before flake update

2025-12-08 12:04:41 +01:00
parent 5fb0c51777
commit 1655f3096d
4 changed files with 157 additions and 0 deletions
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -39,7 +39,11 @@
    };
  };

+  #services.resolved.enable = false;
+
  networking = {
+    #useNetworkd = true;
+    #useHostResolvConf = false;
    interfaces.enp5s0 = {
      ipv4.addresses = [
        {
@@ -54,10 +58,12 @@
    };
    nameservers = [
      #"9.9.9.9"
+      "10.0.0.1"
      "2001:41d0:303:20da::1"
      "217.182.138.218"
    ];
    extraHosts = ''
+      #172.18.229.240  test-mycarto.grandbesancon.fr
      172.18.21.172     errorpages.grandbesancon.fr
      #172.18.23.4    dozzle.grandbesancon.fr
      #172.18.22.206  toto.grandbesancon.fr
--- a/modules/optionnals/hosts/test-kvm.nix
+++ b/modules/optionnals/hosts/test-kvm.nix
@@ -11,6 +11,7 @@

    ## Server
    ../server/starship.nix
+    ../server/wireguard-ui.nix
  ];

  ## Enable virtualisation guest settings
@@ -24,4 +25,52 @@
    pkgs.spice-gtk # Outils SPICE
    pkgs.spice-protocol # Protocoles SPICE
  ];
+
+  systemd.network.links."10-eth0" = {
+    matchConfig.MACAddress = "52:54:00:a3:d7:56";
+    linkConfig.Name = "eth0";
+  };
+
+  systemd.network.netdevs."10-dummy0" = {
+    netdevConfig = {
+      Kind = "dummy";
+      Name = "dummy0";
+    };
+  };
+
+  networking = {
+    useNetworkd = true;
+    useDHCP = false;
+
+    interfaces = {
+      dummy0 = {
+        ipv4.addresses = [
+          {
+            address = "192.168.2.1";
+            prefixLength = 24;
+          }
+        ];
+      };
+      eth0 = {
+        ipv4.addresses = [
+          {
+            address = "192.168.122.10";
+            prefixLength = 24;
+          }
+        ];
+      };
+    };
+    defaultGateway = {
+      address = "192.168.122.1";
+      interface = "eth0";
+    };
+    nameservers = [
+      #"9.9.9.9"
+      "2001:41d0:303:20da::1"
+      "217.182.138.218"
+    ];
+    extraHosts = ''
+      172.18.21.172     errorpages.grandbesancon.fr
+    '';
+  };
 }
--- a/modules/optionnals/server/starship.nix
+++ b/modules/optionnals/server/starship.nix
@@ -58,6 +58,11 @@
        disabled = false;
      };

+      fill = {
+        symbol = "─";
+        style = "surface1";
+      };
+
      kubernetes = {
        disabled = false;
        format = "[](fg:blue bg:base)[ ($namespace)/($cluster) ](fg:base bg:blue)[](bg:blue fg:mauve)";
--- a/modules/optionnals/server/wireguard-ui.nix
+++ b/modules/optionnals/server/wireguard-ui.nix
@@ -0,0 +1,97 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  environment.systemPackages = [
+    pkgs.wireguard-tools
+    pkgs.wireguard-ui
+  ];
+
+  users.users.wireguard-ui = {
+    isSystemUser = true;
+    group = "wireguard-ui";
+    home = "/var/lib/wireguard-ui";
+    createHome = true;
+    description = "WireGuard UI service user";
+  };
+
+  users.groups.wireguard-ui = { };
+
+  systemd = {
+    tmpfiles.rules = [
+      "d /etc/wireguard 0750 wireguard-ui wireguard-ui -"
+      "d /var/lib/wireguard-ui 0750 wireguard-ui wireguard-ui -"
+    ];
+
+    services = {
+      wg-quick-wg0 = {
+        description = "WireGuard via wg-quick(8) for wg0";
+        after = [
+          "network-online.target"
+          "wireguard-ui.service"
+        ];
+        wants = [ "network-online.target" ];
+        wantedBy = [
+          "multi-user.target"
+          "sshd.service"
+        ];
+
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+          ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up wg0";
+          ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down wg0";
+          ExecReload = "${pkgs.bash}/bin/bash -c 'exec ${pkgs.wireguard-tools}/bin/wg syncconf wg0 <(exec ${pkgs.wireguard-tools}/bin/wg-quick strip wg0)'";
+          Environment = [ "WG_ENDPOINT_RESOLUTION_RETRIES=infinity" ];
+        };
+      };
+
+      wireguard-ui = {
+        description = "WireGuard UI";
+        documentation = [ "https://github.com/ngoduykhanh/wireguard-ui" ];
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart = "${pkgs.wireguard-ui}/bin/wireguard-ui";
+          Restart = "on-failure";
+          WorkingDirectory = "/var/lib/wireguard-ui";
+          StateDirectory = "wireguard-ui";
+          User = "wireguard-ui";
+          Group = "wireguard-ui";
+          ReadWritePaths = [
+            "/var/lib/wireguard-ui"
+            "/etc/wireguard"
+          ];
+
+          Environment = [
+            # "WGUI_ENDPOINT_ADDRESS=${config.custom.wireguard-ui.endpointAddress}"
+            # "WGUI_DNS=${config.custom.wireguard-ui.dns}"
+          ];
+
+          AmbientCapabilities = "CAP_NET_ADMIN";
+        };
+      };
+
+      wg-quick-wg0-reload = {
+        description = "Reload WireGuard config";
+        serviceConfig = {
+          Type = "oneshot";
+          ExecStart = "${pkgs.systemd}/bin/systemctl reload wg-quick-wg0.service";
+        };
+      };
+    };
+
+    paths.wg-quick-wg0-reload = {
+      description = "Watch /etc/wireguard/wg0.conf for changes";
+      wantedBy = [ "multi-user.target" ];
+      pathConfig = {
+        PathModified = "/etc/wireguard/wg0.conf";
+      };
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 5000 ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+}