chore: moved wireguard config

2025-12-06 21:17:14 -06:00 · 2025-11-06 16:35:10 -06:00 · 2025-11-06 16:35:10 -06:00 · e98394d757
commit e98394d757
parent 973297a2a8
13 changed files with 412 additions and 88 deletions
--- a/modules/config/instances/config/forgejo.nix
+++ b/modules/config/instances/config/forgejo.nix
@ -38,7 +38,7 @@ in
  interface = {
    id = "vm-${name}";
    mac = "02:00:00:00:00:50";
-    idUser = "vm-${name}";
+    idUser = "vm-${name}-user";
    macUser = "02:00:00:00:00:02";
    ip = "192.168.50.50";
    gate = "192.168.50.2";
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -15,7 +15,7 @@ in
          plymouth
          sddm
          searx
-          wireGuard
+          wireguard
          ;
      };
    };
@ -67,6 +67,7 @@ in
          # vaultwarden
          # website
          # zookeeper
+          wireguard
          ;
      };
    };
--- a/modules/nixos/services/acme/default.nix
+++ b/modules/nixos/services/acme/default.nix
@ -0,0 +1,11 @@
+let
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
+in
+{
+  imports = importList;
+}
--- a/modules/nixos/services/caddy/default.nix
+++ b/modules/nixos/services/caddy/default.nix
@ -0,0 +1,11 @@
+let
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
+in
+{
+  imports = importList;
+}
--- a/modules/nixos/services/forgejo/default.nix
+++ b/modules/nixos/services/forgejo/default.nix
@ -123,14 +123,20 @@ in
                enable = true;
                networks."10-enp" = {
                  matchConfig.Name = "enp0s4";
+
+                  # Option 1: Static IP (recommended if you need consistent IP for reverse proxy)
                  addresses = [ { Address = "${service.interface.ip}/24"; } ];
                  routes = [
                    {
-                      Destination = "${localhost}/0";
-                      Gateway = service.interface.gate;
+                      Destination = "0.0.0.0/0";
+                      Gateway = "192.168.50.1"; # Your LAN gateway - adjust if different
                    }
                  ];
-                  dns = [ service.interface.gate ];
+                  dns = [ "192.168.50.1" ]; # Your LAN DNS - adjust if different
+
+                  # Option 2: DHCP (uncomment below and comment out above if preferred)
+                  # Note: You'll need to update the Caddy reverse_proxy IP or use hostname
+                  # networkConfig.DHCP = "yes";
                };
              };
            };
--- a/modules/nixos/services/ollama/default.nix
+++ b/modules/nixos/services/ollama/default.nix
@ -0,0 +1,11 @@
+let
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
+in
+{
+  imports = importList;
+}
--- a/modules/nixos/services/postgresql/default.nix
+++ b/modules/nixos/services/postgresql/default.nix
@ -0,0 +1,11 @@
+let
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
+in
+{
+  imports = importList;
+}
--- a/modules/nixos/services/samba/default.nix
+++ b/modules/nixos/services/samba/default.nix
@ -0,0 +1,11 @@
+let
+  importList =
+    let
+      content = builtins.readDir ./.;
+      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
+    in
+    map (name: ./. + "/${name}") dirContent;
+in
+{
+  imports = importList;
+}
--- a/modules/nixos/services/wireguard/default.nix
+++ b/modules/nixos/services/wireguard/default.nix
@ -1,59 +1,13 @@
-{ config, flake, ... }:
+{ flake, ... }:
 let
  inherit (flake.config.services) instances;
  inherit (flake.config.machines.devices) ceres;
  service = instances.wireGuard;
-  wireGuardInterface =
-    {
-      secret,
-      publicKey,
-      endpoint,
-    }:
-    {
-      name = "Proton-${secret}";
