c2vi/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

...

Browse Source
This commit is contained in:
Sebastian Moser
2023-11-22 16:40:55 +01:00
parent 65963aa32f
commit 17c1e8406a
15 changed files with 204 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

153
common/wg-peers.nix
View File

@@ -1,4 +1,103 @@
{ secretsDir, ... }: let { secretsDir, ... }: [
#################### home ####################
{
name = "phone-pt";
publicKey = builtins.readFile "${secretsDir}/wg-pub-phone";
allowedIPs = [ "10.1.1.3" ];
endpoint = "192.168.44.1:51820";
persistentKeepalive = 25;
}
{
name = "phone-pw";
publicKey = builtins.readFile "${secretsDir}/wg-pub-phone";
allowedIPs = [ "10.1.1.3" ];
endpoint = "192.168.133.118:51820";
persistentKeepalive = 25;
}
/*
{
name = "main-pw";
publicKey = builtins.readFile "${secretsDir}/wg-pub-main";
allowedIPs = [ "10.1.1.11" ];
endpoint = "192.168.20.11:51820";
persistentKeepalive = 25;
}
{
name = "main-pt";
publicKey = builtins.readFile "${secretsDir}/wg-pub-main";
allowedIPs = [ "10.1.1.11" ];
endpoint = "192.168.44.11:51820";
persistentKeepalive = 25;
}
{
name = "main-home";
publicKey = builtins.readFile "${secretsDir}/wg-pub-main";
#allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.1.11:51820";
persistentKeepalive = 25;
}
{
name = "rpi-pt";
publicKey = builtins.readFile "${secretsDir}/wg-pub-rpi";
#allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.44.2:49390";
persistentKeepalive = 25;
}
{
name = "rpi-local";
publicKey = builtins.readFile "${secretsDir}/wg-pub-rpi";
#allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.1.2:49390";
persistentKeepalive = 25;
}
{
name = "rpi-web";
publicKey = builtins.readFile "${secretsDir}/wg-pub-rpi";
#allowedIPs = [ "10.1.1.0/24" ];
endpoint = "c2vi.dev:49390";
persistentKeepalive = 25;
}
/*
{
name = "main";
publicKey = builtins.readFile "${secretsDir}"/wg-pub-main;
allowedIPs = [ "10.1.1.2/24" ];
}
{
name = "phone";
publicKey = builtins.readFile "${secretsDir}"/wg-pub-phone;
allowedIPs = [ "10.1.1.3/24" ];
}
{
name = "hpm";
publicKey =builtins.readFile "${secretsDir}"/wg-pub-hpm;
allowedIPs = [ "10.1.1.6/24" ];
}
{
name = "main";
publicKey = builtins.readFile "${secretsDir}"/wg-pub-main;
allowedIPs = [ "10.1.1.2/24" ];
}
{
name = "rpi";
publicKey = builtins.readFile "${secretsDir}/wg-pub-rpi";
allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.1.2:49390, c2vi.dev:49389";
persistentKeepalive = 25;
}
{
name = "lush-local";
publicKey = builtins.readFile "${secretsDir}/wg-pub-lush";
allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.5.5:51820";
persistentKeepalive = 25;
}
*/
]
/* the networkmanager config
let
main-pub = builtins.readFile "${secretsDir}/wg-pub-main"; main-pub = builtins.readFile "${secretsDir}/wg-pub-main";
rpi-pub = builtins.readFile "${secretsDir}/wg-pub-rpi"; rpi-pub = builtins.readFile "${secretsDir}/wg-pub-rpi";
lush-pub = builtins.readFile "${secretsDir}/wg-pub-lush"; lush-pub = builtins.readFile "${secretsDir}/wg-pub-lush";
@@ -23,6 +122,7 @@ in
allowed-ips = "0.0.0.0"; allowed-ips = "0.0.0.0";
}; };
} }
*/
@@ -32,51 +132,8 @@ in
/* /*
{ secretsDir, ... }: [ { secretsDir, ... }: [
#### local #### #### local ####
{
name = "rpi";
publicKey = builtins.readFile "${secretsDir}/wg-pub-rpi";
allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.1.2:49390, c2vi.dev:49389";
persistentKeepalive = 25;
}
{
name = "main-local";
publicKey = builtins.readFile "${secretsDir}/wg-pub-main";
allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.1.40:51820";
persistentKeepalive = 25;
}
{
name = "lush-local";
publicKey = builtins.readFile "${secretsDir}/wg-pub-lush";
allowedIPs = [ "10.1.1.0/24" ];
endpoint = "192.168.5.5:51820";
persistentKeepalive = 25;
}
/*
{
name = "main";
publicKey = "${secretsDir}"/wg-public-main;
allowedIPs = [ "10.1.1.2/24" ];
}
{
name = "phone";
publicKey = "${secretsDir}"/wg-public-phone;
allowedIPs = [ "10.1.1.3/24" ];
}
{
name = "hpm";
publicKey = "${secretsDir}"/wg-public-hpm;
allowedIPs = [ "10.1.1.6/24" ];
}
{
name = "main";
publicKey = "${secretsDir}"/wg-public-main;
allowedIPs = [ "10.1.1.2/24" ];
}
*/ */

