lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

feat(meta): get vpn-ip, wg-key and subnets

Browse source
This commit is contained in:
catvayor 2025-01-06 15:29:31 +01:00
parent 01af00470d
commit e8f8a54b5d
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
20 changed files with 88 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
kat/default.nix
View file

@ -15,7 +15,6 @@ let
mkDefault
;
inherit (lib.types)
str
package
;
in
@ -31,12 +30,6 @@ in
addArgs = mkEnableOption "the extra arguments" // {
default = true;
};
wireguardPubKey = mkOption {
type = str;
};
fqdn = mkOption {
type = str;
};
anywhere = mkOption {
type = package;
readOnly = true;

28
kat/meta.nix
View file

@ -16,6 +16,8 @@ let
enum
path
unspecified
nullOr
str
;
machine_meta =
@ -37,13 +39,37 @@ let
default = [ ];
# /!\ Take care of imported files
};
wg-key = mkOption {
type = nullOr str;
default = null;
};
vpn-ip4 = mkOption {
type = nullOr str;
default = null;
};
subnets = mkOption {
type = listOf str;
default = [ ];
};
fqdn = mkOption {
type = nullOr str;
default = null;
};
node_meta = mkOption {
type = unspecified;
readOnly = true;
};
};
config.node_meta = rec {
inherit (config) version;
inherit (config)
version
wg-key
vpn-ip4
subnets
fqdn
;
patches = [ ./nginx-fallback.patch ] ++ config.patches;
overlay-paths = [ "${sources.kat-pkgs}/overlay.nix" ] ++ config.overlay-paths;
nixpkgs-paths = {

6
kat/proxies/default.nix
View file

@ -2,6 +2,8 @@
pkgs,
lib,
config,
self-meta,
meta,
nodes ? { },
...
}:
@ -36,7 +38,7 @@ let
internal = port;
}) (submodule redirected-ports-mod);
inherit (config.kat) fqdn;
inherit (self-meta) fqdn;
hostname = config.networking.hostName;
cfg = config.kat.proxies;
@ -66,7 +68,7 @@ let
map (
host:
let
inherit (nodes.${host}.config.kat) fqdn;
inherit (meta.machines.${host}) fqdn;
host-cfg = nodes.${host}.config.kat.proxies;
in
{

3
machines/kat-betamail/configuration.nix
View file

@ -22,8 +22,7 @@ in
users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
kat = {
fqdn = "betamail.katvayor.net";
wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
# wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
proxies = {
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ];

2
machines/kat-betamail/default.nix
View file

@ -2,6 +2,8 @@
meta = {
version = "unstable";
patches = [ ./0001-revert-procmail-to-3.22.patch ];
fqdn = "betamail.katvayor.net";
vpn-ip4 = "192.168.122.3";
};
config = import ./configuration.nix;
}

5
machines/kat-darknet/default.nix
View file

@ -1,4 +1,7 @@
{
meta.version = "unstable";
meta = {
version = "unstable";
vpn-ip4 = "192.168.122.8";
};
config = import ./configuration.nix;
}

1
machines/kat-degette/configuration.nix
View file

@ -20,7 +20,6 @@
};
kat = {
fqdn = "degette.katvayor.net";
proxies = {
ip = "192.168.122.2";
open-tcp = [

6
machines/kat-degette/default.nix
View file

@ -1,4 +1,8 @@
{
meta.version = "stable";
meta = {
version = "stable";
fqdn = "degette.katvayor.net";
vpn-ip4 = "192.168.122.2";
};
config = import ./configuration.nix;
}

8
machines/kat-manah/configuration.nix
View file

@ -1,6 +1,6 @@
{
pkgs,
nodes,
meta,
...
}:
{
@ -23,7 +23,6 @@
};
kat = {
fqdn = "manah.katvayor.net";
proxies = {
ip = "10.42.0.1";
open-tcp = [
@ -38,7 +37,6 @@
"kat-betamail"
];
};
wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
};
systemd.network = {
@ -92,12 +90,12 @@
wireguardPeers = [
{
Endpoint = "watcher.katvayor.net:1194";
Endpoint = "${meta.machines.kat-watcher.fqdn}:1194";
AllowedIPs = [
"10.42.0.2/32"
];
PersistentKeepalive = 20;
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
PublicKey = meta.machines.kat-watcher.wg-key;
}
];
};

