From c6ea7171814b8f9490311e833c2085675fc832a4 Mon Sep 17 00:00:00 2001
From: Nick <nickjhiebert@proton.me>
Date: Tue, 1 Jul 2025 13:54:00 -0500
Subject: [PATCH] feat: wireguard test

---
 modules/config/instances/config/wireGuard.nix |  3 +-
 .../nixos/services/searx/config/engines.nix   |  0
 .../nixos/services/searx/config/general.nix   |  0
 .../nixos/services/searx/config/outgoing.nix  |  0
 .../nixos/services/searx/config/plugins.nix   |  0
 .../nixos/services/searx/config/search.nix    |  0
 .../nixos/services/searx/config/server.nix    |  0
 modules/nixos/services/searx/config/ui.nix    |  0
 modules/nixos/services/searx/default.nix      |  5 ++-
 systems/ceres/config/wireguard.nix            |  7 ++--
 systems/mars/config/wireguard.nix             | 33 +++++++++----------
 11 files changed, 26 insertions(+), 22 deletions(-)
 mode change 100644 => 100755 modules/nixos/services/searx/config/engines.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/general.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/outgoing.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/plugins.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/search.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/server.nix
 mode change 100644 => 100755 modules/nixos/services/searx/config/ui.nix
 mode change 100644 => 100755 systems/ceres/config/wireguard.nix

diff --git a/modules/config/instances/config/wireGuard.nix b/modules/config/instances/config/wireGuard.nix
index 4a8ed16..06c5a69 100755
--- a/modules/config/instances/config/wireGuard.nix
+++ b/modules/config/instances/config/wireGuard.nix
@@ -14,6 +14,7 @@ in
     path0 = "${sopsPath}/${name}";
   };
   ports = {
-    port0 = 51821;
+    port0 = 51820;
+    port1 = 51821;
   };
 }
diff --git a/modules/nixos/services/searx/config/engines.nix b/modules/nixos/services/searx/config/engines.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/general.nix b/modules/nixos/services/searx/config/general.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/outgoing.nix b/modules/nixos/services/searx/config/outgoing.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/plugins.nix b/modules/nixos/services/searx/config/plugins.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/search.nix b/modules/nixos/services/searx/config/search.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/server.nix b/modules/nixos/services/searx/config/server.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/config/ui.nix b/modules/nixos/services/searx/config/ui.nix
old mode 100644
new mode 100755
diff --git a/modules/nixos/services/searx/default.nix b/modules/nixos/services/searx/default.nix
index 52fc279..2f2cbeb 100755
--- a/modules/nixos/services/searx/default.nix
+++ b/modules/nixos/services/searx/default.nix
@@ -49,8 +49,11 @@ in
                   @allowed_ips {
                     remote_ip ${mars.wireguard.ip0}
                   }
+
                   handle @allowed_ips {
-                    reverse_proxy unix//run/searx/searx.sock
+                    redir /.well-known/carddav /remote.php/dav/ 301
+                    redir /.well-known/caldav /remote.php/dav/ 301
+                    reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
                   }
                   handle {
                     respond "Access Denied" 403
diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix
old mode 100644
new mode 100755
index 8547055..5f5f689
--- a/systems/ceres/config/wireguard.nix
+++ b/systems/ceres/config/wireguard.nix
@@ -1,6 +1,6 @@
 { config, flake, ... }:
 let
-  inherit (flake.config.services.instances) wireGuard web;
+  inherit (flake.config.services.instances) wireGuard;
   inherit (flake.config.machines.devices) mars ceres;
   service = wireGuard;
 in
@@ -10,11 +10,12 @@ in
       allowedUDPPorts = [
         53
         service.ports.port0
+        service.ports.port1
       ];
       interfaces.wg0.allowedTCPPorts = [
         80
         443
-        8080
+        8888
       ];
     };
 
@@ -28,7 +29,7 @@ in
     wireguard.interfaces = {
       wg0 = {
         ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port0;
+        listenPort = service.ports.port1;
         privateKeyFile = config.sops.secrets."${service.name}-private".path;
         peers = [
           {
diff --git a/systems/mars/config/wireguard.nix b/systems/mars/config/wireguard.nix
index b0d279b..847f3bf 100755
--- a/systems/mars/config/wireguard.nix
+++ b/systems/mars/config/wireguard.nix
@@ -1,27 +1,26 @@
 { config, flake, ... }:
 let
   inherit (flake.config.services.instances) wireGuard web;
-  inherit (flake.config.machines.devices) mars;
+  inherit (flake.config.machines.devices) ceres mars;
   service = wireGuard;
 in
 {
   networking = {
-    wg-quick.interfaces = {
-      wg0 = {
-        address = [ "${mars.wireguard.ip0}/24" ];
-        privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
-        peers = [
-          {
-            publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
-            allowedIPs = [
-              "10.100.0.0/24"
-              "192.168.1.0/24"
-            ];
-            endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}";
-            persistentKeepalive = 25;
-          }
-        ];
-      };
+    wireguard.interfaces.wg0 = {
+      ips = [ "${mars.wireguard.ip0}/24" ];
+      privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
+      peers = [
+        {
+          publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
+          allowedIPs = [
+            "10.100.0.0/24"
+            "${ceres.wireguard.ip0}/24"
+            "192.168.1.0/24"
+          ];
+          endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
+          persistentKeepalive = 25;
+        }
+      ];
     };
   };