13
flake.nix
View File

@@ -165,6 +165,19 @@
nixOnDroidConfigurations = rec { nixOnDroidConfigurations = rec {
"phone" = inputs.nix-on-droid.lib.nixOnDroidConfiguration { "phone" = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
imports = [
./users/me/headless.nix
];
users.users.nix-on-droid.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjgXf9S9hxjyph2EEFh1el0z4OUT9fMoFAaDanjiuKa me@main"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWsqiz0gEepvPONYxqhKKq4Vxfe1h+jo11k88QozUch me@bitwarden"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAioUu4ow6k+OMjjLdzogiQM4ZEM3TNekGNasaSDzQQE me@phone"
];
environment.packages = with pkgs; [
vim
openssh
];
system.stateVersion = "23.05";
}; };
}; };

26
hosts/lush.nix
View File

@@ -17,10 +17,14 @@
# home-manager.users.me = import ../users/me/home-headless.nix; # home-manager.users.me = import ../users/me/home-headless.nix;
/* for cross compiling
#nixpkgs.hostPlatform.system = "aarch64-linux"; #nixpkgs.hostPlatform.system = "aarch64-linux";
#nixpkgs.buildPlatform.system = "x86_64-linux"; #nixpkgs.buildPlatform.system = "x86_64-linux";
nixpkgs.overlays = [ nixpkgs.overlays = [
(outerFinal: outerPrev: { (outerFinal: outerPrev: {
#https://github.com/adrienverge/openfortivpn/issues/446
#https://github.com/NixOS/nixpkgs/blob/nixos-23.05/pkgs/tools/networking/openfortivpn/default.nix#L47
openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: { openfortivpn = outerPrev.openfortivpn.overrideAttrs (final: prev: {
configureFlags = prev.configureFlags or [] ++ [ configureFlags = prev.configureFlags or [] ++ [
"--disable-proc" "--disable-proc"
@@ -30,6 +34,7 @@
}); });
}) })
]; ];
*/
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@@ -113,6 +118,27 @@
}; };
}; };
pt = {
connection = {
id = "pt";
uuid = "f028117e-9eef-47c1-8483-574f7ee798a4";
type = "bluetooth";
autoconnect = "false";
};
bluetooth = {
bdaddr = "E8:78:29:C4:BA:7C";
type = "panu";
};
ipv4 = {
address1 = "192.168.20.21/24";
method = "auto";
};
};
me = { me = {
connection = { connection = {
id = "me"; id = "me";

