beastie/dev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

before flake update

Browse Source
This commit is contained in:
Jérémie SALVI
2025-12-08 12:04:41 +01:00
parent 5fb0c51777
commit 1655f3096d
4 changed files with 157 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/optionnals/hosts/home-nix.nix
View File

@@ -39,7 +39,11 @@
}; };
}; };
#services.resolved.enable = false;
networking = { networking = {
#useNetworkd = true;
#useHostResolvConf = false;
interfaces.enp5s0 = { interfaces.enp5s0 = {
ipv4.addresses = [ ipv4.addresses = [
{ {
@@ -54,10 +58,12 @@
}; };
nameservers = [ nameservers = [
#"9.9.9.9" #"9.9.9.9"
"10.0.0.1"
"2001:41d0:303:20da::1" "2001:41d0:303:20da::1"
"217.182.138.218" "217.182.138.218"
]; ];
extraHosts = '' extraHosts = ''
#172.18.229.240 test-mycarto.grandbesancon.fr
172.18.21.172 errorpages.grandbesancon.fr 172.18.21.172 errorpages.grandbesancon.fr
#172.18.23.4 dozzle.grandbesancon.fr #172.18.23.4 dozzle.grandbesancon.fr
#172.18.22.206 toto.grandbesancon.fr #172.18.22.206 toto.grandbesancon.fr

49
modules/optionnals/hosts/test-kvm.nix
View File

@@ -11,6 +11,7 @@
## Server ## Server
../server/starship.nix ../server/starship.nix
../server/wireguard-ui.nix
]; ];
## Enable virtualisation guest settings ## Enable virtualisation guest settings
@@ -24,4 +25,52 @@
pkgs.spice-gtk # Outils SPICE pkgs.spice-gtk # Outils SPICE
pkgs.spice-protocol # Protocoles SPICE pkgs.spice-protocol # Protocoles SPICE
]; ];
systemd.network.links."10-eth0" = {
matchConfig.MACAddress = "52:54:00:a3:d7:56";
linkConfig.Name = "eth0";
};
systemd.network.netdevs."10-dummy0" = {
netdevConfig = {
Kind = "dummy";
Name = "dummy0";
};
};
networking = {
useNetworkd = true;
useDHCP = false;
interfaces = {
dummy0 = {
ipv4.addresses = [
{
address = "192.168.2.1";
prefixLength = 24;
}
];
};
eth0 = {
ipv4.addresses = [
{
address = "192.168.122.10";
prefixLength = 24;
}
];
};
};
defaultGateway = {
address = "192.168.122.1";
interface = "eth0";
};
nameservers = [
#"9.9.9.9"
"2001:41d0:303:20da::1"
"217.182.138.218"
];
extraHosts = ''
172.18.21.172 errorpages.grandbesancon.fr
'';
};
} }

5
modules/optionnals/server/starship.nix
View File

@@ -58,6 +58,11 @@
disabled = false; disabled = false;
}; };
fill = {
symbol = "";
style = "surface1";
};
kubernetes = { kubernetes = {
disabled = false; disabled = false;
format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)"; format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";

97
modules/optionnals/server/wireguard-ui.nix Normal file
View File

@@ -0,0 +1,97 @@
{
pkgs,
...
}:
{
environment.systemPackages = [
pkgs.wireguard-tools
pkgs.wireguard-ui
];
users.users.wireguard-ui = {
isSystemUser = true;
group = "wireguard-ui";
home = "/var/lib/wireguard-ui";
createHome = true;
description = "WireGuard UI service user";
};
users.groups.wireguard-ui = { };
systemd = {
tmpfiles.rules = [
"d /etc/wireguard 0750 wireguard-ui wireguard-ui -"
"d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -"
];
services = {
wg-quick-wg0 = {
description = "WireGuard via wg-quick(8) for wg0";
after = [
"network-online.target"
"wireguard-ui.service"
];
wants = [ "network-online.target" ];
wantedBy = [
"multi-user.target"
"sshd.service"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'";
Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ];
};
};
wireguard-ui = {
description = "WireGuard UI";
documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ];
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui";
Restart = "on-failure";
WorkingDirectory = "/var/lib/wireguard-ui";
StateDirectory = "wireguard-ui";
User = "wireguard-ui";
Group = "wireguard-ui";
ReadWritePaths = [
"/var/lib/wireguard-ui"
"/etc/wireguard"
];
Environment = [
# "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}"
# "WGUI_DNS=${config.custom.wireguard-ui.dns}"
];
AmbientCapabilities = "CAP_NET_ADMIN";
};
};
wg-quick-wg0-reload = {
description = "Reload WireGuard config";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service";
};
};
};
paths.wg-quick-wg0-reload = {
description = "Watch /etc/wireguard/wg0.conf for changes";
wantedBy = [ "multi-user.target" ];
pathConfig = {
PathModified = "/etc/wireguard/wg0.conf";
};
};
};
networking.firewall.allowedTCPPorts = [ 5000 ];
networking.firewall.allowedUDPPorts = [ 51820 ];
}