Bun/nixos-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nuke the fuck out of Wireguard slow as balls

Browse source
This commit is contained in:
Bun 2025-04-17 00:11:26 -04:00
parent 491183aa7d
commit 7a56104845
36 changed files with 57 additions and 340 deletions
Download patch file Download diff file Expand all files Collapse all files

16
flake.lock generated
View file

@ -1,20 +1,5 @@
{
"nodes": {
"android": {
"locked": {
"lastModified": 1744517047,
"narHash": "sha256-o7HeWj7P8xSIYuN2pdAF6Hlb4rINYe1ZN3oIbHxAZXQ=",
"owner": "nix-community",
"repo": "nixos-avf",
"rev": "968a3e4d14fd4158b3cb7a4894753160cc944c04",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-avf",
"type": "github"
}
},
"blender": {
"inputs": {
"nixpkgs": "nixpkgs"
@ -457,7 +442,6 @@
},
"root": {
"inputs": {
"android": "android",
"blender": "blender",
"disko": "disko",
"hm": "hm",

6
flake.nix
View file

@ -16,8 +16,6 @@
impermanence.url = "github:nix-community/impermanence";
android.url = "github:nix-community/nixos-avf";
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11";
inputs.nixpkgs.follows = "stable";
@ -44,7 +42,6 @@
lanzaboote,
disko,
impermanence,
android,
mailserver,
minecraft,
hm,
@ -66,7 +63,6 @@
# nh os switch /path --hostname=host
nixosConfigurations = {
tower = mkNix [ ./hosts/tower ]; # Main Desktop
qemu = mkNix [ ./hosts/qemu ]; # Virtualization Testing
envy = mkNix [ ./hosts/envy ]; # HP Convertable
pear = mkNix [ ./hosts/pear ]; # MacBook Pro
@ -76,8 +72,6 @@
midas = mkNix [ ./hosts/midas ]; # Dell Optiplex 5040
kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010
prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1
droid = mkNix [ ./hosts/droid ]; # Android Virtualization Framework
};
# nh home switch /path -c arch

19
hosts/droid/default.nix
View file

@ -1,19 +0,0 @@
{ config, android, ... }:
{
imports = [
./users
../../modules/system
android.nixosModules.avf
];
networking.hostName = "droid";
avf.defaultUser = config.sysusers.main;
system = {
desktop.enable = true;
stateVersion = "24.11";
};
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

4
hosts/droid/users/default.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
imports = [ ./main ];
}

9
hosts/droid/users/main/default.nix
View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
{
home-manager.users."${config.sysusers.main}".home = {
desktop.enable = true;
gaming.enable = true;
production.enable = true;
stateVersion = lib.mkForce config.system.stateVersion;
};
}

1
hosts/envy/default.nix
View file

@ -13,7 +13,6 @@
networking = {
hostName = "envy";
wireless.enable = true;
wg-quick.interfaces.wgc.address = [ "10.100.0.25/24" ];
};
system = {

7
hosts/envy/filesystems/default.nix
View file

@ -12,12 +12,5 @@
fsType = "btrfs";
options = [ "subvol=Steam" "nosuid" "nodev" "nofail" "x-gvfs-show" ];
};
# Network mounts
"/home/${config.sysusers.main}/Midas" = {
device = "10.100.0.1:/";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
};
}

5
hosts/envy/services/default.nix
View file

@ -1,9 +1,6 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
services.globalprotect.enable = true;
virtualisation = {
libvirtd.enable = true;

8
hosts/intuos/default.nix
View file

@ -12,14 +12,6 @@
networking = {
hostName = "intuos";
wireless.enable = true;
vlans.internal = {
id=100;
interface="wlp1s0";
};
interfaces.internal.ipv4.addresses = [{
address = "11.0.0.102";
prefixLength = 8;
}];
};
system = {

2
hosts/intuos/filesystems/default.nix
View file

@ -6,7 +6,7 @@
options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
};
fileSystems."/home/${config.sysusers.main}/Network/Kitty" = {
device = "11.0.0.2:/";
device = "10.2.0.1:/";
fsType = "nfs4";
options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ];
};

9
hosts/kitty/default.nix
View file

@ -5,6 +5,7 @@
./disko
./filesystems
./hardware
./network
./users
../../modules/system
(modulesPath + "/profiles/headless.nix")
@ -13,14 +14,6 @@
networking = {
hostName = "kitty";
hostId = "8745e22e";
vlans.internal = {
id=100;
interface="eno1";
};
interfaces.internal.ipv4.addresses = [{
address = "11.0.0.2";
prefixLength = 8;
}];
};
system = {