49
hosts/main.nix
View File

@@ -39,14 +39,11 @@
distributedBuilds = false; # false, because i can't build on hpm currently ... not signed by trusted user error distributedBuilds = false; # false, because i can't build on hpm currently ... not signed by trusted user error
}; };
# to build rpi images # to build rpi images
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"aarch64-linux" "aarch64-linux"
]; ];
# some bind mounts # some bind mounts
fileSystems."${workDir}/priv-share/things" = { fileSystems."${workDir}/priv-share/things" = {
device = "${workDir}/things"; device = "${workDir}/things";
@@ -84,7 +81,8 @@
fi fi
else else
rm /etc/hosts rm /etc/hosts
ln -nsf ${config.environment.etc.hosts.source.outPath} /etc/hosts cat ${self}/misc/my-hosts > /etc/hosts
cat ${self}/misc/my-hosts-"$(cat /etc/current_hosts)" >> /etc/hosts
fi fi
''; '';
}; };
@@ -92,9 +90,10 @@
{ {
enable = true; enable = true;
description = "block Youtube"; description = "block Youtube";
unitConfig = { #type = "simple";
Type = "simple"; #unitConfig = {
}; #Type = "simple";
#};
serviceConfig = { serviceConfig = {
Restart = "always"; Restart = "always";
RestartSec = "60s"; RestartSec = "60s";
@@ -153,6 +152,7 @@
8888 # for general usage 8888 # for general usage
9999 # for general usage 9999 # for general usage
8080 # for mitm proxy 8080 # for mitm proxy
51820 # wireguard
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
@@ -161,13 +161,16 @@
]; ];
networking.search = [ "c2vi.local" ]; networking.search = [ "c2vi.local" ];
#networking.hosts = {
#"10.1.1.3" = [ "phone" ];
#};
networking.extraHosts = '' networking.extraHosts = ''
192.168.1.6 hpm ${builtins.readFile "${self}/misc/my-hosts"}
192.168.1.2 rpi ${builtins.readFile "${self}/misc/my-hosts-me"}
192.168.5.5 lush
127.0.0.1 youtube.com
127.0.0.1 www.youtube.com
''; '';
environment.etc.current_hosts.text = "me";
environment.etc.current_hosts.mode = "rw";
#environment.etc.hosts.mode = "rw";
networking.networkmanager.profiles = { networking.networkmanager.profiles = {
home = { home = {
@@ -179,7 +182,7 @@
interface-name = "enp1s0"; interface-name = "enp1s0";
}; };
ipv4 = { ipv4 = {
address1 = "192.168.1.40/24,192.168.1.1"; address1 = "192.168.1.11/24,192.168.1.1";
dns = "1.1.1.1;"; dns = "1.1.1.1;";
method = "manual"; method = "manual";
}; };
@@ -224,6 +227,7 @@
}; };
ipv4 = { ipv4 = {
address1 = "192.168.44.11/24";
method = "auto"; method = "auto";
}; };
}; };
@@ -248,7 +252,7 @@
}; };
ipv4 = { ipv4 = {
address1 = "192.168.20.20/24"; address1 = "192.168.20.11/24";
method = "auto"; method = "auto";
}; };
}; };
@@ -272,6 +276,7 @@
}; };
}; };
/*
me = { me = {
connection = { connection = {
id = "me"; id = "me";
@@ -281,14 +286,26 @@
interface-name = "me0"; interface-name = "me0";
}; };
wireguard = { wireguard = {
listen-port = "12345"; listen-port = "51820";
private-key = builtins.readFile "${secretsDir}/wg-private-main"; private-key = builtins.readFile "${secretsDir}/wg-private-main";
}; };
ipv4 = { ipv4 = {
address1 = "10.1.1.1/24"; address1 = "10.1.1.11/24";
method = "manual"; method = "manual";
}; };
} // (import ../common/wg-peers.nix { inherit secretsDir; }); } // (import ../common/wg-peers.nix { inherit secretsDir; });
*/
};
networking.wireguard.interfaces = {
me1 = {
ips = [ "10.1.1.11/24" ];
listenPort = 51820;
privateKeyFile = "${secretsDir}/wg-private-main";
peers = import ../common/wg-peers.nix { inherit secretsDir; };
};
}; };

