Nuke the fuck out of Wireguard slow as balls

2025-04-17 00:11:26 -04:00 · 2025-04-17 00:11:26 -04:00 · 7a56104845
commit 7a56104845
parent 491183aa7d
36 changed files with 57 additions and 340 deletions
--- a/hosts/droid/default.nix
+++ b/hosts/droid/default.nix
@ -1,19 +0,0 @@
-{ config, android, ... }:
-{
-  imports = [
-    ./users
-    ../../modules/system
-    android.nixosModules.avf
-  ];
-
-  networking.hostName = "droid";
-
-  avf.defaultUser = config.sysusers.main;
-
-  system = {
-    desktop.enable = true;
-    stateVersion = "24.11";
-  };
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}
--- a/hosts/droid/users/default.nix
+++ b/hosts/droid/users/default.nix
@ -1,4 +0,0 @@
-{ ... }:
-{
-  imports = [ ./main ];
-}
--- a/hosts/droid/users/main/default.nix
+++ b/hosts/droid/users/main/default.nix
@ -1,9 +0,0 @@
-{ config, lib, ... }:
-{
-  home-manager.users."${config.sysusers.main}".home = {
-    desktop.enable = true;
-    gaming.enable = true;
-    production.enable = true;
-    stateVersion = lib.mkForce config.system.stateVersion;
-  };
-}
--- a/hosts/envy/default.nix
+++ b/hosts/envy/default.nix
@ -13,7 +13,6 @@
  networking = {
    hostName = "envy";
    wireless.enable = true;
-    wg-quick.interfaces.wgc.address = [ "10.100.0.25/24" ];
  };

  system = {
--- a/hosts/envy/filesystems/default.nix
+++ b/hosts/envy/filesystems/default.nix
@ -12,12 +12,5 @@
      fsType = "btrfs";
      options = [ "subvol=Steam" "nosuid" "nodev" "nofail" "x-gvfs-show" ];
    };
-
-    # Network mounts
-    "/home/${config.sysusers.main}/Midas" = {
-      device = "10.100.0.1:/";
-      fsType = "nfs4";
-      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
-    };
  };
 }
--- a/hosts/envy/services/default.nix
+++ b/hosts/envy/services/default.nix
@ -1,9 +1,6 @@
 { config, ... }:
 {
-  services = {
-    globalprotect.enable = true;
-    wireguard.client.enable = true;
-  };
+  services.globalprotect.enable = true;

  virtualisation = {
    libvirtd.enable = true;
--- a/hosts/intuos/default.nix
+++ b/hosts/intuos/default.nix
@ -12,14 +12,6 @@
  networking = {
    hostName = "intuos";
    wireless.enable = true;
-    vlans.internal = {
-      id=100;
-      interface="wlp1s0";
-    };
-    interfaces.internal.ipv4.addresses = [{
-      address = "11.0.0.102";
-      prefixLength = 8;
-    }];
  };

  system = {
--- a/hosts/intuos/filesystems/default.nix
+++ b/hosts/intuos/filesystems/default.nix
@ -6,7 +6,7 @@
    options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
  };
  fileSystems."/home/${config.sysusers.main}/Network/Kitty" = {
-    device = "11.0.0.2:/";
+    device = "10.2.0.1:/";
    fsType = "nfs4";
    options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
  };
--- a/hosts/kitty/default.nix
+++ b/hosts/kitty/default.nix
@ -5,6 +5,7 @@
    ./disko
    ./filesystems
    ./hardware
+    ./network
    ./users
    ../../modules/system
    (modulesPath + "/profiles/headless.nix")
@ -13,14 +14,6 @@
  networking = {
    hostName = "kitty";
    hostId = "8745e22e";
-    vlans.internal = {
-      id=100;
-      interface="eno1";
-    };
-    interfaces.internal.ipv4.addresses = [{
-      address = "11.0.0.2";
-      prefixLength = 8;
-    }];
  };

  system = {
--- a/hosts/kitty/network/default.nix
+++ b/hosts/kitty/network/default.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  networking = {
+    vlans.internal = {
+      id=100;
+      interface="eno1";
+    };
+    interfaces.internal.ipv4.addresses = [{
+      address = "11.0.0.2";
+      prefixLength = 8;
+    }];
+  };
+}
--- a/hosts/midas/network/default.nix
+++ b/hosts/midas/network/default.nix
@ -9,6 +9,16 @@
      address = "10.1.0.1";
      interface = "enp0s31f6";
    };
+
+    vlans.internal = {
+      id=100;
+      interface="enp0s31f6";
+    };
+    interfaces.internal.ipv4.addresses = [{
+      address = "11.0.0.1";
+      prefixLength = 8;
+    }];
+
    nftables.tables.forwarding = {
      family = "inet";
      content = ''
@ -16,8 +26,6 @@
          type nat hook prerouting priority dstnat; policy accept;
          tcp dport 2211 dnat ip to 11.0.0.100:22 comment "Tower SSH"
          tcp dport 2222 dnat ip to 11.0.0.2:22 comment "Kitty SSH"
-          tcp dport 2233 dnat ip to 11.0.0.101:22 comment "Envy SSH"
-          tcp dport 2244 dnat ip to 11.0.0.102:22 comment "Intuos SSH"
          
          udp dport { 27005, 27015 } dnat ip to 11.0.0.100 comment "PC Hosted Games"
          
