karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor public ip handling

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-09-22 10:54:59 +01:00
parent 3bf23f860a
commit 248432b132
6 changed files with 31 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/common/configs/system/default.nix
View File

@@ -3,5 +3,6 @@
imports = [ imports = [
./cpu/options.nix ./cpu/options.nix
./impermanence/options.nix ./impermanence/options.nix
./networking/options.nix
]; ];
} }

17
hosts/common/configs/system/networking/options.nix Normal file
View File

@@ -0,0 +1,17 @@
{ lib, ... }:
{
options.networking =
with lib;
with types;
{
publicIPv4 = mkOption {
type = nullOr str;
description = "The public IPv4 address of this device.";
};
publicIPv6 = mkOption {
type = nullOr str;
description = "The public IPv6 address of this device.";
};
};
}

3
hosts/jupiter-vps/configs/wireguard/default.nix
View File

@@ -2,7 +2,6 @@
let let
jupiterConfig = inputs.self.nixosConfigurations.jupiter.config; jupiterConfig = inputs.self.nixosConfigurations.jupiter.config;
wireguardPort = 51821; wireguardPort = 51821;
jupiterPublicIPv4 = "51.89.210.124";
in in
{ {
boot.kernel.sysctl = { boot.kernel.sysctl = {
@@ -29,7 +28,7 @@ in
name = "jupiter"; name = "jupiter";
allowedIPs = [ allowedIPs = [
"10.0.0.2/32" "10.0.0.2/32"
"${jupiterPublicIPv4}/32" "${jupiterConfig.networking.publicIPv4}/32"
]; ];
publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter/wireguard_key.pub"; publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter/wireguard_key.pub";
} }

5
hosts/jupiter-vps/default.nix
View File

@@ -33,7 +33,10 @@
./configs/wireguard ./configs/wireguard
]; ];
networking.hostName = "jupiter-vps"; networking = {
hostName = "jupiter-vps";
publicIPv4 = "51.75.170.190";
};
environment.impermanence.enable = lib.mkForce false; environment.impermanence.enable = lib.mkForce false;

10
hosts/jupiter/configs/wireguard/default.nix
View File

@@ -7,8 +7,6 @@
let let
jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config; jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort; wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort;
jupiterVpsPublicIPv4 = "51.75.170.190";
jupiterPublicIPv4 = "51.89.210.124";
in in
{ {
sops.secrets."wireguard/client/vps" = { }; sops.secrets."wireguard/client/vps" = { };
@@ -29,21 +27,21 @@ in
{ {
ips = [ ips = [
"10.0.0.2/24" "10.0.0.2/24"
"${jupiterPublicIPv4}/32" "${config.networking.publicIPv4}/32"
]; ];
privateKeyFile = config.sops.secrets."wireguard/client/vps".path; privateKeyFile = config.sops.secrets."wireguard/client/vps".path;
inherit table; inherit table;
postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ]; postSetup = [ "${ip} rule add from ${config.networking.publicIPv4} table ${table}" ];
postShutdown = [ "${ip} rule del from ${jupiterPublicIPv4} table ${table}" ]; postShutdown = [ "${ip} rule del from ${config.networking.publicIPv4} table ${table}" ];
peers = [ peers = [
{ {
name = "jupiter-vps"; name = "jupiter-vps";
allowedIPs = [ "0.0.0.0/0" ]; allowedIPs = [ "0.0.0.0/0" ];
publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub"; publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub";
endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}"; endpoint = "${jupiterVpsConfig.networking.publicIPv4}:${builtins.toString wireguardPort}";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
]; ];

5
hosts/jupiter/default.nix
View File

@@ -52,7 +52,10 @@
./users/tv ./users/tv
]; ];
networking.hostName = "jupiter"; networking = {
hostName = "jupiter";
publicIPv4 = "51.89.210.124";
};
boot.initrd = { boot.initrd = {
luks.devices = { luks.devices = {