7
hosts/rpi.nix
View File

@@ -75,6 +75,13 @@
8888 # for general usage 8888 # for general usage
9999 # for general usage 9999 # for general usage
8080 # for mitm proxy 8080 # for mitm proxy
49388
49389
49390
49391
49392
49393
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [

1
misc/my-hosts Normal file
View File

@@ -0,0 +1 @@
127.0.0.1 youtube.com

4
misc/my-hosts-h Normal file
View File

@@ -0,0 +1,4 @@
192.168.1.6 hpm
192.168.1.2 rpi
192.168.1.5 acern
192.168.1.122 lush

3
misc/my-hosts-me Normal file
View File

@@ -0,0 +1,3 @@
10.1.1.3 phone
10.1.1.11 main

4
misc/my-hosts-pt Normal file
View File

@@ -0,0 +1,4 @@
192.168.44.1 phone
192.168.44.11 main
c2vi.dev rpi

1
misc/my-hosts-pw Normal file
View File

@@ -0,0 +1 @@
c2vi.dev rpi

1
misc/my-hosts-r Normal file
View File

@@ -0,0 +1 @@
c2vi.dev rpi

2
programs/alacritty.nix
View File

@@ -46,7 +46,7 @@
style = "Bold Italic"; style = "Bold Italic";
}; };
size = 10; size = 9;
}; };
# Dracula theme for alacritty # Dracula theme for alacritty

32
programs/bash.nix
View File

@@ -140,37 +140,13 @@
# a little programm, that changes the ssh config to always be able to acces rpi # a little programm, that changes the ssh config to always be able to acces rpi
function rpi(){ function rpi(){
ssh_dir=~/.ssh sudo rm /etc/hosts
rm -f $ssh_dir/current_rpi_config sudo su -c "cat ${self}/misc/my-hosts > /etc/hosts"
if [ "$1" == "l" ] sudo su -c "cat ${self}/misc/my-hosts-$1 >> /etc/hosts"
then sudo su -c "echo -en "$1" > /etc/current_hosts"
cp $ssh_dir/rpi/local $ssh_dir/current_rpi_config
fi
if [ "$1" == "local" ]
then
cp $ssh_dir/rpi/local $ssh_dir/current_rpi_config
fi
if [ "$1" == "r" ]
then
cp $ssh_dir/rpi/remote $ssh_dir/current_rpi_config
fi
if [ "$1" == "remote" ]
then
cp $ssh_dir/rpi/remote $ssh_dir/current_rpi_config
fi
if [ "$1" == "w" ]
then
cp $ssh_dir/rpi/wstunnel $ssh_dir/current_rpi_config
fi
} }
# git commit func # git commit func
function gc(){ function gc(){
tmp=$(echo -en $@) tmp=$(echo -en $@)

6
programs/ssh.nix
View File

@@ -16,15 +16,9 @@
user = "me"; user = "me";
hostname = "192.168.1.2"; hostname = "192.168.1.2";
}; };
#lush = {
#user = "me";
#hostname = "192.168.5.5";
#};
phone = { phone = {
user = "u0_a345"; user = "u0_a345";
hostname = "192.168.44.1";
port = 8022; port = 8022;
identityFile = "${secretsDir}/private-key-main";
}; };
uwu = { uwu = {
user = "sebastian"; user = "sebastian";

2
users/me/headless.nix
View File

@@ -4,7 +4,7 @@
isNormalUser = true; isNormalUser = true;
#passwordFile = "${secretsDir}/me-pwd"; #passwordFile = "${secretsDir}/me-pwd";
password = "changeme"; password = "changeme";
extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; # Enable sudo for the user. extraGroups = [ "networkmanager" "wheel" "libvirtd" "plugdev" ]; # Enable sudo for the user.
}; };
home-manager.extraSpecialArgs = { home-manager.extraSpecialArgs = {