upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-08-08 21:04:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: wireguard test

Browse source
This commit is contained in:
Nick 2025-07-01 13:54:00 -05:00
parent 93366c81c8
commit c6ea717181
11 changed files with 26 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/config/instances/config/wireGuard.nix
View file

@ -14,6 +14,7 @@ in
path0 = "${sopsPath}/${name}"; path0 = "${sopsPath}/${name}";
}; };
ports = { ports = {
port0 = 51821; port0 = 51820;
port1 = 51821;
}; };
} }

0
modules/nixos/services/searx/config/engines.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/general.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/outgoing.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/plugins.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/search.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/server.nix Normal file → Executable file
View file

0
modules/nixos/services/searx/config/ui.nix Normal file → Executable file
View file

5
modules/nixos/services/searx/default.nix
View file

@ -49,8 +49,11 @@ in
@allowed_ips { @allowed_ips {
remote_ip ${mars.wireguard.ip0} remote_ip ${mars.wireguard.ip0}
} }
handle @allowed_ips { handle @allowed_ips {
reverse_proxy unix//run/searx/searx.sock redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0}
} }
handle { handle {
respond "Access Denied" 403 respond "Access Denied" 403

7
systems/ceres/config/wireguard.nix Normal file → Executable file
View file

@ -1,6 +1,6 @@
{ config, flake, ... }: { config, flake, ... }:
let let
inherit (flake.config.services.instances) wireGuard web; inherit (flake.config.services.instances) wireGuard;
inherit (flake.config.machines.devices) mars ceres; inherit (flake.config.machines.devices) mars ceres;
service = wireGuard; service = wireGuard;
in in
@ -10,11 +10,12 @@ in
allowedUDPPorts = [ allowedUDPPorts = [
53 53
service.ports.port0 service.ports.port0
service.ports.port1
]; ];
interfaces.wg0.allowedTCPPorts = [ interfaces.wg0.allowedTCPPorts = [
80 80
443 443
8080 8888
]; ];
}; };
@ -28,7 +29,7 @@ in
wireguard.interfaces = { wireguard.interfaces = {
wg0 = { wg0 = {
ips = [ "${ceres.wireguard.ip0}/24" ]; ips = [ "${ceres.wireguard.ip0}/24" ];
listenPort = service.ports.port0; listenPort = service.ports.port1;
privateKeyFile = config.sops.secrets."${service.name}-private".path; privateKeyFile = config.sops.secrets."${service.name}-private".path;
peers = [ peers = [
{ {

11
systems/mars/config/wireguard.nix
View file

@ -1,29 +1,28 @@
{ config, flake, ... }: { config, flake, ... }:
let let
inherit (flake.config.services.instances) wireGuard web; inherit (flake.config.services.instances) wireGuard web;
inherit (flake.config.machines.devices) mars; inherit (flake.config.machines.devices) ceres mars;
service = wireGuard; service = wireGuard;
in in
{ {
networking = { networking = {
wg-quick.interfaces = { wireguard.interfaces.wg0 = {
wg0 = { ips = [ "${mars.wireguard.ip0}/24" ];
address = [ "${mars.wireguard.ip0}/24" ];
privateKeyFile = config.sops.secrets."${service.name}-mars-private".path; privateKeyFile = config.sops.secrets."${service.name}-mars-private".path;
peers = [ peers = [
{ {
publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw="; publicKey = "fs58+Kz+eG9qAXvvMB2NkW+wa88yP61uam4HHWaBJVw=";
allowedIPs = [ allowedIPs = [
"10.100.0.0/24" "10.100.0.0/24"
"${ceres.wireguard.ip0}/24"
"192.168.1.0/24" "192.168.1.0/24"
]; ];
endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port0}"; endpoint = "${web.remotehost.address0}:${builtins.toString service.ports.port1}";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];
}; };
}; };
};
sops = sops =
let let