11
machines/kat-manah/default.nix
View file

@ -1,4 +1,13 @@
{
meta.version = "unstable";
meta = {
version = "unstable";
fqdn = "manah.katvayor.net";
vpn-ip4 = "10.42.0.1";
wg-key = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
subnets = [
"192.168.1.0/24"
"192.168.122.0/24"
];
};
config = import ./configuration.nix;
}

1
machines/kat-orchid/configuration.nix
View file

@ -27,7 +27,6 @@
};
kat = {
fqdn = "orchid.katvayor.net";
proxies = {
ip = "192.168.122.6";
aliases = [

6
machines/kat-orchid/default.nix
View file

@ -1,4 +1,8 @@
{
meta.version = "stable";
meta = {
version = "stable";
fqdn = "orchid.katvayor.net";
vpn-ip4 = "192.168.122.6";
};
config = import ./configuration.nix;
}

7
machines/kat-probook/configuration.nix
View file

@ -1,6 +1,6 @@
{
pkgs,
nodes,
meta,
users,
lib,
sources,
@ -55,7 +55,6 @@ in
"wg0"
];
};
kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
systemd.tmpfiles.rules = [
"w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance"
"w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance"
@ -99,8 +98,8 @@ in
AllowedIPs = [
"10.42.0.0/16"
];
PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
Endpoint = "watcher.katvayor.net:1194";
PublicKey = meta.machines.kat-watcher.wg-key;
Endpoint = "${meta.machines.kat-watcher.fqdn}:1194";
PersistentKeepalive = 25;
}
];

6
machines/kat-probook/default.nix
View file

@ -1,4 +1,8 @@
{
meta.version = "unstable";
meta = {
version = "unstable";
wg-key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
vpn-ip4 = "10.42.1.1";
};
config = import ./configuration.nix;
}

1
machines/kat-son/configuration.nix
View file

@ -22,7 +22,6 @@
};
kat = {
fqdn = "son.katvayor.net";
proxies = {
ip = "192.168.122.5";
aliases = [

6
machines/kat-son/default.nix
View file

@ -1,4 +1,8 @@
{
meta.version = "unstable";
meta = {
version = "unstable";
fqdn = "son.katvayor.net";
vpn-ip4 = "192.168.122.5";
};
config = import ./configuration.nix;
}

14
machines/kat-watcher/configuration.nix
View file

@ -1,6 +1,6 @@
{
pkgs,
nodes,
meta,
...
}:
{
@ -21,8 +21,6 @@
};
kat = {
wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
fqdn = "watcher.katvayor.net";
proxies.redirects = [ "kat-manah" ];
};
@ -83,19 +81,13 @@
AllowedIPs = [
"10.42.0.1/32"
];
PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
PublicKey = meta.machines.kat-manah.wg-key;
}
{
AllowedIPs = [
"10.42.1.1/32"
];
PublicKey = nodes.kat-probook.config.kat.wireguardPubKey;
}
{
AllowedIPs = [
"10.42.2.1/32"
];
PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
PublicKey = meta.machines.kat-probook.wg-key;
}
];
};

7
machines/kat-watcher/default.nix
View file

@ -1,4 +1,9 @@
{
meta.version = "unstable";
meta = {
version = "unstable";
wg-key = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
fqdn = "watcher.katvayor.net";
vpn-ip4 = "10.42.0.2";
};
config = import ./configuration.nix;
}

1
machines/kat-www/configuration.nix
View file

@ -24,7 +24,6 @@
};
kat = {
fqdn = "website.katvayor.net";
proxies = {
aliases = [
"www.katvayor.net"

6
machines/kat-www/default.nix
View file

@ -1,4 +1,8 @@
{
meta.version = "stable";
meta = {
version = "stable";
fqdn = "website.katvayor.net";
vpn-ip4 = "192.168.122.7";
};
config = import ./configuration.nix;
}