ParkerTenBroeck/dotfiles
1
0
Fork 0
mirror of https://github.com/ParkerTenBroeck/dotfiles.git synced 2026-06-06 21:00:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

organized, fixed wireguard config

Browse source
This commit is contained in:
Parker TenBroeck 2026-05-23 11:13:59 -04:00
parent 1be91dfd0c
commit 079b1eb5d6
12 changed files with 139 additions and 70 deletions
Download patch file Download diff file Expand all files Collapse all files

11
common.nix
View file

@ -1,11 +0,0 @@
{
imports = [
./modules/home-manager.nix
./modules/locale.nix
./modules/shell
./modules/users/may.nix
./modules/ssh.nix
./modules/git.nix
./modules/cli.nix
];
}

2
encrypt.sh Executable file
View file

@ -0,0 +1,2 @@
sudo cat secrets/wireguard/server_priv | agenix -e secrets/wireguard/server_priv.age
sudo cat secrets/wireguard/home_psk | agenix -e secrets/wireguard/home_psk.age

12
hosts/common.nix Normal file
View file

@ -0,0 +1,12 @@
{
imports = [
../modules/agenix.nix
../modules/home-manager.nix
../modules/locale.nix
../modules/shell
../modules/users/may.nix
../modules/ssh.nix
../modules/git.nix
../modules/cli.nix
];
}

22
desktop.nix → hosts/desktop.nix
View file

@ -3,21 +3,21 @@
{ {
imports = [ imports = [
./common.nix ./common.nix
./modules/networking.nix ../modules/networking.nix
./modules/bluetooth.nix ../modules/bluetooth.nix
./modules/amd.nix ../modules/amd.nix
./modules/games/steam.nix ../modules/games/steam.nix
./modules/games/minecraft.nix ../modules/games/minecraft.nix
./modules/fonts.nix ../modules/fonts.nix
./modules/packages.nix ../modules/packages.nix
./modules/wireguard-server.nix ../modules/wireguard-server.nix
./modules/hyprland ../modules/hyprland
./modules/tex.nix ../modules/tex.nix
]; ];
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
networking.hostName = "nixos-desktop"; networking.hostName = "desktop";
networking.firewall.allowedTCPPorts = [ 51820 25565 42069 8000 8080 ]; networking.firewall.allowedTCPPorts = [ 51820 25565 42069 8000 8080 ];
home-manager.users.may.wayland.windowManager.hyprland.settings = { home-manager.users.may.wayland.windowManager.hyprland.settings = {

20
hosts/laptop.nix Normal file
View file

@ -0,0 +1,20 @@
{
imports = [
./common.nix
../modules/networking.nix
../modules/bluetooth.nix
../modules/games/steam.nix
../modules/games/minecraft.nix
../modules/fonts.nix
../modules/packages.nix
../modules/hyprland
../modules/tex.nix
];
nixpkgs.config.allowUnfree = true;
networking.hostName = "laptop";
system.stateVersion = "23.11";
home-manager.users.may.home.stateVersion = "25.11";
}

17
hosts/work.nix Normal file
View file

@ -0,0 +1,17 @@
{
imports = [
./common.nix
../modules/networking.nix
../modules/bluetooth.nix
../modules/fonts.nix
../modules/packages.nix
../modules/hyprland
];
nixpkgs.config.allowUnfree = true;
networking.hostName = "work";
system.stateVersion = "23.11";
home-manager.users.may.home.stateVersion = "25.11";
}

18
laptop.nix
View file

@ -1,18 +0,0 @@
{
imports = [
./common.nix
./modules/networking.nix
./modules/bluetooth.nix
./modules/steam.nix
./modules/fonts.nix
./modules/packages.nix
./modules/hyprland
];
nixpkgs.config.allowUnfree = true;
networking.hostName = "nixos-laptop";
system.stateVersion = "23.11";
home-manager.users.may.home.stateVersion = "25.11";
}

13
modules/agenix.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
let
agenixSrc = builtins.fetchTarball "https://github.com/ryantm/agenix/archive/main.tar.gz";
in {
imports = [
"${agenixSrc}/modules/age.nix"
];
environment.systemPackages = [
(pkgs.callPackage "${agenixSrc}/pkgs/agenix.nix" { })
];
}

13
modules/users/may.nix
View file

@ -12,18 +12,5 @@
username = "may"; username = "may";
homeDirectory = "/home/may"; homeDirectory = "/home/may";
}; };
home.packages = with pkgs; [
firefox
chromium
vlc
spotify
vscode
jetbrains.idea
obs-studio
gh
jetbrains.rust-rover
wayvnc
];
}; };
} }

56
modules/wireguard-server.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, pkgs, ... }:
let
wg-key-pub-home = builtins.readFile ../secrets/wireguard/home_pub;
in
{
age.secrets.wg-server-priv.file = ../secrets/wireguard/server_priv.age;
age.secrets.wg-home-psk.file = ../secrets/wireguard/home_psk.age;
networking.wireguard.enable = true;
# enable NAT
networking.nat = {
enable = true;
enableIPv6 = false;
externalInterface = "eno1";
internalInterfaces = [ "wg0" ];
};
networking.wireguard.interfaces.wg0 = {
ips = [ "10.6.0.1/24" ];
listenPort = 51820;
privateKeyFile = config.age.secrets.wg-server-priv.path;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o eno1 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.6.0.0/24 -o eno1 -j MASQUERADE
'';
peers = [
{
name = "Home";
publicKey = wg-key-pub-home;
presharedKeyFile = config.age.secrets.wg-home-psk.path;
allowedIPs = [ "10.6.0.2/32" ];
}
];
};
networking.firewall = {
allowedUDPPorts = [ 51820 ];
};
# Enable forwarding
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
}

8
secrets.nix Normal file
View file

@ -0,0 +1,8 @@
let
desktop_may = builtins.readFile ./secrets/ssh/desktop_may_pub;
desktop_host = builtins.readFile ./secrets/ssh/desktop_host_pub;
pub_keys = [ desktop_may desktop_host ];
in {
"secrets/wireguard/server_priv.age".publicKeys = pub_keys;
"secrets/wireguard/home_psk.age".publicKeys = pub_keys;
}

17
work.nix
View file

@ -1,17 +0,0 @@
{
imports = [
./common.nix
./modules/networking.nix
./modules/bluetooth.nix
./modules/fonts.nix
./modules/packages.nix
./modules/hyprland
];
nixpkgs.config.allowUnfree = true;
networking.hostName = "nixos-work-laptop";
system.stateVersion = "23.11";
home-manager.users.may.home.stateVersion = "25.11";
}