modules/nixos/wireguard-dns: Init

config/hosts/ostara/nixos.nix

@@ -9,6 +9,7 @@ with lib;
     profiles.hardware.eeepc-1015pem
     profiles.network
     services.kattv
+    services.dnscrypt-proxy
   ];
 
   # Terraform

config/modules/nixos/wireguard-dns.nix

@@ -0,0 +1,15 @@
+{ config, lib, ... }: with lib; let
+  cfg = config.network;
+  wgcfg = config.network.wireguard;
+  magic = toString wgcfg.magicNumber;
+in {
+  network.addresses.wireguard = {
+    enable = config.network.wireguard.enable;
+    nixos = {
+      ipv4.address = "${wgcfg.prefixV4}.${magic}";
+      ipv6.address = "${wgcfg.prefixV6}:${magic}";
+    };
+    prefix = "wg";
+    subdomain = "${config.networking.hostName}.${cfg.addresses.wireguard.prefix}";
+  };
+}

config/modules/nixos/wireguard.nix

@@ -14,7 +14,7 @@ in
     magicNumber = mkOption { type = types.ints.u8; };
     prefixV4 = mkOption {
       type = types.str;
-      default = "172.23.1";
+      default = "10.42.69";
     };
     prefixV6 = mkOption {
       type = types.str;

config/profiles/hardware/raspi.nix

@@ -31,14 +31,14 @@
   };
 
   services.udev.extraRules = ''
-    SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660"
-    SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
-    SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
+        SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660"
+        SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
+        SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
 
-T
+    T
   '';
 
-  users.groups.gpio = {};
+  users.groups.gpio = { };
 
   environment.noXlibs = true;
   documentation.info.enable = false;

config/services/dht22-exporter/default.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }: with lib; let
   cfg = config.services.dht22-exporter;
-in {
+in
+{
   options.services.dht22-exporter.socat = {
     enable = mkEnableOption "socat service";
     package = mkOption {
@@ -14,23 +15,27 @@ in {
   };
   config = {
     systemd.services = mkIf cfg.socat.enable {
-      dht22-exporter-socat = let
-        scfg = cfg.socat;
-        service = singleton "dht22-exporter.service";
-      in {
-        after = service;
-        bindsTo = service;
-        serviceConfig = {
-          DynamicUser = true;
+      dht22-exporter-socat =
+        let
+          scfg = cfg.socat;
+          service = singleton "dht22-exporter.service";
+        in
+        {
+          after = service;
+          bindsTo = service;
+          serviceConfig = {
+            DynamicUser = true;
+          };
+          script =
+            let
+              port = toString (if cfg.port == null then 8001 else cfg.port);
+              addresser = addr: "${scfg.package}/bin/socat TCP6-LISTEN:${port},bind=${addr},fork TCP4:localhost:${port}";
+              lines = map addresser scfg.addresses;
+            in
+            ''
+              ${concatStringsSep "\n" lines}
+            '';
         };
-        script = let
-          port = toString (if cfg.port == null then 8001 else cfg.port);
-          addresser = addr: "${scfg.package}/bin/socat TCP6-LISTEN:${port},bind=${addr},fork TCP4:localhost:${port}";
-          lines = map addresser scfg.addresses;
-        in ''
-          ${concatStringsSep "\n" lines}
-        '';
-      };
     };
 
     users.users.dht22-exporter = {

config/services/glauth/default.nix

@@ -50,11 +50,12 @@
     };
   };
 
-  kw.secrets.variables = mapListToAttrs (field:
-    nameValuePair "glauth-${field}" {
-      path = "services/glauth";
-      inherit field;
-    }) ["password-hash" "kc-password-hash" "postgres"];
+  kw.secrets.variables = mapListToAttrs
+    (field:
+      nameValuePair "glauth-${field}" {
+        path = "services/glauth";
+        inherit field;
+      }) [ "password-hash" "kc-password-hash" "postgres" ];
 
   secrets.files = {
     glauth-postgres-file = {

config/users/kat/base/shell.nix

@@ -119,9 +119,9 @@ in
       })) [
       "zsh-z"
     ]) ++ lib.optional (pkgs.hostPlatform == pkgs.buildPlatform) ({
-        name = "fzf-tab";
-        src = "${pkgs.zsh-fzf-tab}/share/fzf-tab";
-      });
+      name = "fzf-tab";
+      src = "${pkgs.zsh-fzf-tab}/share/fzf-tab";
+    });
   };
   programs.fzf = {
     enable = true;

nix/sources.json

@@ -89,10 +89,10 @@
         "homepage": null,
         "owner": "kittywitch",
         "repo": "nixexprs",
-        "rev": "820a9e13415b51f579a7c804c01962916831f326",
-        "sha256": "0nvfcmvqdv1qllh016jhhbxzf0c9fajrwpdqjz28q2vq13vc3b4b",
+        "rev": "0dc07928ed3c26100c3fe8e6de22af7259cebbad",
+        "sha256": "0h8x0d1fq9rbndds87aa4zjy5ccdvjwx1zmylqdrp9223vynnbb6",
         "type": "tarball",
-        "url": "https://github.com/kittywitch/nixexprs/archive/820a9e13415b51f579a7c804c01962916831f326.tar.gz",
+        "url": "https://github.com/kittywitch/nixexprs/archive/0dc07928ed3c26100c3fe8e6de22af7259cebbad.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
     "niv": {

overlays/exprs

@@ -1 +1 @@
-Subproject commit 820a9e13415b51f579a7c804c01962916831f326
+Subproject commit 0dc07928ed3c26100c3fe8e6de22af7259cebbad