From 7a56104845afaaf80217caa3b711beccb6917eaf Mon Sep 17 00:00:00 2001 From: Bun Date: Thu, 17 Apr 2025 00:11:26 -0400 Subject: [PATCH] Nuke the fuck out of Wireguard slow as balls --- flake.lock | 16 ---- flake.nix | 6 -- hosts/droid/default.nix | 19 ---- hosts/droid/users/default.nix | 4 - hosts/droid/users/main/default.nix | 9 -- hosts/envy/default.nix | 1 - hosts/envy/filesystems/default.nix | 7 -- hosts/envy/services/default.nix | 5 +- hosts/intuos/default.nix | 8 -- hosts/intuos/filesystems/default.nix | 2 +- hosts/kitty/default.nix | 9 +- hosts/kitty/network/default.nix | 13 +++ hosts/midas/network/default.nix | 12 ++- hosts/midas/services/default.nix | 1 - hosts/pear/default.nix | 3 +- hosts/pear/filesystems/default.nix | 8 -- hosts/pear/services/default.nix | 5 +- hosts/prophet/default.nix | 1 - hosts/prophet/services/default.nix | 1 - hosts/qemu/boot/default.nix | 7 -- hosts/qemu/default.nix | 14 --- hosts/qemu/disko/default.nix | 87 ------------------ hosts/qemu/hardware/default.nix | 10 -- hosts/qemu/users/default.nix | 4 - hosts/qemu/users/main/default.nix | 6 -- hosts/redmond/default.nix | 12 +-- hosts/redmond/filesystems/default.nix | 15 +-- hosts/redmond/network/default.nix | 13 +++ hosts/tower/default.nix | 2 - hosts/tower/network/default.nix | 21 ++--- modules/system/secrets/default.nix | Bin 2005 -> 1829 bytes modules/system/services/general/default.nix | 1 - .../services/general/wireguard/default.nix | 28 ------ modules/system/services/server/default.nix | 1 - .../server/mailserver/simplenix/default.nix | 2 +- .../services/server/wireguard/default.nix | 44 --------- 36 files changed, 57 insertions(+), 340 deletions(-) delete mode 100644 hosts/droid/default.nix delete mode 100644 hosts/droid/users/default.nix delete mode 100644 hosts/droid/users/main/default.nix create mode 100644 hosts/kitty/network/default.nix delete mode 100644 hosts/pear/filesystems/default.nix delete mode 100644 hosts/qemu/boot/default.nix delete mode 100644 hosts/qemu/default.nix delete mode 100644 hosts/qemu/disko/default.nix delete mode 100644 hosts/qemu/hardware/default.nix delete mode 100644 hosts/qemu/users/default.nix delete mode 100644 hosts/qemu/users/main/default.nix create mode 100644 hosts/redmond/network/default.nix delete mode 100644 modules/system/services/general/wireguard/default.nix delete mode 100644 modules/system/services/server/wireguard/default.nix diff --git a/flake.lock b/flake.lock index 38758123..222406db 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,5 @@ { "nodes": { - "android": { - "locked": { - "lastModified": 1744517047, - "narHash": "sha256-o7HeWj7P8xSIYuN2pdAF6Hlb4rINYe1ZN3oIbHxAZXQ=", - "owner": "nix-community", - "repo": "nixos-avf", - "rev": "968a3e4d14fd4158b3cb7a4894753160cc944c04", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-avf", - "type": "github" - } - }, "blender": { "inputs": { "nixpkgs": "nixpkgs" @@ -457,7 +442,6 @@ }, "root": { "inputs": { - "android": "android", "blender": "blender", "disko": "disko", "hm": "hm", diff --git a/flake.nix b/flake.nix index 5cd71881..70115fc0 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,6 @@ impermanence.url = "github:nix-community/impermanence"; - android.url = "github:nix-community/nixos-avf"; - mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs.nixpkgs.follows = "stable"; @@ -44,7 +42,6 @@ lanzaboote, disko, impermanence, - android, mailserver, minecraft, hm, @@ -66,7 +63,6 @@ # nh os switch /path --hostname=host nixosConfigurations = { tower = mkNix [ ./hosts/tower ]; # Main Desktop - qemu = mkNix [ ./hosts/qemu ]; # Virtualization Testing envy = mkNix [ ./hosts/envy ]; # HP Convertable pear = mkNix [ ./hosts/pear ]; # MacBook Pro @@ -76,8 +72,6 @@ midas = mkNix [ ./hosts/midas ]; # Dell Optiplex 5040 kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1 - - droid = mkNix [ ./hosts/droid ]; # Android Virtualization Framework }; # nh home switch /path -c arch diff --git a/hosts/droid/default.nix b/hosts/droid/default.nix deleted file mode 100644 index 1539d1fc..00000000 --- a/hosts/droid/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, android, ... }: -{ - imports = [ - ./users - ../../modules/system - android.nixosModules.avf - ]; - - networking.hostName = "droid"; - - avf.defaultUser = config.sysusers.main; - - system = { - desktop.enable = true; - stateVersion = "24.11"; - }; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/droid/users/default.nix b/hosts/droid/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/droid/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/droid/users/main/default.nix b/hosts/droid/users/main/default.nix deleted file mode 100644 index 9c6469d4..00000000 --- a/hosts/droid/users/main/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - desktop.enable = true; - gaming.enable = true; - production.enable = true; - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/envy/default.nix b/hosts/envy/default.nix index 2634ffd0..8d51adcf 100644 --- a/hosts/envy/default.nix +++ b/hosts/envy/default.nix @@ -13,7 +13,6 @@ networking = { hostName = "envy"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.25/24" ]; }; system = { diff --git a/hosts/envy/filesystems/default.nix b/hosts/envy/filesystems/default.nix index 6fbd2d35..9bc9c66b 100644 --- a/hosts/envy/filesystems/default.nix +++ b/hosts/envy/filesystems/default.nix @@ -12,12 +12,5 @@ fsType = "btrfs"; options = [ "subvol=Steam" "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; - - # Network mounts - "/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; }; } diff --git a/hosts/envy/services/default.nix b/hosts/envy/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/envy/services/default.nix +++ b/hosts/envy/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/intuos/default.nix b/hosts/intuos/default.nix index 9ee1f094..73445bcd 100644 --- a/hosts/intuos/default.nix +++ b/hosts/intuos/default.nix @@ -12,14 +12,6 @@ networking = { hostName = "intuos"; wireless.enable = true; - vlans.internal = { - id=100; - interface="wlp1s0"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.102"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/intuos/filesystems/default.nix b/hosts/intuos/filesystems/default.nix index 37b9e0a1..7634dc52 100644 --- a/hosts/intuos/filesystems/default.nix +++ b/hosts/intuos/filesystems/default.nix @@ -6,7 +6,7 @@ options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; fileSystems."