13
hosts/kitty/network/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
networking = {
vlans.internal = {
id=100;
interface="eno1";
};
interfaces.internal.ipv4.addresses = [{
address = "11.0.0.2";
prefixLength = 8;
}];
};
}

12
hosts/midas/network/default.nix
View file

@ -9,6 +9,16 @@
address = "10.1.0.1";
interface = "enp0s31f6";
};
vlans.internal = {
id=100;
interface="enp0s31f6";
};
interfaces.internal.ipv4.addresses = [{
address = "11.0.0.1";
prefixLength = 8;
}];
nftables.tables.forwarding = {
family = "inet";
content = ''
@ -16,8 +26,6 @@
type nat hook prerouting priority dstnat; policy accept;
tcp dport 2211 dnat ip to 11.0.0.100:22 comment "Tower SSH"
tcp dport 2222 dnat ip to 11.0.0.2:22 comment "Kitty SSH"
tcp dport 2233 dnat ip to 11.0.0.101:22 comment "Envy SSH"
tcp dport 2244 dnat ip to 11.0.0.102:22 comment "Intuos SSH"
udp dport { 27005, 27015 } dnat ip to 11.0.0.100 comment "PC Hosted Games"

1
hosts/midas/services/default.nix
View file

@ -17,7 +17,6 @@
trilium-server.enable = true;
vaultwarden.enable = true;
webserver.enable = true;
wg.server.enable = true;
minecraft-servers = {
enable = true;

3
hosts/pear/default.nix
View file

@ -3,8 +3,8 @@
imports = [
./boot
./disko
./filesystems
./hardware
./network
./services
./users
../../modules/system
@ -13,7 +13,6 @@
networking = {
hostName = "pear";
wireless.enable = true;
wg-quick.interfaces.wgc.address = [ "10.100.0.18/24" ];
};
system = {

8
hosts/pear/filesystems/default.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
fileSystems."/home/${config.sysusers.main}/Midas" = {
device = "10.100.0.1:/";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
}

5
hosts/pear/services/default.nix
View file

@ -1,9 +1,6 @@
{ config, ... }:
{
services = {
globalprotect.enable = true;
wireguard.client.enable = true;
};
services.globalprotect.enable = true;
virtualisation = {
libvirtd.enable = true;

1
hosts/prophet/default.nix
View file

@ -14,7 +14,6 @@
networking = {
hostName = "prophet";
hostId = "97a21a38";
wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ];
};
system = {

1
hosts/prophet/services/default.nix
View file

@ -5,6 +5,5 @@
mailserver.enable = true;
mysql.enable = true;
nginx.enable = true;
wireguard.client.enable = true;
};
}

7
hosts/qemu/boot/default.nix
View file

@ -1,7 +0,0 @@
{ lib, pkgs, ... }:
{
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader.grub.enable = true;
};
}

14
hosts/qemu/default.nix
View file

@ -1,14 +0,0 @@
{ modulesPath, ... }:
{
imports = [
./boot
./disko
./hardware
./users
../../modules/system
(modulesPath + "/profiles/headless.nix")
];
networking.hostName = "qemu";
system.stateVersion = "24.11";
}

87
hosts/qemu/disko/default.nix
View file

@ -1,87 +0,0 @@
{ config, disko, ... }:
{
imports = [ disko.nixosModules.disko ];
disko.devices = {
disk = {
"${config.networking.hostName}" = {
type = "disk";
device = "/dev/vda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
main = {
size = "100%";
content = {
type = "lvm_pv";
vg = "${config.networking.hostName}";
};
};
};
};
};
};
lvm_vg = {
"${config.networking.hostName}" = {
type = "lvm_vg";
lvs = {
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/prev" = {
mountpoint = "/prev";
mountOptions = [ "compress=zstd" "noatime" "noexec" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
# Impermanence
"/persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/persist/.snapshots" = { };
"/persist/home" = { };
"/persist/home/.snapshots" = { };
};
};
};
swap = {
size = "8G";
content = {
type = "swap";
discardPolicy = "both";
};
};
};
};
};
};
# Needed for impermanence
fileSystems."/persist".neededForBoot = true;
}

10
hosts/qemu/hardware/default.nix
View file

@ -1,10 +0,0 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "kvm-amd" "dm-snapshot" ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
hosts/qemu/users/default.nix
View file

@ -1,4 +0,0 @@
{ ... }:
{
imports = [ ./main ];
}

6
hosts/qemu/users/main/default.nix
View file

@ -1,6 +0,0 @@
{ config, lib, ... }:
{
home-manager.users."${config.sysusers.main}".home = {
stateVersion = lib.mkForce config.system.stateVersion;
};
}

