garionion/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

initial commit

Browse source
This commit is contained in:
garionion 2021-03-13 15:32:44 +01:00
commit 0e480bb6b6
36 changed files with 13615 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

48
hosts/pion/configuration.nix Normal file
View file

@ -0,0 +1,48 @@
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
../../common/common.nix
../../common/nginx.nix
../../common/netdata.nix
../../common/kvm.nix
./wireguard.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "pion";
networking.useDHCP = false;
networking.interfaces.ens3.ipv4.addresses = [ {
address = "45.9.62.100";
prefixLength = 22;
} ];
networking.defaultGateway = "45.9.60.1";
networking.interfaces.ens3.ipv6.addresses = [{
address = "2a03:4000:45:5f3::1";
prefixLength = 64;
}{
address = "2a03:4000:45:5f3:a817:42ff:fe13:3d86";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
services.ndppd = {
enable = true;
proxies = {
ens3.rules."2a03:4000:45:5f3:200::0/72".method = "static";
ens3.rules."2a03:4000:45:5f3:500::3/128".method = "static";
};
};
}

25
hosts/pion/hardware-configuration.nix Normal file
View file

@ -0,0 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/fc6e5fc5-1c29-40fb-a769-58ff65cae9fa";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/473f0ace-f538-4011-9319-99791d032862"; }
];
}

60
hosts/pion/wireguard.nix Normal file
View file

@ -0,0 +1,60 @@
{ config, pkgs, ...}:
{
environment.systemPackages = with pkgs; [
wireguard
wireguard-tools
];
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
firewall.allowedUDPPorts = [ 51820 52820 53820];
firewall.trustedInterfaces = [ "wg0" "server"];
wireguard.enable = true;
wireguard.interfaces = {
wg0 = {
ips = [ "fd33:ab07:f877:23::1/64"];
listenPort = 52820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = false;
postSetup = ''
ip route add 2a03:4000:20:18e::/64 via fd33:ab07:f877:23:300::1 dev wg0
'';
peers = [{
publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
allowedIPs = [ "2a03:4000:20:18e::/64" "fd33:ab07:f877:23:300::1/72" ];
endpoint = "usg.net.entr0py.de:52820";
persistentKeepalive = 25;
}];
};
/*server = {
ips = [ "fd33:ab07:f877:2342::1/64"];
listenPort = 51820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = true;
postSetup = ''
ip route add 2a03:4000:45:5f3:200::0/72 via fd33:ab07:f877:2342:200::1 dev server
'';
peers = [{
publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo=";
allowedIPs = [ "2a03:4000:45:5f3:200::0/72" "fd33:ab07:f877:2342:200::1/72" ];
endpoint = "scotty-router:52820";
persistentKeepalive = 25;
}];
};*/
vpn = {
ips = [ "fd33:ab07:f877:2342::3/64"];
listenPort = 53820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = true;
peers = [{
publicKey = "7mmKxFeI/TYDqy4pLDkZyq32viNfon1zODFdOdbnhyM=";
allowedIPs = [ "2a03:4000:45:5f3:500::3/128" ];
persistentKeepalive = 25;
}];
};
};
};
}