/home/${config.sysusers.main}/Network/Kitty" = { - device = "11.0.0.2:/"; + device = "10.2.0.1:/"; fsType = "nfs4"; options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index 82b244b8..8afe152c 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system (modulesPath + "/profiles/headless.nix") @@ -13,14 +14,6 @@ networking = { hostName = "kitty"; hostId = "8745e22e"; - vlans.internal = { - id=100; - interface="eno1"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.2"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/kitty/network/default.nix b/hosts/kitty/network/default.nix new file mode 100644 index 00000000..203fe0d6 --- /dev/null +++ b/hosts/kitty/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + vlans.internal = { + id=100; + interface="eno1"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.2"; + prefixLength = 8; + }]; + }; +} diff --git a/hosts/midas/network/default.nix b/hosts/midas/network/default.nix index 06685c47..17b47f4f 100644 --- a/hosts/midas/network/default.nix +++ b/hosts/midas/network/default.nix @@ -9,6 +9,16 @@ address = "10.1.0.1"; interface = "enp0s31f6"; }; + + vlans.internal = { + id=100; + interface="enp0s31f6"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.1"; + prefixLength = 8; + }]; + nftables.tables.forwarding = { family = "inet"; content = '' @@ -16,8 +26,6 @@ type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat ip to 11.0.0.100:22 comment "Tower SSH" tcp dport 2222 dnat ip to 11.0.0.2:22 comment "Kitty SSH" - tcp dport 2233 dnat ip to 11.0.0.101:22 comment "Envy SSH" - tcp dport 2244 dnat ip to 11.0.0.102:22 comment "Intuos SSH" udp dport { 27005, 27015 } dnat ip to 11.0.0.100 comment "PC Hosted Games" diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index 0ccaab19..62d64889 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -17,7 +17,6 @@ trilium-server.enable = true; vaultwarden.enable = true; webserver.enable = true; - wg.server.enable = true; minecraft-servers = { enable = true; diff --git a/hosts/pear/default.nix b/hosts/pear/default.nix index 94fe1974..faf196c0 100644 --- a/hosts/pear/default.nix +++ b/hosts/pear/default.nix @@ -3,8 +3,8 @@ imports = [ ./boot ./disko - ./filesystems ./hardware + ./network ./services ./users ../../modules/system @@ -13,7 +13,6 @@ networking = { hostName = "pear"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.18/24" ]; }; system = { diff --git a/hosts/pear/filesystems/default.nix b/hosts/pear/filesystems/default.nix deleted file mode 100644 index 39ad5cc4..00000000 --- a/hosts/pear/filesystems/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: -{ - fileSystems."/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; -} diff --git a/hosts/pear/services/default.nix b/hosts/pear/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/pear/services/default.nix +++ b/hosts/pear/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index 92c958f1..9303b80f 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -14,7 +14,6 @@ networking = { hostName = "prophet"; hostId = "97a21a38"; - wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ]; }; system = { diff --git a/hosts/prophet/services/default.nix b/hosts/prophet/services/default.nix index 9499a7ac..7de2570c 100644 --- a/hosts/prophet/services/default.nix +++ b/hosts/prophet/services/default.nix @@ -5,6 +5,5 @@ mailserver.enable = true; mysql.enable = true; nginx.enable = true; - wireguard.client.enable = true; }; } diff --git a/hosts/qemu/boot/default.nix b/hosts/qemu/boot/default.nix deleted file mode 100644 index 9ff2e3b3..00000000 --- a/hosts/qemu/boot/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - loader.grub.enable = true; - }; -} diff --git a/hosts/qemu/default.nix b/hosts/qemu/default.nix deleted file mode 100644 index 4dac575d..00000000 --- a/hosts/qemu/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - ./boot - ./disko - ./hardware - ./users - ../../modules/system - (modulesPath + "/profiles/headless.nix") - ]; - - networking.hostName = "qemu"; - system.stateVersion = "24.11"; -} diff --git a/hosts/qemu/disko/default.nix b/hosts/qemu/disko/default.nix deleted file mode 100644 index 74f43547..00000000 --- a/hosts/qemu/disko/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, disko, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - main = { - size = "100%"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" "noexec" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/persist/.snapshots" = { }; - "/persist/home" = { }; - "/persist/home/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems."/persist".neededForBoot = true; -} diff --git a/hosts/qemu/hardware/default.nix b/hosts/qemu/hardware/default.nix deleted file mode 100644 index dded8092..00000000 --- a/hosts/qemu/hardware/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ "kvm-amd" "dm-snapshot" ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/qemu/users/default.nix b/hosts/qemu/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/qemu/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/qemu/users/main/default.nix b/hosts/qemu/users/main/default.nix deleted file mode 100644 index 9366cadc..00000000 --- a/hosts/qemu/users/main/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/redmond/default.nix b/hosts/redmond/default.nix index be47776f..4d3236e6 100644 --- a/hosts/redmond/default.nix +++ b/hosts/redmond/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system ]; @@ -12,15 +13,6 @@ networking = { hostName = "redmond"; wireless.enable = true; - interfaces."wlp1s0".ipv4.addresses = [{ - address = "192.168.2.200"; - prefixLength = 24; - }]; - defaultGateway = { - address = "192.168.2.1"; - interface = "wlp1s0"; - }; - wg-quick.interfaces.wgc.address = [ "10.100.0.23/24" ]; }; system = { @@ -28,7 +20,5 @@ stateVersion = "24.05"; }; - services.wireguard.client.enable = true; - environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2"; } diff --git a/hosts/redmond/filesystems/default.nix b/hosts/redmond/filesystems/default.nix index 119e3997..c6bb7542 100644 --- a/hosts/redmond/filesystems/default.nix +++ b/hosts/redmond/filesystems/default.nix @@ -1,15 +1,8 @@ { config, ... }: { - fileSystems = { - "/mnt/Windrive" = { - device = "/dev/disk/by-uuid/582C6B802C6B57D0"; - fsType = "ntfs"; - options = [ "nosuid" "nodev" ]; - }; - "/home/${config.sysusers.main}/Network/Midas" = { - device = "10.100.0.1:/storage"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; + fileSystems."/mnt/Windrive" = { + device = "/dev/disk/by-uuid/582C6B802C6B57D0"; + fsType = "ntfs"; + options = [ "nosuid" "nodev" ]; }; } diff --git a/hosts/redmond/network/default.nix b/hosts/redmond/network/default.nix new file mode 100644 index 00000000..f87dee8a --- /dev/null +++ b/hosts/redmond/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + interfaces."wlp1s0".ipv4.addresses = [{ + address = "192.168.2.200"; + prefixLength = 24; + }]; + defaultGateway = { + address = "192.168.2.1"; + interface = "wlp1s0"; + }; + }; +} diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index