From 5873dcac0f139c9a32e716439999aed490194a27 Mon Sep 17 00:00:00 2001 From: Florian Schmitt Date: Fri, 27 Dec 2024 11:16:49 +0300 Subject: [PATCH] fix(config): no ip range in config + format --- config/arachnide/configuration.nix | 81 +++++++++++++++++----------- config/dromadaire/configuration.nix | 42 ++++++++++----- config/framboise/configuration.nix | 42 ++++++++++----- config/grille-pain/configuration.nix | 42 ++++++++++----- config/plancha/configuration.nix | 42 ++++++++++----- config/sanji/configuration.nix | 4 +- modules/wireguard-client.nix | 20 +++++-- 7 files changed, 179 insertions(+), 94 deletions(-) diff --git a/config/arachnide/configuration.nix b/config/arachnide/configuration.nix index a0c1fad..0a4a103 100644 --- a/config/arachnide/configuration.nix +++ b/config/arachnide/configuration.nix @@ -1,23 +1,27 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = - [ - ./hardware-configuration.nix - ./network-configuration.nix - ./proxy-configuration.nix - /var/src/modules/nixin-base.nix - /var/src/modules/users.nix - /var/src/modules/wireguard-client.nix - /var/src/modules/reverse-proxy-traefik.nix - /var/src/modules/nginx.nix - /var/src/modules/nixin-web.nix - /var/src/modules/forgejo.nix - /var/src/modules/forgejo-runner.nix - /var/src/modules/nextcloud.nix - /var/src/modules/etherpad.nix - /var/src/modules/excalidraw.nix - ]; + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + ./proxy-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + /var/src/modules/reverse-proxy-traefik.nix + /var/src/modules/nginx.nix + /var/src/modules/nixin-web.nix + /var/src/modules/forgejo.nix + /var/src/modules/forgejo-runner.nix + /var/src/modules/nextcloud.nix + /var/src/modules/etherpad.nix + /var/src/modules/excalidraw.nix + ]; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -30,9 +34,12 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.2/32"; - ipv6 = "2a01:4f9:1a:9a05::2/128"; - allowedIPs = [ "0.0.0.0/0" "::/0" ]; + ipv4 = "192.168.12.2"; + ipv6 = "2a01:4f9:1a:9a05::2"; + allowedIPs = [ + "0.0.0.0/0" + "::/0" + ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; @@ -53,19 +60,21 @@ smtp-user = "mr.robot@lab12.org"; smtp-from = "no-reply@lab12.org"; smtp-pwd-file = toString ; - #smtp-pwd = let + #smtp-pwd = let # pwd = builtins.readFile ; #in lib.strings.trim pwd; admin-email = "sysadmin@lab12.fr"; admin-user = "operator"; - admin-pwd = let - pwd = builtins.readFile ; - in lib.strings.trim pwd; + admin-pwd = + let + pwd = builtins.readFile ; + in + lib.strings.trim pwd; }; nixin.forgejo-runner = { token-file = "/etc/forgejo/runner.token"; - #token = let + #token = let # pwd = builtins.readFile ; #in lib.strings.trim pwd; url = "https://forge.lab12.fr"; @@ -74,9 +83,11 @@ nixin.nextcloud = { domain = "nuage.lab12.fr"; admin-user = "operator"; - admin-pwd = let - pwd = builtins.readFile ; - in lib.strings.trim pwd; + admin-pwd = + let + pwd = builtins.readFile ; + in + lib.strings.trim pwd; host-address = "10.10.2.1"; container-address = "10.10.2.2"; address-prefix = "/24"; @@ -90,13 +101,19 @@ domain = "draw.lab12.fr"; }; - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 144 + 443 + ]; networking.firewall.allowedUDPPorts = [ 53 ]; # allow UDP port range for mosh networking.firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } + { + from = 60000; + to = 61000; + } ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/config/dromadaire/configuration.nix b/config/dromadaire/configuration.nix index 9c9c625..22072ae 100644 --- a/config/dromadaire/configuration.nix +++ b/config/dromadaire/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = - [ - ./hardware-configuration.nix - ./network-configuration.nix - /var/src/modules/nixin-base.nix - /var/src/modules/users.nix - /var/src/modules/wireguard-client.nix - ]; + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + ]; # Bootloader. boot.loader.systemd-boot.enable = true; @@ -21,19 +25,29 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.11/32"; - ipv6 = "2a01:4f9:1a:9a05::11/128"; - allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; + ipv4 = "192.168.12.11"; + ipv6 = "2a01:4f9:1a:9a05::11"; + allowedIPs = [ + "192.168.12.0/24" + "2a01:4f9:1a:9a05::/64" + ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 144 + 443 + ]; #networking.firewall.allowedUDPPorts = [ 53 ]; # allow UDP port range for mosh networking.firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } + { + from = 60000; + to = 61000; + } ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/config/framboise/configuration.nix b/config/framboise/configuration.nix index 544ed4a..d3ced04 100644 --- a/config/framboise/configuration.nix +++ b/config/framboise/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = - [ - ./hardware-configuration.nix - ./network-configuration.nix - /var/src/modules/nixin-base.nix - /var/src/modules/users.nix - /var/src/modules/wireguard-client.nix - ]; + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + ]; # Bootloader. # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) @@ -23,19 +27,29 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.10/32"; - ipv6 = "2a01:4f9:1a:9a05::10/128"; - allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; + ipv4 = "192.168.12.10"; + ipv6 = "2a01:4f9:1a:9a05::10"; + allowedIPs = [ + "192.168.12.0/24" + "2a01:4f9:1a:9a05::/64" + ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 144 + 443 + ]; #networking.firewall.allowedUDPPorts = [ 53 ]; # allow UDP port range for mosh networking.firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } + { + from = 60000; + to = 61000; + } ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/config/grille-pain/configuration.nix b/config/grille-pain/configuration.nix index 751cab1..9bdd132 100644 --- a/config/grille-pain/configuration.nix +++ b/config/grille-pain/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = - [ - ./hardware-configuration.nix - ./network-configuration.nix - /var/src/modules/nixin-base.nix - /var/src/modules/users.nix - /var/src/modules/wireguard-client.nix - ]; + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + ]; # Bootloader. # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) @@ -23,19 +27,29 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.7/32"; - ipv6 = "2a01:4f9:1a:9a05::7/128"; - allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; + ipv4 = "192.168.12.7"; + ipv6 = "2a01:4f9:1a:9a05::7"; + allowedIPs = [ + "192.168.12.0/24" + "2a01:4f9:1a:9a05::/64" + ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 144 + 443 + ]; #networking.firewall.allowedUDPPorts = [ 53 ]; # allow UDP port range for mosh networking.firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } + { + from = 60000; + to = 61000; + } ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/config/plancha/configuration.nix b/config/plancha/configuration.nix index bd5591f..9b0bc36 100644 --- a/config/plancha/configuration.nix +++ b/config/plancha/configuration.nix @@ -1,14 +1,18 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: { - imports = - [ - ./hardware-configuration.nix - ./network-configuration.nix - /var/src/modules/nixin-base.nix - /var/src/modules/users.nix - /var/src/modules/wireguard-client.nix - ]; + imports = [ + ./hardware-configuration.nix + ./network-configuration.nix + /var/src/modules/nixin-base.nix + /var/src/modules/users.nix + /var/src/modules/wireguard-client.nix + ]; # Bootloader. # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) @@ -23,19 +27,29 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.12/32"; - ipv6 = "2a01:4f9:1a:9a05::12/128"; - allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" ]; + ipv4 = "192.168.12.12"; + ipv6 = "2a01:4f9:1a:9a05::12"; + allowedIPs = [ + "192.168.12.0/24" + "2a01:4f9:1a:9a05::/64" + ]; endpoint = "vpn.lab12.fr:51812"; endpointKey = "cUmp55I20JEhxr+RMmOsX+6U9kcDiAq3grnvzjQ642w="; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 144 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 144 + 443 + ]; #networking.firewall.allowedUDPPorts = [ 53 ]; # allow UDP port range for mosh networking.firewall.allowedUDPPortRanges = [ - { from = 60000; to = 61000; } + { + from = 60000; + to = 61000; + } ]; # Or disable the firewall altogether. # networking.firewall.enable = false; diff --git a/config/sanji/configuration.nix b/config/sanji/configuration.nix index 0b53f82..d26c537 100644 --- a/config/sanji/configuration.nix +++ b/config/sanji/configuration.nix @@ -19,8 +19,8 @@ }; nixin.wg.client = { - ipv4 = "192.168.12.5/32"; - ipv6 = "2a01:4f9:1a:9a05::5/128"; + ipv4 = "192.168.12.5"; + ipv6 = "2a01:4f9:1a:9a05::5"; allowedIPs = [ "192.168.12.0/24" "2a01:4f9:1a:9a05::/64" diff --git a/modules/wireguard-client.nix b/modules/wireguard-client.nix index 0f43b8e..9401bec 100644 --- a/modules/wireguard-client.nix +++ b/modules/wireguard-client.nix @@ -1,8 +1,12 @@ # Wireguard VPN client configuration -{ config, pkgs, lib, ... }: +{ + config, + lib, + ... +}: let - inherit (lib) mkOption mkDefault; + inherit (lib) mkOption; in { @@ -20,8 +24,16 @@ in networking = { wg-quick.interfaces = { wg0 = { - address = [ config.nixin.wg.client.ipv4 config.nixin.wg.client.ipv6 ]; - dns = [ "80.67.169.12" "80.67.169.40" "2001:910:800::12" "2001:910:800::40" ]; + address = [ + "${config.nixin.wg.client.ipv4}/32" + "${config.nixin.wg.client.ipv6}/128" + ]; + dns = [ + "80.67.169.12" + "80.67.169.40" + "2001:910:800::12" + "2001:910:800::40" + ]; privateKeyFile = "/var/src/secrets/wg-private.key"; peers = [