feat: nb change networking and add projects

2026-02-01 14:23:27 +01:00 · 2026-02-01 14:23:27 +01:00 · 25580ded3b
commit 25580ded3b
parent cb67ba33ac
4 changed files with 69 additions and 30 deletions
--- a/hosts/nb/configuration.nix
+++ b/hosts/nb/configuration.nix
@ -40,6 +40,7 @@ in {
      # ./modules/steam.nix
      ./modules/fingerprint.nix
      ./modules/set-nix-channel.nix
+      ./modules/networking.nix

      ./hardware-configuration.nix
    ];
@ -249,36 +250,6 @@ in {
    };
  };

-  networking.wireguard.interfaces = {
-    wg0 = {
-      ips = [ "10.42.98.201/32" ];
-      # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=
-      privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
-
-      peers = [
-        {
-          publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-          allowedIPs = [
-            "10.42.96.0/20"
-            # wohnservice-wien
-            "10.254.240.0/24"
-            "10.254.235.0/24"
-            # epicenter.works
-            "10.14.0.0/16"
-            "10.25.0.0/16"
-            "188.34.191.144/32" # web-arm
-            "91.107.201.241" # mail
-          ];
-          endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
-          persistentKeepalive = 25;
-        }
-      ];
-      postSetup = ''
-        printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x
-      '';
-    };
-  };
-
  # pgp
  services.pcscd.enable = true;
  programs.gnupg.agent = {