bf95d667..2f15c2c3 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -18,7 +18,5 @@ stateVersion = "24.05"; }; - services.wg.client.enable = true; - virtualisation.libvirtd.enable = true; } diff --git a/hosts/tower/network/default.nix b/hosts/tower/network/default.nix index 623f0f19..74bbcda4 100644 --- a/hosts/tower/network/default.nix +++ b/hosts/tower/network/default.nix @@ -1,15 +1,14 @@ { ... }: { - networking.firewall.allowedUDPPorts = [ 27015 ]; - - systemd.network = { - netdevs."10-wg0".wireguardPeers = [ - { # Local server - PublicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; - AllowedIPs = [ "11.0.0.0/8" ]; - Endpoint = "10.2.0.1:51820"; - } - ]; - networks."wg0".address = [ "11.0.0.100/8" ]; + networking = { + firewall.allowedUDPPorts = [ 27015 ]; + vlans.internal = { + id=100; + interface="enp42s0"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.100"; + prefixLength = 8; + }]; }; } diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 08d97784dbffa8a2859c872de6367454dfe93c9c..476566e00c0ebe154311ba68e072aa84523dcf86 100644 GIT binary patch literal 1829 zcmV+=2io`mM@dveQdv+`00n2=AP8A47zv{Wh4A%Qq3|aC}wC~A*OhF zD7Qulw-K)Wz4gB!_JZ3LAO|rrLC#g4KZ{{az@>2S;`^7bH~%D702T5ow;c6HRvH8W z!+D-8#pCoDiJF=+KCFk)+jZ!aQfmJ9edF-80le>S89q{!5# z**s%UqjmjO5=A?!?^Ef(pL!~MO@5)~FqoBRHXb~(zi&J80AS;;N-COZ2=Z42HcAt; zE`+>OCB_5Mk&|AbgN*9;HqnY-w4+ndd=HRC%o*WDz=n(3)46PeU-h72hBvoZA=Vg zMjWRP#_3wr(EvN|Shl(tu{;~Cq`{ht?`2u@!5lSvti`vxe4pkeCvt$@gHB(^J0&4a z#&;J-kl_d7vl_;ZV;=QRElZa@Z}Tu08wov20WXk*{g%>9Q)Gnb($wh}=8!^}K4LK6 z1pJ!+{mIG}cEEHzIeMQD7*bw3LBDZA)rQwq;aaY=`$&l}j?#3L*FKY=NzY^R7bDLj zgHLe{N?Tz05Ck8U`^gM_H=_q8&Tm5-q-;x-moa}yxz@@|FY^>caYu&`6bRrOwAqvYH^lA@*PN$o(XZvQ?L2Yq!`wXuG`pBS!l* zkNiCh5mnPGl9jEK`NC=f=T#i}=Lz0 zLaBmyXPLlkdAPA>Xc?TtRlLgu))@M(qL!Bi+<^J!$^=AR0g8_F7eMUsjPKF15Xebx zj7DR$T<3h{Qg&Q0zbDcZWXVBIWT0DyE^k|{uuL7``;}q!fTO=4VUk(Vh}Hh9v7hf; z&|uyEE(=7N-~^|?A7;A!V30#o&r7@PQ=898WiXT?3I7GTRZ>vow+iJ^rD24RMd}Fi zMy((M4L`I{$f$a+N5sck*rQ?Q*0{!E!}s`Cmpc-&2q@2_BZX#a81}+>=-WFHBs#s+ zbU)6B2}qvl{`Q$B{;rMK(8ZiZ@(-!09HS@$4HQm@U&pG~Q8l&4D(V1sr*GQj%8sj`6tEVojwNS36a957QWDju3CRCA zbS2{g_!bsa;v$({@Kby453*{z+yL2Pc+KKCM87~>(J4RwwTrkM>gZlvn*a7{X}99W zwZ#7tK?3w#-axu&oUaamG7@!}szcSvCjN z-TNnJ{-Vvj@wzrvo$M+XM}N6(>*)LMkz2RAvq7sWCHMs{_?Kb>LLs>cw$;H?15Tai TNiJy~bB@I_>^`qkG}E~t-kz0A literal 2005 zcmV;`2P*ggM@dveQdv+`0E9;obG*QASc{$jt<&-vs6<$D@fW%DjDBB!Ez!2Y-C!g5 z`zLXUZNy!Nc6_h}eV4$7(*kv@Dg7CAdTA#a7}|yTS1_`}-UpQM0sD6-L(IW>f%O|t zI&LQ~1sPQ-!R@aHa6pjhaz$60R=*1lpHuojQM`x}uw5?vkh4wt^4q_hfTxRN)$r$UsaktCPYg}bS~1C5`*2ozbBb{t zrC+PgQ5|3}x`V!W??=9+C4r2`0=j^d~D*Jg7iC!SjkhxBhXK4Dt;h<>^Hsa9b?v8|Rpj8%(b4+mqK6zM5P5JBN6N&KU3%V0nV(XF za|zCjv7uNuGiVn-_~>qnOc`rg^x5B`fcWS;VhR#kpEde?$Dvd(`E~Z8-Os^L6Au{> z!^eWN=EK#Aq}O}g*q0w^{BesGeC-;hJEsQ90@fyBow|%x!$2&t8TH#i#}2BOPp-cc ztJzD?;NP7|eNW%liTZV&*+y-7qCoVB#jnoTf=TIDoBE7$OCk zPhUaDirPRM7W=5zbZ(d!y|DHNj)q#kMK6dlF+KXw28ch3!J~W(Bbj%aftPhU=Hk@|V_i_NM=G8tfv&D^rCpB@Z&-%J!zApGS|1!L>@Vp!4iRWF%pBFJXCBUE)?Jw2CZuy zq@1sc@Drmbw`nnNg7-wVwN2tGC(9H`0fw0%@AKYx zEU`f14|Di!m;^Ib4^GEn&rG6H{hs_Pepu2a%wKx8kgvmR@RNX@e_ii(x?%$sM4UgE zId0wm5!JFCcMGaTVgx;MSVCiDZ9;$DC_25_hV_^{ssWxG-l_-}=5T$?r+SR9=6v_G zBkqbf%_%{_xZ;7q3PGZa@o8ke-iG`Zeps(Oym zw5pL4oZ_gn@F-1FtRK=%THiFD0AFzGfCyuE_{I~B?KGN4Qc!LM;@gYg1GeQs6?wkN zVw|d}T4t%pJU9Ulihb~wsXB=0BKbN)cuw=p#*^2goS^d^D7eP5j*N+E)TvSS0v;%g zIPl5=hytnm=Cb6Q3@{APu5eZ0ogeYK?)H~UUosl4&>fDppC!P6z3Y=F#ja>(r|Xa% zXqWyyI?QQnb)ZBglefEs8x>kHx&qydb6QqA%H;rn@Ia<)7e;6*P%u z(51ghHf+Y78t*86XWt+w≧%J=wDMWJ-(QQBL^+KJ%|u>&33LExx@NP{|t5M z>DaD*8?PnFV;!