ... }:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
+  boot.loader.grub.device = "/dev/sda";
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+}
--- a/hosts/dyon/wireguard.nix
+++ b/hosts/dyon/wireguard.nix
@ -0,0 +1,35 @@
+{ config, pkgs, ...}:
+
+{
+    environment.systemPackages = with pkgs; [
+        wireguard
+        wireguard-tools
+    ];
+
+    boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
+    
+    networking = {
+        firewall.allowedUDPPorts = [ 51820 ];
+        firewall.trustedInterfaces = [ "server"];
+
+        wireguard.enable = true;
+        wireguard.interfaces = {
+            server = {
+                ips = [ "fd33:ab07:ff00:2342::1/64"];
+                listenPort = 51820;
+                privateKeyFile = "/run/keys/wg-dyon_priv";
+                allowedIPsAsRoutes = false;
+                postSetup = ''
+                    ip route add 2a01:4f8:c010:61dc:200::0/72 via fd33:ab07:ff00:2342:200::1 dev server
+                '';
+                peers = [{
+                    publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo=";
+                    allowedIPs = [ "2a01:4f8:c010:61dc:200::0/72"  "fd33:ab07:ff00:2342:200::1/72" ];
+                    endpoint = "scotty-router:52820";
+                    persistentKeepalive = 25;
+                }]; 
+            };
+            
+        };
+    };
+}