add(nixos): wireguard (to be fixed)

2025-12-06 14:49:14 +00:00 · 2023-12-29 12:34:51 +01:00 · 2023-12-29 12:34:51 +01:00 · 17d53ed6bb
commit 17d53ed6bb
parent 06c5939c46
5 changed files with 68 additions and 25 deletions
--- a/nix/hosts/thinkpad/networking.nix
+++ b/nix/hosts/thinkpad/networking.nix
@ -1,30 +1,20 @@
-{
-  config,
-  hostname,
-  pkgs,
-  lib,
-  ...
-}: {
+{ config, hostname, pkgs, lib, ... }: {
  networking.hostName = hostname;
-  age = {
-    identityPaths = ["/home/leana/.ssh/id_ed25519"];
-    secrets.truenas_smb.file = ../../secrets/truenas_smb.age;
-    secrets.wpa_password.file = ../../secrets/wpa_password.age;
-  };

  networking.networkmanager.enable = lib.mkForce false;

  services.openssh.enable = true;

-  environment.systemPackages = [pkgs.cifs-utils];
+  environment.systemPackages = [ pkgs.cifs-utils ];
  fileSystems."/mnt/data" = {
    device = "//10.0.0.20/data";
    fsType = "cifs";
    options = let
-      prevent_hanging = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
+      prevent_hanging =
+        "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
      auth = "credentials=${config.age.secrets.truenas_smb.path}";
      uid = "uid=${toString config.users.users.leana.uid}";
-    in ["${prevent_hanging},${auth},${uid}"];
+    in [ "${prevent_hanging},${auth},${uid}" ];
  };

  networking.wireless = {
@ -32,8 +22,30 @@
    userControlled.enable = true;
    environmentFile = config.age.secrets.wpa_password.path;
    # To add networks: https://nixos.wiki/wiki/Wpa_supplicant
-    networks = {
-      "HiddenParadize@Earth2077".psk = "@HOME@";
-    };
+    networks = { "HiddenParadize@Earth2077".psk = "@HOME@"; };
  };
+
+  # # FIXME: doesn't work
+  # #
+  # # We need to rewire default gateway, but this is stupid for a laptop setup
+  # # https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+  # networking.firewall = { allowedUDPPorts = [ 660 ]; };
+  # networking.wireguard.interfaces = {
+  #   wg0 = {
+  #     ips = [ "10.66.66.50/32" ];
+  #     # listenPort = 660;
+  #     privateKeyFile = config.age.secrets.wireguard_priv.path;
+  #     peers = [{
+  #       publicKey = "amb6icauPN4P/suyNZoPsVVkB5+MiAnhFF6hIeUiNFE=";
+  #       presharedKeyFile = config.age.secrets.wireguard_psk.path;
+  #       allowedIPs = [
+  #         "10.0.0.0/23"
+  #         # "0.0.0.0/24"
+  #       ];
+  #       endpoint = "earth2077.fr:660";
+  #       persistentKeepalive = 25;
+  #     }];
+  #   };
+  # };
+
 }