modules/nixos/wireguard-dns: Init

2026-02-09 12:29:19 -08:00 · 2021-09-07 04:14:08 +01:00 · 2021-09-07 04:14:08 +01:00 · 027c0012de
commit 027c0012de
parent 70d95acddb
9 changed files with 57 additions and 35 deletions
--- a/config/hosts/ostara/nixos.nix
+++ b/config/hosts/ostara/nixos.nix
@ -9,6 +9,7 @@ with lib;
    profiles.hardware.eeepc-1015pem
    profiles.network
    services.kattv
+    services.dnscrypt-proxy
  ];

  # Terraform
--- a/config/modules/nixos/wireguard-dns.nix
+++ b/config/modules/nixos/wireguard-dns.nix
@ -0,0 +1,15 @@
+{ config, lib, ... }: with lib; let
+  cfg = config.network;
+  wgcfg = config.network.wireguard;
+  magic = toString wgcfg.magicNumber;
+in {
+  network.addresses.wireguard = {
+    enable = config.network.wireguard.enable;
+    nixos = {
+      ipv4.address = "${wgcfg.prefixV4}.${magic}";
+      ipv6.address = "${wgcfg.prefixV6}:${magic}";
+    };
+    prefix = "wg";
+    subdomain = "${config.networking.hostName}.${cfg.addresses.wireguard.prefix}";
+  };
+}
--- a/config/modules/nixos/wireguard.nix
+++ b/config/modules/nixos/wireguard.nix
@ -14,7 +14,7 @@ in
    magicNumber = mkOption { type = types.ints.u8; };
    prefixV4 = mkOption {
      type = types.str;
-      default = "172.23.1";
+      default = "10.42.69";
    };
    prefixV6 = mkOption {
      type = types.str;
--- a/config/profiles/hardware/raspi.nix
+++ b/config/profiles/hardware/raspi.nix
@ -31,14 +31,14 @@
  };

  services.udev.extraRules = ''
-    SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660"
-    SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
-    SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
+        SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio", MODE="0660"
+        SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
+        SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add", PROGRAM="${pkgs.runtimeShell} -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"

-T
+    T
  '';

-  users.groups.gpio = {};
+  users.groups.gpio = { };

  environment.noXlibs = true;
  documentation.info.enable = false;
--- a/config/services/dht22-exporter/default.nix
+++ b/config/services/dht22-exporter/default.nix
@ -1,6 +1,7 @@
 { config, lib, pkgs, ... }: with lib; let
  cfg = config.services.dht22-exporter;
-in {
+in
+{
  options.services.dht22-exporter.socat = {
    enable = mkEnableOption "socat service";
    package = mkOption {
@ -14,23 +15,27 @@ in {
  };
  config = {
    systemd.services = mkIf cfg.socat.enable {
-      dht22-exporter-socat = let
-        scfg = cfg.socat;
-        service = singleton "dht22-exporter.service";
-      in {
-        after = service;
-        bindsTo = service;
-        serviceConfig = {
-          DynamicUser = true;
+      dht22-exporter-socat =
+        let
+          scfg = cfg.socat;
+          service = singleton "dht22-exporter.service";
+        in
+        {
+          after = service;
+          bindsTo = service;
+          serviceConfig = {
+            DynamicUser = true;
+          };
+          script =
+            let
+              port = toString (if cfg.port == null then 8001 else cfg.port);
+              addresser = addr: "${scfg.package}/bin/socat TCP6-LISTEN:${port},bind=${addr},fork TCP4:localhost:${port}";
+              lines = map addresser scfg.addresses;
+            in
+            ''
+              ${concatStringsSep "\n" lines}
+            '';
        };
-        script = let
-          port = toString (if cfg.port == null then 8001 else cfg.port);
-          addresser = addr: "${scfg.package}/bin/socat TCP6-LISTEN:${port},bind=${addr},fork TCP4:localhost:${port}";
-          lines = map addresser scfg.addresses;
-        in ''
-          ${concatStringsSep "\n" lines}
-        '';
-      };
    };

    users.users.dht22-exporter = {
--- a/config/services/glauth/default.nix
+++ b/config/services/glauth/default.nix
@ -50,11 +50,12 @@
    };
  };

-  kw.secrets.variables = mapListToAttrs (field:
-    nameValuePair "glauth-${field}" {
-      path = "services/glauth";
-      inherit field;
-    }) ["password-hash" "kc-password-hash" "postgres"];
+  kw.secrets.variables = mapListToAttrs
+    (field:
+      nameValuePair "glauth-${field}" {
+        path = "services/glauth";
+        inherit field;
+      }) [ "password-hash" "kc-password-hash" "postgres" ];

  secrets.files = {
    glauth-postgres-file = {
--- a/config/users/kat/base/shell.nix
+++ b/config/users/kat/base/shell.nix
@ -119,9 +119,9 @@ in
      })) [
      "zsh-z"
    ]) ++ lib.optional (pkgs.hostPlatform == pkgs.buildPlatform) ({
-        name = "fzf-tab";
-        src = "${pkgs.zsh-fzf-tab}/share/fzf-tab";
-      });
+      name = "fzf-tab";
+      src = "${pkgs.zsh-fzf-tab}/share/fzf-tab";
+    });
  };
  programs.fzf = {
    enable = true;