interfaces and package config externalized, also tmux added and version variable
This commit is contained in:
17
__vars.nix
17
__vars.nix
@@ -3,11 +3,18 @@ with lib;
|
||||
{
|
||||
#
|
||||
# SYSTEM
|
||||
vars.username = "";
|
||||
vars.usermail = "";
|
||||
vars.local_ip = "";
|
||||
vars.hostname = "";
|
||||
vars.hostid = "";
|
||||
vars.username = "";
|
||||
vars.usermail = "";
|
||||
vars.local_ip = "";
|
||||
vars.hostname = "";
|
||||
vars.hostid = "";
|
||||
vars.host_type = "";
|
||||
vars.interfaces = [""];
|
||||
# DO NOT TOUCH!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
|
||||
vars.stateVersion = "23.11"; # Default to the oldest supported version in my fleet
|
||||
# DO NOT TOUCH!!!!!!!!!!!!!!!!!!!!!!!!!!
|
||||
|
||||
|
||||
# WIREGUARD
|
||||
vars.wg_adress = "";
|
||||
|
||||
@@ -17,6 +17,7 @@
|
||||
./users.nix
|
||||
./program-homemanager.nix
|
||||
./ssh.nix
|
||||
./program-tmux.nix
|
||||
|
||||
# Hardware
|
||||
./nfs-mount.nix
|
||||
@@ -46,18 +47,19 @@
|
||||
networking.hostName = config.vars.hostname; # Define your hostname.
|
||||
networking.hostId = config.vars.hostid; # Define your hostID - Needs to be unique!.
|
||||
networking = {
|
||||
interfaces.enp1s0 = {
|
||||
interfaces.${lib.head config.vars.interfaces} = {
|
||||
ipv4.addresses = [{
|
||||
address = config.vars.local_ip;
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
defaultGateway = {
|
||||
address = "192.168.178.1";
|
||||
interface = "enp1s0";
|
||||
};
|
||||
nameservers = [ "192.168.178.10" "9.9.9.9" ];
|
||||
};
|
||||
networking.defaultGateway = {
|
||||
address = "192.168.178.1";
|
||||
interface = lib.head config.vars.interfaces;
|
||||
};
|
||||
networking.nameservers = [ "192.168.178.10" "9.9.9.9" ];
|
||||
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
@@ -88,12 +90,10 @@
|
||||
# List packages installed in system profile. To search, run:
|
||||
# $ nix search wget
|
||||
environment.systemPackages = with pkgs; [
|
||||
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
wget
|
||||
htop
|
||||
ncdu
|
||||
git
|
||||
tmux
|
||||
zsh
|
||||
zoxide
|
||||
fzf
|
||||
@@ -103,11 +103,6 @@
|
||||
seaweedfs
|
||||
];
|
||||
|
||||
programs.tmux = {
|
||||
enable = true;
|
||||
clock24 = true;
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
{ config, pkgs, ... }: {
|
||||
{ config, lib, pkgs, ... }: {
|
||||
services.keepalived = {
|
||||
enable = true;
|
||||
vrrpInstances = {
|
||||
V4 = {
|
||||
priority = config.vars.ka_priority;
|
||||
interface = "enp1s0";
|
||||
interface = lib.head config.vars.interfaces;
|
||||
virtualRouterId = 69;
|
||||
virtualIps = [
|
||||
{
|
||||
@@ -14,7 +14,7 @@
|
||||
};
|
||||
V6 = {
|
||||
priority = config.vars.ka_priority;
|
||||
interface = "enp1s0";
|
||||
interface = lib.head config.vars.interfaces;
|
||||
virtualRouterId = 96;
|
||||
virtualIps = [
|
||||
{
|
||||
@@ -25,7 +25,3 @@
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
10
program-tmux.nix
Normal file
10
program-tmux.nix
Normal file
@@ -0,0 +1,10 @@
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
programs.tmux = {
|
||||
enable = true;
|
||||
clock24 = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.tmux ];
|
||||
}
|
||||
10
var_reg.nix
10
var_reg.nix
@@ -36,7 +36,15 @@ with lib;
|
||||
hostid = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
host_type = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
stateVersion = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
interfaces = mkOption {
|
||||
type = listOf types.str;
|
||||
};
|
||||
|
||||
# KEEPALIVED
|
||||
ka_addr_v4 = mkOption {
|
||||
|
||||
@@ -1,8 +1,8 @@
|
||||
{ config, pkgs, ... }: {
|
||||
{ config, lib, pkgs, ... }: {
|
||||
|
||||
networking.nat.enable = true;
|
||||
networking.nat.externalInterface = "enp1s0";
|
||||
networking.nat.internalInterfaces = [ "wg0" ];
|
||||
networking.nat.externalInterface = lib.head config.vars.interfaces;
|
||||
networking.nat.internalInterfaces = [ "wg0" ] ++ config.vars.interfaces;
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
@@ -11,11 +11,11 @@
|
||||
autostart = true;
|
||||
postUp = ''
|
||||
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o ${lib.head config.vars.interfaces} -j MASQUERADE
|
||||
'';
|
||||
postDown = ''
|
||||
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o enp1s0
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o ${lib.head config.vars.interfaces}
|
||||
'';
|
||||
privateKey = config.vars.wg_privateKey;
|
||||
peers = [{
|
||||
@@ -27,5 +27,6 @@
|
||||
}];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
environment.systemPackages = [ pkgs.wireguard-tools ];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user