-      value = {
-        autostart = false;
-        address = [ "10.2.0.2/32" ];
-        dns = [ "10.2.0.1" ];
-        privateKeyFile = config.sops.secrets."${service.name}-${secret}".path;
-        peers = [
-          {
-            inherit publicKey endpoint;
-            allowedIPs = [ "0.0.0.0/0,::/0" ];
-            persistentKeepalive = 25;
-          }
-        ];
-      };
-    };
-  interfaces = [
-    {
-      secret = "CA363";
-      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
-      endpoint = "149.88.97.110:51820";
-    }
-    {
-      secret = "CA220";
-      publicKey = "UR8vjVYrrWYadCwLKiAabKTIdxM4yikmCXnvKWm89D8=";
-      endpoint = "139.28.218.130:51820";
-    }
-    {
-      secret = "CA358";
-      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
-      endpoint = "149.88.97.110:51820";
-    }
-    {
-      secret = "CA627";
-      publicKey = "xLFgU430Tt7PdHJydVbIKvtjXJodoPpGKW7fhF7XE2k=";
-      endpoint = "139.28.218.130:51820";
-    }
-  ];
 in
 {
  networking = {
    hosts = {
      ${ceres.wireguard.ip0} = [
-        instances.searx.domains.url0
-        instances.glance.domains.url0
      ];
    };
    wireguard.interfaces = {
@ -72,19 +26,4 @@ in
      };
    };
  };
-
-  sops.secrets =
-    let
-      sopsPath = secret: {
-        path = "${service.sops.path0}/${service.name}-${secret}";
-        owner = "root";
-        mode = "600";
-      };
-    in
-    builtins.listToAttrs (
-      (map (interface: {
-        name = "${service.name}-${interface.secret}";
-        value = sopsPath interface.secret;
-      }) interfaces)
-    );
 }
--- a/modules/nixos/services/wireguard/wireguardCeres/default.nix
+++ b/modules/nixos/services/wireguard/wireguardCeres/default.nix
@ -1,76 +0,0 @@
-{ config, flake, ... }:
-let
-  inherit (flake.config.services) instances;
-  inherit (flake.config.machines.devices) mars deimos ceres;
-  service = instances.wireGuard;
-in
-{
-  networking = {
-    firewall = {
-      allowedTCPPorts = [
-        service.ports.port0
-      ];
-      allowedUDPPorts = [
-        service.ports.port0
-        service.ports.port1
-      ];
-    };
-
-    nat = {
-      enable = true;
-      enableIPv6 = true;
-      externalInterface = "enp10s0";
-      internalInterfaces = [
-        "wg0"
-        "br-vms"
-      ];
-    };
-
-    wireguard.interfaces = {
-      wg0 = {
-        ips = [ "${ceres.wireguard.ip0}/24" ];
-        listenPort = service.ports.port1;
-        privateKeyFile = config.sops.secrets."${service.name}-private".path;
-        peers = [
-          # if you need to create a new key pair
-          # wg genkey | save --raw --force privatekey
-          # open privatekey | wg pubkey | save --raw --force publickey
-          {
-            publicKey = "9zfRPxkxTLHM9tABC8lIaDMrzdjcF2l1mtG82uqGKUQ=";
-            allowedIPs = [ "${mars.wireguard.ip0}/32" ];
-          }
-          {
-            publicKey = "hKbvOlvKdWAlq45rfV3ggwOI8xqiqVWweXV+2GQx/0I=";
-            allowedIPs = [ "${deimos.wireguard.ip0}/32" ];
-          }
-        ];
-      };
-    };
-  };
-
-  sops =
-    let
-      sopsPath = secret: {
-        path = "${service.sops.path0}/${service.name}-${secret}-pass";
-        owner = "root";
-        mode = "600";
-      };
-    in
-    {
-      secrets = builtins.listToAttrs (
-        map
-          (secret: {
-            name = "${service.name}-${secret}";
-            value = sopsPath secret;
-          })
-          [
-            "private"
-            "public"
-          ]
-      );
-    };
-
-  boot.kernel.sysctl = {
-    "net.ipv4.ip_forward" = 1;
-  };
-}