--- a/hosts/midas/services/default.nix
+++ b/hosts/midas/services/default.nix
@ -17,7 +17,6 @@
    trilium-server.enable = true;
    vaultwarden.enable = true;
    webserver.enable = true;
-    wg.server.enable = true;

    minecraft-servers = {
      enable = true;
--- a/hosts/pear/default.nix
+++ b/hosts/pear/default.nix
@ -3,8 +3,8 @@
  imports = [
    ./boot
    ./disko
-    ./filesystems
    ./hardware
+    ./network
    ./services
    ./users
    ../../modules/system
@ -13,7 +13,6 @@
  networking = {
    hostName = "pear";
    wireless.enable = true;
-    wg-quick.interfaces.wgc.address = [ "10.100.0.18/24" ];
  };

  system = {
--- a/hosts/pear/filesystems/default.nix
+++ b/hosts/pear/filesystems/default.nix
@ -1,8 +0,0 @@
-{ config, ... }:
-{
-  fileSystems."/home/${config.sysusers.main}/Midas" = {
-    device = "10.100.0.1:/";
-    fsType = "nfs4";
-    options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
-  };
-}
--- a/hosts/pear/services/default.nix
+++ b/hosts/pear/services/default.nix
@ -1,9 +1,6 @@
 { config, ... }:
 {
-  services = {
-    globalprotect.enable = true;
-    wireguard.client.enable = true;
-  };
+  services.globalprotect.enable = true;

  virtualisation = {
    libvirtd.enable = true;
--- a/hosts/prophet/default.nix
+++ b/hosts/prophet/default.nix
@ -14,7 +14,6 @@
  networking = {
    hostName = "prophet";
    hostId = "97a21a38";
-    wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ];
  };

  system = {
--- a/hosts/prophet/services/default.nix
+++ b/hosts/prophet/services/default.nix
@ -5,6 +5,5 @@
    mailserver.enable = true;
    mysql.enable = true;
    nginx.enable = true;
-    wireguard.client.enable = true;
  };
 }
--- a/hosts/qemu/boot/default.nix
+++ b/hosts/qemu/boot/default.nix
@ -1,7 +0,0 @@
-{ lib, pkgs, ... }:
-{
-  boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
-    loader.grub.enable = true;
-  };
-}
--- a/hosts/qemu/default.nix
+++ b/hosts/qemu/default.nix
@ -1,14 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [
-    ./boot
-    ./disko
-    ./hardware
-    ./users
-    ../../modules/system
-    (modulesPath + "/profiles/headless.nix")
-  ];
-
-  networking.hostName = "qemu";
-  system.stateVersion = "24.11";
-}
--- a/hosts/qemu/disko/default.nix
+++ b/hosts/qemu/disko/default.nix
@ -1,87 +0,0 @@
-{ config, disko, ... }:
-{
-  imports = [ disko.nixosModules.disko ];
-
-  disko.devices = {
-    disk = {
-      "${config.networking.hostName}" = {
-        type = "disk";
-        device = "/dev/vda";
-        content = {
-          type = "gpt";
-          partitions = {
-            boot = {
-              size = "1M";
-              type = "EF02";
-            };
-            ESP = {
-              size = "2G";
-              type = "EF00";
-              content = {
-                type = "filesystem";
-                format = "vfat";
-                mountpoint = "/boot";
-                mountOptions = [ "umask=0077" ];
-              };
-            };
-            main = {
-              size = "100%";
-              content = {
-                type = "lvm_pv";
-                vg = "${config.networking.hostName}";
-              };
-            };
-          };
-        };
-      };
-    };
-
-    lvm_vg = {
-      "${config.networking.hostName}" = {
-        type = "lvm_vg";
-        lvs = {
-          root = {
-            size = "100%";
-            content = {
-              type = "btrfs";
-              extraArgs = [ "-f" ];
-              subvolumes = {
-                "/root" = {
-                  mountpoint = "/";
-                  mountOptions = [ "compress=zstd" "noatime" ];
-                };
-                "/prev" = {
-                  mountpoint = "/prev";
-                  mountOptions = [ "compress=zstd" "noatime" "noexec" ];
-                };
-                "/nix" = {
-                  mountpoint = "/nix";
-                  mountOptions = [ "compress=zstd" "noatime" ];
-                };
-
-                # Impermanence
-                "/persist" = {
-                  mountpoint = "/persist";
-                  mountOptions = [ "compress=zstd" "noatime" ];
-                };
-                "/persist/.snapshots" = { };
-                "/persist/home" = { };
-                "/persist/home/.snapshots" = { };
-              };
-            };
-          };
-          swap = {
-            size = "8G";
-            content = {
-              type = "swap";
-              discardPolicy = "both";
-            };
-          };
-        };
-      };
-    };
-  };
-
-  # Needed for impermanence
-  fileSystems."/persist".neededForBoot = true;
-}
--- a/hosts/qemu/hardware/default.nix
+++ b/hosts/qemu/hardware/default.nix
@ -1,10 +0,0 @@
-{ config, lib, modulesPath, ... }:
-{
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
-
-  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
-  boot.initrd.kernelModules = [ "kvm-amd" "dm-snapshot" ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}
--- a/hosts/qemu/users/default.nix
+++ b/hosts/qemu/users/default.nix
@ -1,4 +0,0 @@
-{ ... }:
-{
-  imports = [ ./main ];
-}
--- a/hosts/qemu/users/main/default.nix
+++ b/hosts/qemu/users/main/default.nix
@ -1,6 +0,0 @@
-{ config, lib, ... }:
-{
-  home-manager.users."${config.sysusers.main}".home = {
-    stateVersion = lib.mkForce config.system.stateVersion;
-  };
-}
--- a/hosts/redmond/default.nix
+++ b/hosts/redmond/default.nix
@ -5,6 +5,7 @@
    ./disko
    ./filesystems
    ./hardware
+    ./network
    ./users
    ../../modules/system
  ];
@ -12,15 +13,6 @@
  networking = {
    hostName = "redmond";
    wireless.enable = true;
-    interfaces."wlp1s0".ipv4.addresses = [{
-      address = "192.168.2.200";
-      prefixLength = 24;
-    }];
-    defaultGateway = {
-      address = "192.168.2.1";
-      interface = "wlp1s0";
-    };
-    wg-quick.interfaces.wgc.address = [ "10.100.0.23/24" ];
  };

