Compare commits

...

3 commits

10 changed files with 89 additions and 45 deletions

View file

@ -5,6 +5,16 @@
}:
with lib;
let
nom-system = pkgs.writeShellApplication {
name = "nom-system";
runtimeInputs = with pkgs; [ nix-output-monitor ];
text = ''
nom build --no-link "/home/moritz/.dotfiles#nixosConfigurations.$(hostname).config.system.build.toplevel"
'';
};
nom-system-command = command: "${nom-system}/bin/nom-system && ${command}";
in
{
users.users.moritz = {
isNormalUser = true;
@ -39,8 +49,8 @@ with lib;
rm = "rm -i";
mv = "mv -i";
nixos-switch = "sudo nixos-rebuild switch --flake ~/.dotfiles";
nixos-boot = "sudo nixos-rebuild boot --flake ~/.dotfiles";
nixos-switch = nom-system-command "sudo nixos-rebuild switch --flake ~/.dotfiles";
nixos-boot = nom-system-command "sudo nixos-rebuild boot --flake ~/.dotfiles";
nixos-update = "pushd ~/.dotfiles && nix flake update && popd";
latexwatch = ''find -type f -name "*.tex" | entr -c latexmk -pdf -silent'';
@ -77,6 +87,7 @@ with lib;
nixpkgs-fmt
statix
manix
nix-output-monitor
# other
bat

View file

@ -93,9 +93,9 @@ with lib; {
kdeconnect.enable = true;
mullvad.enable = true;
openconnect.enable = true;
openvpn.enable = true;
printing.enable = true;
redshift.enable = true;
wireguard.enable = true;
};
};

View file

@ -8,9 +8,9 @@
./kdeconnect.nix
./mullvad.nix
./openconnect.nix
./openvpn.nix
./picom.nix
./printing.nix
./redshift.nix
./wireguard.nix
];
}

View file

@ -1,39 +0,0 @@
{ config
, lib
, pkgs
, ...
}:
with lib;
let
cfg = config.my.services.openvpn;
in
{
options.my.services.openvpn.enable = mkEnableOption "openvpn";
config = lib.mkIf cfg.enable {
age.secrets = {
homeVPN = {
file = ../../secrets/home-vpn.age;
owner = "1000";
};
homeVPNPassword = {
file = ../../secrets/home-vpn-password.age;
owner = "1000";
};
};
services.openvpn.servers = {
homeVPN = {
config = "config /run/agenix/homeVPN ";
autoStart = false;
updateResolvConf = true;
};
};
systemd.services.openvpn-homeVPN-password = {
description = "Enter homeVPN password";
script = "cat /run/agenix/homeVPNPassword | systemd-tty-ask-password-agent";
wantedBy = [ "openvpn-homeVPN.service" ];
after = [ "openvpn-homeVPN.service" ];
};
};
}

View file

@ -0,0 +1,41 @@
{ config
, lib
, pkgs
, ...
}:
with lib;
let
cfg = config.my.services.wireguard;
in
{
options.my.services.wireguard.enable = mkEnableOption "wireguard";
config = lib.mkIf cfg.enable {
age.secrets = {
wireguard-private-key.file = ../../secrets/wireguard-private-key.age;
wireguard-preshared-key.file = ../../secrets/wireguard-preshared-key.age;
};
networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
networking.wg-quick.interfaces = {
wg0 = {
autostart = false;
address = [ "10.8.0.3/24" ];
listenPort = 51820;
privateKeyFile = "/run/agenix/wireguard-private-key";
peers = [
{
publicKey = "bT/U8ko3i//vH8LNn2R56JkGMg+0GLFrZSF81BBax08=";
presharedKeyFile = "/run/agenix/wireguard-preshared-key";
# Forward all the traffic via VPN.
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "wg.moritzboeh.me:51820";
persistentKeepalive = 25;
}
];
};
};
};
}

Binary file not shown.

Binary file not shown.