%q3V))TePQQBb=gPZ nipJ8H-ZebH{bM}Vxw9ks(p;*oWgx%~{ezfPmbWUP66s==Z87Bc diff --git a/modules/system/services/general/default.nix b/modules/system/services/general/default.nix index ccf19ea6..22685c57 100644 --- a/modules/system/services/general/default.nix +++ b/modules/system/services/general/default.nix @@ -12,6 +12,5 @@ ./sunshine ./tlp ./userborn - ./wireguard ]; } diff --git a/modules/system/services/general/wireguard/default.nix b/modules/system/services/general/wireguard/default.nix deleted file mode 100644 index a9d209c8..00000000 --- a/modules/system/services/general/wireguard/default.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - options.services.wg.client.enable = lib.mkEnableOption "Enable Wireguard client"; - - config = lib.mkIf config.services.wg.client.enable { - boot.kernelModules = [ "wireguard" ]; - - systemd.network = { - netdevs = { - "10-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1300"; - }; - wireguardConfig = { - PrivateKeyFile = pkgs.writeText "wgclientsecret" config.secrets.wg.clientKey; - ListenPort = 9918; - }; - }; - }; - networks."wg0" = { - matchConfig.Name = "wg0"; - DHCP = "no"; - }; - }; - }; -} diff --git a/modules/system/services/server/default.nix b/modules/system/services/server/default.nix index 2085a3b4..ec51d8b1 100644 --- a/modules/system/services/server/default.nix +++ b/modules/system/services/server/default.nix @@ -18,6 +18,5 @@ ./transmission ./trilium ./vaultwarden - ./wireguard ]; } diff --git a/modules/system/services/server/mailserver/simplenix/default.nix b/modules/system/services/server/mailserver/simplenix/default.nix index 6a01d8cb..ab8dc4fa 100644 --- a/modules/system/services/server/mailserver/simplenix/default.nix +++ b/modules/system/services/server/mailserver/simplenix/default.nix @@ -19,7 +19,7 @@ # Passwords made with 'mkpasswd -sm bcrypt' loginAccounts = { "jimbo@nixfox.ca" = { - hashedPassword = config.secrets.mailHash.jimbo; + hashedPassword = config.secrets.mailHash.bun; aliases = [ "james@nixfox.ca" "jimbo@bloxelcom.net" diff --git a/modules/system/services/server/wireguard/default.nix b/modules/system/services/server/wireguard/default.nix deleted file mode 100644 index 9b018b25..00000000 --- a/modules/system/services/server/wireguard/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - options.services.wg.server.enable = lib.mkEnableOption "Enable Wireguard server"; - - config = lib.mkIf config.services.wg.server.enable { - systemd.network = { - netdevs = { - "50-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - MTUBytes = "1300"; - }; - wireguardConfig = { - PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey; - ListenPort = 51820; - RouteTable = "main"; - }; - wireguardPeers = [ - { # NixOS Config Key - PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0="; - AllowedIPs = [ "11.0.0.0/8" ]; - } - { # Pixel 9 - PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4="; - AllowedIPs = [ "11.1.0.1/32" ]; - } - ]; - }; - }; - networks."wg0" = { - matchConfig.Name = "wg0"; - address = [ "11.0.0.1/8" ]; - networkConfig = { - IPMasquerade = "both"; - IPv4Forwarding = true; - IPv6Forwarding = true; - }; - }; - }; - - networking.firewall.allowedUDPPorts = [ 51820 ]; - }; -}