configure remote wake on lan and ipv6

2025-12-12 07:50:43 +01:00
parent 792fe03d93
commit 2a751ee1d4
7 changed files with 91 additions and 30 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -23,11 +23,11 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1763731770,
-        "narHash": "sha256-ThIVf8jtBOKV7JzShnL/gzHEm7axiLshPie8BYkMYAI=",
+        "lastModified": 1765518969,
+        "narHash": "sha256-hKJGo0+i7xHDMhN8kicOLT0PA8x8zRzleQs2I2XWVLg=",
        "ref": "refs/heads/main",
-        "rev": "07b3f415bd89a6b571f154278c1d9b6b5ca9e473",
-        "revCount": 16,
+        "rev": "e1c2c590e4655cf887173478765663d20a7efffd",
+        "revCount": 19,
        "type": "git",
        "url": "file:///home/beastie/nixos/secrets"
      },
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -3,9 +3,6 @@
  pkgs,
  ...
 }:
-let
-  lanIface = "enp5s0";
-in
 {
  imports = [
    #../ai.nix
@@ -16,7 +13,7 @@ in
    ../options.nix
    ../packages.nix
    ../sops-desktop.nix
-    ../sshd.nix
+    ../ssh.nix
    ../sudo-nopasswd.nix
    ../wakeonlan.nix

@@ -36,7 +33,10 @@ in
    ../desktop/nvidia.nix
  ];

-  my.lanInterface = "enp5s0";
+  my.laninterface = "enp5s0";
+  my.ipv4address = "192.168.0.2";
+  my.ipv4netmask = 24;
+  my.ipv4gateway = "192.168.0.254";

  sops = {
    secrets = {
@@ -51,17 +51,17 @@ in
  networking = {
    #useNetworkd = true;
    #useHostResolvConf = false;
-    interfaces.${config.my.lanInterface} = {
+    interfaces.${config.my.laninterface} = {
      ipv4.addresses = [
        {
-          address = "192.168.0.2";
-          prefixLength = 24;
+          address = config.my.ipv4address;
+          prefixLength = config.my.ipv4netmask;
        }
      ];
    };
    defaultGateway = {
-      address = "192.168.0.254";
-      interface = "${config.my.lanInterface}";
+      address = config.my.ipv4gateway;
+      interface = config.my.laninterface;
    };
    nameservers = [
      #"9.9.9.9"
@@ -105,5 +105,27 @@ in
      };
    };
  };
+
+  sops.secrets."home-nix/myipv6address" = { };
+
+  systemd.services.ipv6-setup = {
+    description = "Configure IPv6";
+    after = [
+      "network.target"
+      "sops-nix.service"
+    ];
+    wants = [ "sops-nix.service" ];
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+      ExecStart = pkgs.writeShellScript "setup-ipv6" ''
+        ${pkgs.iproute2}/bin/ip -6 addr add $(cat ${
+          config.sops.secrets."home-nix/myipv6address".path
+        })/64 dev ${config.my.laninterface} || true
+      '';
+    };
+  };
+
  environment.systemPackages = [ pkgs.tor-browser ];
 }
--- a/modules/optionnals/hosts/work-nix.nix
+++ b/modules/optionnals/hosts/work-nix.nix
@@ -10,7 +10,7 @@
    ../openfortivpn.nix
    ../packages.nix
    ../sops-desktop.nix
-    ../sshd.nix
+    ../ssh.nix
    ../sudo-nopasswd.nix

    ### Import GUI modules
--- a/modules/optionnals/options.nix
+++ b/modules/optionnals/options.nix
@@ -3,8 +3,24 @@
  ...
 }:
 {
-  options.my.lanInterface = lib.mkOption {
+  options.my.laninterface = lib.mkOption {
    type = lib.types.str;
    default = "enp5s0";
  };
+  options.my.ipv4address = lib.mkOption {
+    type = lib.types.str;
+    default = "127.0.0.1";
+  };
+  options.my.ipv4netmask = lib.mkOption {
+    type = lib.types.int;
+    default = 8;
+  };
+  options.my.ipv4gateway = lib.mkOption {
+    type = lib.types.str;
+    default = "127.0.0.254";
+  };
+  options.my.wolipv6address = lib.mkOption {
+    type = lib.types.str;
+    default = "fc::0";
+  };
 }
--- a/modules/optionnals/sops-desktop.nix
+++ b/modules/optionnals/sops-desktop.nix
@@ -61,6 +61,16 @@ in
        mode = "0600";
        path = "/home/${username}/.ssh/id_ed25519_gitea_semaphore";
      };
+      "ssh_keys/wol_pub" = {
+        owner = "${username}";
+        mode = "0644";
+        path = "/home/${username}/.ssh/id_ed25519_wol";
+      };
+      "ssh_keys/wol_priv" = {
+        owner = "${username}";
+        mode = "0600";
+        path = "/home/${username}/.ssh/id_ed25519_wol.priv";
+      };
    };
  };
 }
--- a/modules/optionnals/sshd.nix
+++ b/modules/optionnals/sshd.nix
--- a/modules/optionnals/wakeonlan.nix
+++ b/modules/optionnals/wakeonlan.nix
@@ -5,30 +5,43 @@
  ...
 }:
 {
-  systemd.services."wol@$${config.my.lanInterface}" = {
-    description = "Wake-on-LAN for ${config.my.lanInterface}";
+  systemd.services."wol${config.my.laninterface}" = {
+    description = "Wake-on-LAN for ${config.my.laninterface}";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      Type = "oneshot";
-      ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.lanInterface} wol g";
+      ExecStart = "${pkgs.ethtool}/bin/ethtool -s ${config.my.laninterface} wol g";
      RandomizedDelaySec = "30s";
    };
  };
  environment.systemPackages = [ pkgs.ethtool ];

-  boot.initrd.network = {
+  my.wolipv6address = "2a01:e0a:9cc:99d0:8f3a:6b2c:41d7:e9f5";
+
+  boot.initrd = {
+    network = {
      enable = true;
      ssh = {
        enable = true;
-      port = 2222;
+        port = 65234;
        authorizedKeys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKMJ3TkEmRQcX7RQijNa2km6a2xXJk6M6FERh7C9nTJ"
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ2+PXfG/37rsvcVr2RAHzXmGHMr8+8iBH//1YS+zWd3"
        ]; # ta clé publique
        hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ];
      };
+      postCommands = ''
+        ip -6 addr add ${config.my.wolipv6address}/64 dev ${config.my.laninterface}
+        ip -6 route add default via fe80::224:d4ff:fea5:65bd dev ${config.my.laninterface}
+      '';
    };
-  boot.kernelParams = [
-    "ip=192.168.0.2::192.168.0.254:255.255.255.0:${hostname}:${config.my.lanInterface}:off"
+    availableKernelModules = [ "r8169" ];
+
+  };
+
+  boot = {
+    kernelParams = [
+      "ip=${config.my.ipv4address}::255.255.255.0:${config.my.ipv4gateway}:${hostname}:${config.my.laninterface}:off"
    ];
+  };
 }