12
hosts/redmond/default.nix
View file

@ -5,6 +5,7 @@
./disko
./filesystems
./hardware
./network
./users
../../modules/system
];
@ -12,15 +13,6 @@
networking = {
hostName = "redmond";
wireless.enable = true;
interfaces."wlp1s0".ipv4.addresses = [{
address = "192.168.2.200";
prefixLength = 24;
}];
defaultGateway = {
address = "192.168.2.1";
interface = "wlp1s0";
};
wg-quick.interfaces.wgc.address = [ "10.100.0.23/24" ];
};
system = {
@ -28,7 +20,5 @@
stateVersion = "24.05";
};
services.wireguard.client.enable = true;
environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2";
}

15
hosts/redmond/filesystems/default.nix
View file

@ -1,15 +1,8 @@
{ config, ... }:
{
fileSystems = {
"/mnt/Windrive" = {
device = "/dev/disk/by-uuid/582C6B802C6B57D0";
fsType = "ntfs";
options = [ "nosuid" "nodev" ];
};
"/home/${config.sysusers.main}/Network/Midas" = {
device = "10.100.0.1:/storage";
fsType = "nfs4";
options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
};
fileSystems."/mnt/Windrive" = {
device = "/dev/disk/by-uuid/582C6B802C6B57D0";
fsType = "ntfs";
options = [ "nosuid" "nodev" ];
};
}

13
hosts/redmond/network/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
networking = {
interfaces."wlp1s0".ipv4.addresses = [{
address = "192.168.2.200";
prefixLength = 24;
}];
defaultGateway = {
address = "192.168.2.1";
interface = "wlp1s0";
};
};
}

2
hosts/tower/default.nix
View file

@ -18,7 +18,5 @@
stateVersion = "24.05";
};
services.wg.client.enable = true;
virtualisation.libvirtd.enable = true;
}

21
hosts/tower/network/default.nix
View file

@ -1,15 +1,14 @@
{ ... }:
{
networking.firewall.allowedUDPPorts = [ 27015 ];
systemd.network = {
netdevs."10-wg0".wireguardPeers = [
{ # Local server
PublicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
AllowedIPs = [ "11.0.0.0/8" ];
Endpoint = "10.2.0.1:51820";
}
];
networks."wg0".address = [ "11.0.0.100/8" ];
networking = {
firewall.allowedUDPPorts = [ 27015 ];
vlans.internal = {
id=100;
interface="enp42s0";
};
interfaces.internal.ipv4.addresses = [{
address = "11.0.0.100";
prefixLength = 8;
}];
};
}

BIN
modules/system/secrets/default.nix
View file

Binary file not shown.

1
modules/system/services/general/default.nix
View file

@ -12,6 +12,5 @@
./sunshine
./tlp
./userborn
./wireguard
];
}

28
modules/system/services/general/wireguard/default.nix
View file

@ -1,28 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.services.wg.client.enable = lib.mkEnableOption "Enable Wireguard client";
config = lib.mkIf config.services.wg.client.enable {
boot.kernelModules = [ "wireguard" ];
systemd.network = {
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = pkgs.writeText "wgclientsecret" config.secrets.wg.clientKey;
ListenPort = 9918;
};
};
};
networks."wg0" = {
matchConfig.Name = "wg0";
DHCP = "no";
};
};
};
}

1
modules/system/services/server/default.nix
View file

@ -18,6 +18,5 @@
./transmission
./trilium
./vaultwarden
./wireguard
];
}

2
modules/system/services/server/mailserver/simplenix/default.nix
View file

@ -19,7 +19,7 @@
# Passwords made with 'mkpasswd -sm bcrypt'
loginAccounts = {
"jimbo@nixfox.ca" = {
hashedPassword = config.secrets.mailHash.jimbo;
hashedPassword = config.secrets.mailHash.bun;
aliases = [
"james@nixfox.ca"
"jimbo@bloxelcom.net"

44
modules/system/services/server/wireguard/default.nix
View file

@ -1,44 +0,0 @@
{ config, lib, pkgs, ... }:
{
options.services.wg.server.enable = lib.mkEnableOption "Enable Wireguard server";
config = lib.mkIf config.services.wg.server.enable {
systemd.network = {
netdevs = {
"50-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey;
ListenPort = 51820;
RouteTable = "main";
};
wireguardPeers = [
{ # NixOS Config Key
PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
AllowedIPs = [ "11.0.0.0/8" ];
}
{ # Pixel 9
PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
AllowedIPs = [ "11.1.0.1/32" ];
}
];
};
};
networks."wg0" = {
matchConfig.Name = "wg0";
address = [ "11.0.0.1/8" ];
networkConfig = {
IPMasquerade = "both";
IPv4Forwarding = true;
IPv6Forwarding = true;
};
};
};
networking.firewall.allowedUDPPorts = [ 51820 ];
};
}