caspervk/nixos
1
0
Fork 0
Code Activity Actions

Compare commits

base: caspervk:cc053b216aaaa406fdb7721b41a9754c97c21de0
Branches Tags
caspervk:master
caspervk:dev
...
compare: caspervk:497384d486f794a1dfdef6d62b99e8bc179ae2ed
Branches Tags
caspervk:master
caspervk:dev

3 commits
cc053b216a ... 497384d486

Author SHA1 Message Date
Casper V. Kristensen
497384d486 move sigma-{public,p2p} to sigma 2024-03-29 20:38:51 +01:00
Casper V. Kristensen
ed5a14a517 hide sigma-p2p address 2024-03-29 20:36:24 +01:00
Casper V. Kristensen
e33a9538fb sigma: nvidia 💩 2024-03-29 20:34:57 +01:00
6 changed files with 21 additions and 22 deletions
Show stats Expand all files Collapse all files

8
flake.lock
View file

@ -165,11 +165,11 @@
}, },
"secrets": { "secrets": {
"locked": { "locked": {
"lastModified": 1711641020, "lastModified": 1711740735,
"narHash": "sha256-und6yndmaPsS/wEkqrEvN02VbK+HCFz0zglRNaZeCJI=", "narHash": "sha256-/NmklXfLak65luQoMsUl539faoabD+lo7P9fNDaXkic=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "057f8a2b8cd29a70764004d035a6a9e33c73f4ff", "rev": "42e5e76765daf6dd36fa195a5a424d8d69c15dfa",
"revCount": 5, "revCount": 6,
"type": "git", "type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git" "url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
}, },

8
hosts/alpha/network.nix
View file

@ -45,9 +45,9 @@
name = "wg-sigma-public"; name = "wg-sigma-public";
}; };
# The following routes traffic destined for 116.203.6.156 (floating IP) to # The following routes traffic destined for the sigma-p2p address (floating
# sigma through wireguard. This allows the server to have a public address # IP) to sigma through wireguard. This allows the server to have a public
# and help others sail the high seas even though it is behind NAT. # address and help others sail the high seas even though it is behind NAT.
netdevs."51-wg-sigma-p2p" = { netdevs."51-wg-sigma-p2p" = {
netdevConfig = { netdevConfig = {
Name = "wg-sigma-p2p"; Name = "wg-sigma-p2p";
@ -62,7 +62,7 @@
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0="; PublicKey = "sigmaH/DKSU8KWyrPtucYmS2ewUvDvCNLxd/qYEo0n0=";
PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path; PresharedKeyFile = config.age.secrets.wireguard-preshared-key-file.path;
AllowedIPs = ["116.203.6.156/32"]; AllowedIPs = ["${secrets.alpha.sigma-p2p-ip-address}/32"];
RouteTable = "main"; RouteTable = "main";
}; };
} }

1
hosts/omega/default.nix
View file

@ -7,7 +7,6 @@
../../modules/syncthing.nix ../../modules/syncthing.nix
./hardware.nix ./hardware.nix
./borg.nix ./borg.nix
./network.nix
./sway.nix ./sway.nix
]; ];

2
hosts/sigma/default.nix
View file

@ -5,7 +5,7 @@
../../modules/server ../../modules/server
./hardware.nix ./hardware.nix
#./borg.nix #./borg.nix
#./network.nix ./network.nix
]; ];
networking.hostName = "sigma"; networking.hostName = "sigma";

2
hosts/sigma/hardware.nix
View file

@ -10,7 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-cpu-amd-pstate nixos-hardware.nixosModules.common-cpu-amd-pstate
#nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-nvidia
nixos-hardware.nixosModules.common-pc nixos-hardware.nixosModules.common-pc
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
]; ];

22
hosts/omega/network.nix → hosts/sigma/network.nix
View file

@ -6,8 +6,8 @@
systemd.network = { systemd.network = {
config = { config = {
routeTables = { routeTables = {
"wg-sigma-public" = 822944075; "wg-sigma-public" = 42;
"wg-sigma-p2p" = 2553; "wg-sigma-p2p" = 6881;
}; };
}; };
@ -20,7 +20,7 @@
Kind = "wireguard"; Kind = "wireguard";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.age.secrets.wireguard-private-key-file-omega.path; PrivateKeyFile = config.age.secrets.wireguard-private-key-file-sigma.path;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
@ -59,16 +59,16 @@
}; };
# The following establishes a wireguard tunnel to alpha and configures # The following establishes a wireguard tunnel to alpha and configures
# receiving traffic destined for 116.203.6.156. This allows the server to # receiving traffic destined for the sigma-p2p address. This allows the
# have a public address and help others sail the high seas even though it # server to have a public address and help others sail the high seas even
# is behind NAT. # though it is behind NAT.
netdevs."51-wg-sigma-p2p" = { netdevs."51-wg-sigma-p2p" = {
netdevConfig = { netdevConfig = {
Name = "wg-sigma-p2p"; Name = "wg-sigma-p2p";
Kind = "wireguard"; Kind = "wireguard";
}; };
wireguardConfig = { wireguardConfig = {
PrivateKeyFile = config.age.secrets.wireguard-private-key-file-omega.path; PrivateKeyFile = config.age.secrets.wireguard-private-key-file-sigma.path;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
@ -85,11 +85,11 @@
}; };
networks."wg-sigma-p2p" = { networks."wg-sigma-p2p" = {
name = "wg-sigma-p2p"; name = "wg-sigma-p2p";
address = ["116.203.6.156/32"]; address = ["${secrets.sigma-p2p-ip-address}/32"];
routingPolicyRules = [ routingPolicyRules = [
{ {
routingPolicyRuleConfig = { routingPolicyRuleConfig = {
From = "116.203.6.156/32"; From = "${secrets.sigma-p2p-ip-address}/32";
Table = "wg-sigma-p2p"; Table = "wg-sigma-p2p";
}; };
} }
@ -104,8 +104,8 @@
group = "systemd-network"; group = "systemd-network";
}; };
age.secrets.wireguard-private-key-file-omega = { age.secrets.wireguard-private-key-file-sigma = {
file = "${secrets}/secrets/wireguard-private-key-file-omega.age"; file = "${secrets}/secrets/wireguard-private-key-file-sigma.age";
mode = "640"; mode = "640";
owner = "root"; owner = "root";
group = "systemd-network"; group = "systemd-network";