View file

@ -12,10 +12,10 @@ let
in
{
"github.age".publicKeys = all;
"home-vpn-password.age".publicKeys = all;
"home-vpn.age".publicKeys = all;
"nordvpn.age".publicKeys = all;
"spotifyd.age".publicKeys = all;
"ssh-home.age".publicKeys = all;
"uni-vpn.age".publicKeys = all;
"wireguard-preshared-key.age".publicKeys = all;
"wireguard-private-key.age".publicKeys = all;
}

View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 CjuqfA HUg3FETh6ezG8DcEaFW/VYrzKoqpGKpWQKk2R+e4zzM
Hnj5vK3gT2+BpGVYfQBPnosUiBgp2shs4g3Va1Z1JzU
-> ssh-ed25519 QRYDmg vc5Qzx8lbFF6BYV/BVNDv7+4tvwdGV8nyUHoVEr1yEA
mp4s4Kg7UcS6HEcaZaFhypPQh6BzeeovpEzxn0Q91Q4
-> ssh-ed25519 wG6LYg ZDy84tJ1nyrtCdOVlF464rPAmWEQXcP11B30+ccXJ2k
i+efuVas6vT9K55/soO2SOLxo29heQTR12gO5gx5SSI
-> ssh-ed25519 ZYd7Zg jmWJkTLgzrt3nU7KA3xRU37T3EriWngdbCC4GwS/pik
PYtUFRBv8yIuHgDrMJNdrsUsqjjKc/+hmvj1+pY3MpQ
-> ssh-ed25519 as9VYQ qpAgrLdj/1tLgGSH/ixGisVSBAoDB2A/nednmGKqLiM
AD6i7RrNgXcPW6ebr8T1vwsbGDQkWX/zNX7kLZ1bkTI
-> syy03-grease G1Yn Zq| $0
EmxSuXdlQfAHuTHTAd4nvyFFhfOVswM9F79VwDNuXVkf/SatEO2uhCM4RmInrNhP
a7U1TNxhGd4HuT0k5wqaN2Vr67adR6Hh024vaTxw9OHneQ
--- 7AIOs1wK0DIhK+AVkPDlOZjzFLfhsqZlWXVkLnXNcN8
!È®¼^Ã.CJ°„¸ ª]¼J<C2BC>N§Äºfú0¼'Äajy+ î?;༅Üw0<77>w<>ÒE`Sߤ¥¯Ò'¬Lá#1½Ò×ET¤.k=÷

View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 CjuqfA EQLHOBOVfp+j3x+coXt1isDkG+LvsSYkU8PT1cg97FQ
NJWJKvmN4hUHsC34n1ap4HlipC0rGWlqrbgR4vm91YY
-> ssh-ed25519 QRYDmg LOvHPzC4zfX2rlQBxYwHoHhjftCyWnBRLXZ/aB1ekQM
lVtsflczWZwhBx4FZeJK6jtcUCvwQKIA5Gmbth2to9U
-> ssh-ed25519 wG6LYg nqcLDqaVL7D0seK7kW52vmG/lm0Nd28lBroYrRMVynI
oYA8E4DDR26gpRCdJMWtzoGvUTErI6GMSdF99kTNKtc
-> ssh-ed25519 ZYd7Zg vz3LZxq0+KTx6E4J0X6duivLP0TFtA8WaOQaiSmMcF4
5g+3H/6J9FjsWifcfmEq8dz0hk4mpZhhJaEndPE3Mpw
-> ssh-ed25519 as9VYQ VIQ18yC/qEiP66hfCwWAbAbNCBypB47gbWkFg/TJmWE
MXK5RnuwAlKt676CPO0N/3BeM9gsgMPZNEG1DXq8uXA
-> 8kx-grease s%obC ~GOw1 C
--- V8z981BPe2yVOaMCj2np9Vvvy/6zP8xHCFKRFwsceXs
¢»„•¤ÇÜà+<2B>Xobë_)È<zݯmDPoçßê±Kð½ùÛÞZåé=ØÂ¥ºt-·b+}vûçµpgÝÊU' þø#/89„