From 1655f3096d1cd6b9c3944720573dfbed541b148e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20SALVI?= Date: Mon, 8 Dec 2025 12:04:41 +0100 Subject: [PATCH] before flake update --- modules/optionnals/hosts/home-nix.nix | 6 ++ modules/optionnals/hosts/test-kvm.nix | 49 +++++++++++ modules/optionnals/server/starship.nix | 5 ++ modules/optionnals/server/wireguard-ui.nix | 97 ++++++++++++++++++++++ 4 files changed, 157 insertions(+) create mode 100644 modules/optionnals/server/wireguard-ui.nix diff --git a/modules/optionnals/hosts/home-nix.nix b/modules/optionnals/hosts/home-nix.nix index 862a3f7..3a5ef68 100644 --- a/modules/optionnals/hosts/home-nix.nix +++ b/modules/optionnals/hosts/home-nix.nix @@ -39,7 +39,11 @@ }; }; + #services.resolved.enable = false; + networking = { + #useNetworkd = true; + #useHostResolvConf = false; interfaces.enp5s0 = { ipv4.addresses = [ { @@ -54,10 +58,12 @@ }; nameservers = [ #"9.9.9.9" + "10.0.0.1" "2001:41d0:303:20da::1" "217.182.138.218" ]; extraHosts = '' + #172.18.229.240 test-mycarto.grandbesancon.fr 172.18.21.172 errorpages.grandbesancon.fr #172.18.23.4 dozzle.grandbesancon.fr #172.18.22.206 toto.grandbesancon.fr diff --git a/modules/optionnals/hosts/test-kvm.nix b/modules/optionnals/hosts/test-kvm.nix index 38bbe08..6c2bacf 100644 --- a/modules/optionnals/hosts/test-kvm.nix +++ b/modules/optionnals/hosts/test-kvm.nix @@ -11,6 +11,7 @@ ## Server ../server/starship.nix + ../server/wireguard-ui.nix ]; ## Enable virtualisation guest settings @@ -24,4 +25,52 @@ pkgs.spice-gtk # Outils SPICE pkgs.spice-protocol # Protocoles SPICE ]; + + systemd.network.links."10-eth0" = { + matchConfig.MACAddress = "52:54:00:a3:d7:56"; + linkConfig.Name = "eth0"; + }; + + systemd.network.netdevs."10-dummy0" = { + netdevConfig = { + Kind = "dummy"; + Name = "dummy0"; + }; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + + interfaces = { + dummy0 = { + ipv4.addresses = [ + { + address = "192.168.2.1"; + prefixLength = 24; + } + ]; + }; + eth0 = { + ipv4.addresses = [ + { + address = "192.168.122.10"; + prefixLength = 24; + } + ]; + }; + }; + defaultGateway = { + address = "192.168.122.1"; + interface = "eth0"; + }; + nameservers = [ + #"9.9.9.9" + "2001:41d0:303:20da::1" + "217.182.138.218" + ]; + extraHosts = '' + 172.18.21.172 errorpages.grandbesancon.fr + ''; + }; } diff --git a/modules/optionnals/server/starship.nix b/modules/optionnals/server/starship.nix index c013211..bb63b04 100644 --- a/modules/optionnals/server/starship.nix +++ b/modules/optionnals/server/starship.nix @@ -58,6 +58,11 @@ disabled = false; }; + fill = { + symbol = "─"; + style = "surface1"; + }; + kubernetes = { disabled = false; format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)"; diff --git a/modules/optionnals/server/wireguard-ui.nix b/modules/optionnals/server/wireguard-ui.nix new file mode 100644 index 0000000..3a914da --- /dev/null +++ b/modules/optionnals/server/wireguard-ui.nix @@ -0,0 +1,97 @@ +{ + pkgs, + ... +}: + +{ + environment.systemPackages = [ + pkgs.wireguard-tools + pkgs.wireguard-ui + ]; + + users.users.wireguard-ui = { + isSystemUser = true; + group = "wireguard-ui"; + home = "/var/lib/wireguard-ui"; + createHome = true; + description = "WireGuard UI service user"; + }; + + users.groups.wireguard-ui = { }; + + systemd = { + tmpfiles.rules = [ + "d /etc/wireguard 0750 wireguard-ui wireguard-ui -" + "d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -" + ]; + + services = { + wg-quick-wg0 = { + description = "WireGuard via wg-quick(8) for wg0"; + after = [ + "network-online.target" + "wireguard-ui.service" + ]; + wants = [ "network-online.target" ]; + wantedBy = [ + "multi-user.target" + "sshd.service" + ]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0"; + ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0"; + ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'"; + Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ]; + }; + }; + + wireguard-ui = { + description = "WireGuard UI"; + documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui"; + Restart = "on-failure"; + WorkingDirectory = "/var/lib/wireguard-ui"; + StateDirectory = "wireguard-ui"; + User = "wireguard-ui"; + Group = "wireguard-ui"; + ReadWritePaths = [ + "/var/lib/wireguard-ui" + "/etc/wireguard" + ]; + + Environment = [ + # "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}" + # "WGUI_DNS=${config.custom.wireguard-ui.dns}" + ]; + + AmbientCapabilities = "CAP_NET_ADMIN"; + }; + }; + + wg-quick-wg0-reload = { + description = "Reload WireGuard config"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service"; + }; + }; + }; + + paths.wg-quick-wg0-reload = { + description = "Watch /etc/wireguard/wg0.conf for changes"; + wantedBy = [ "multi-user.target" ]; + pathConfig = { + PathModified = "/etc/wireguard/wg0.conf"; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 5000 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; +}