Add wireguard, ollama, openwebui

2025-10-06 17:11:31 +02:00
parent e9f5889194
commit 6a36122522
5 changed files with 76 additions and 18 deletions
--- a/modules/optionnals/hosts/home-nix.nix
+++ b/modules/optionnals/hosts/home-nix.nix
@@ -1,5 +1,5 @@
 {
-  pkgs,
+  config,
  ...
 }:
 {
@@ -11,7 +11,7 @@
    ../sops-desktop.nix
    ../ssh.nix
    ../sudo-nopasswd.nix
-    
+
    ### Import GUI modules
    ../desktop/code.nix
    ../desktop/dunst.nix
@@ -27,7 +27,15 @@
    ../desktop/nvidia.nix
  ];

-    networking = {
+  sops = {
+    secrets = {
+      "wireguard_home/publickey" = { };
+      "wireguard_home/presharedkey" = { };
+      "wireguard_home/privatekey" = { };
+    };
+  };
+
+  networking = {
    interfaces.enp5s0 = {
      ipv4.addresses = [
        {
@@ -54,8 +62,30 @@
      #172.18.20.229  auth.grandbesancon.fr
      #172.18.20.181  traefikauth.grandbesancon.fr
    '';
+    wireguard = {
+      interfaces = {
+        wg0 = {
+          ips = [
+            "fc00::2/56"
+            "10.0.0.2/16"
+          ];
+          listenPort = 51820;
+          privateKeyFile = config.sops.secrets."wireguard_home/privatekey".path;
+          peers = [
+            {
+              publicKey = "X8D/RhwjpFYXm2DbtC0wY39TrFkdaw7RA7kHhbmOXnw=";
+              presharedKeyFile = config.sops.secrets."wireguard_home/presharedkey".path;
+              allowedIPs = [
+                "fc00::0/56"
+                "10.0.0.0/16"
+                "10.1.0.0/16"
+              ];
+              endpoint = "[2001:41d0:303:20da::1]:51820";
+              persistentKeepalive = 15;
+            }
+          ];
+        };
+      };
+    };
  };
-  environment.systemPackages = [
-    pkgs.tor-browser
-  ];
 }