  system = {
@ -28,7 +20,5 @@
    stateVersion = "24.05";
  };

-  services.wireguard.client.enable = true;
-
  environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
 }
--- a/hosts/redmond/filesystems/default.nix
+++ b/hosts/redmond/filesystems/default.nix
@ -1,15 +1,8 @@
 { config, ... }:
 {
-  fileSystems = {
-    "/mnt/Windrive" = {
-      device = "/dev/disk/by-uuid/582C6B802C6B57D0";
-      fsType = "ntfs";
-      options = [ "nosuid" "nodev" ];
-    };
-    "/home/${config.sysusers.main}/Network/Midas" = {
-      device = "10.100.0.1:/storage";
-      fsType = "nfs4";
-      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
-    };
+  fileSystems."/mnt/Windrive" = {
+    device = "/dev/disk/by-uuid/582C6B802C6B57D0";
+    fsType = "ntfs";
+    options = [ "nosuid" "nodev" ];
  };
 }
--- a/hosts/redmond/network/default.nix
+++ b/hosts/redmond/network/default.nix
@ -0,0 +1,13 @@
+{ ... }:
+{
+  networking = {
+    interfaces."wlp1s0".ipv4.addresses = [{
+      address = "192.168.2.200";
+      prefixLength = 24;
+    }];
+    defaultGateway = {
+      address = "192.168.2.1";
+      interface = "wlp1s0";
+    };
+  };
+}
--- a/hosts/tower/default.nix
+++ b/hosts/tower/default.nix
@ -18,7 +18,5 @@
    stateVersion = "24.05";
  };

-  services.wg.client.enable = true;
-
  virtualisation.libvirtd.enable = true;
 }
--- a/hosts/tower/network/default.nix
+++ b/hosts/tower/network/default.nix
@ -1,15 +1,14 @@
 { ... }:
 {
-  networking.firewall.allowedUDPPorts = [ 27015 ];
-
-  systemd.network = {
-    netdevs."10-wg0".wireguardPeers = [
-      { # Local server                                         
-        PublicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-        AllowedIPs = [ "11.0.0.0/8" ];                        
-        Endpoint = "10.2.0.1:51820";                      
-      }
-    ];
-    networks."wg0".address = [ "11.0.0.100/8" ];
+  networking = {
+    firewall.allowedUDPPorts = [ 27015 ];
+    vlans.internal = {
+      id=100;
+      interface="enp42s0";
+    };
+    interfaces.internal.ipv4.addresses = [{
+      address = "11.0.0.100";
+      prefixLength = 8;
+    }];
  };
 }