many changes

2024-02-16 22:24:54 +01:00
parent b4bf0ee486
commit 5ebcd0818b
22 changed files with 532 additions and 338 deletions
--- a/hosts/nb-01.cloonar.com/configuration.nix
+++ b/hosts/nb-01.cloonar.com/configuration.nix
@@ -75,6 +75,7 @@
  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
  networking.extraHosts = ''
    10.25.0.25 archive.zeichnemit.at
+    5.9.131.26 old.epicenter.works
    # 10.25.0.25 epicenter.works en.epicenter.works
    127.0.0.1 wohnservice.local mieterhilfe.local wohnpartner.local wohnberatung.local wienbautvor.local wienwohntbesser.local
    127.0.0.1 wohnservice-wien.local mieterhilfe.local wohnpartner-wien.local wohnberatung-wien.local wienbautvor.local wienwohntbesser.local
@@ -121,6 +122,7 @@
    winetricks
    git-filter-repo
    ykfde
+    nix-prefetch-git
  ];

  environment.variables = {
@@ -192,27 +194,28 @@
       ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport 51820 -j RETURN || true
     '';
  };
-  # networking.wireguard.interfaces = {
-  #   wg0 = {
-  #     # Determines the IP address and subnet of the client's end of the tunnel interface.
-  #     ips = [ "10.42.98.201/32" ];
-  #     # Path to the private key file.
-  #     #
-  #     # Note: The private key can also be included inline via the privateKey option,
-  #     # but this makes the private key world-readable; thus, using privateKeyFile is
-  #     # recommended.
-  #     privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
-  #
-  #     peers = [
-  #       {
-  #         publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-  #         allowedIPs = [ "10.42.97.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
-  #         endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
-  #         persistentKeepalive = 25;
-  #       }
-  #     ];
-  #   };
-  # };
+  networking.wireguard.interfaces = {
+    wg0 = {
+      # Determines the IP address and subnet of the client's end of the tunnel interface.
+      ips = [ "10.42.98.201/32" ];
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      # publicKey: YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=
+      privateKeyFile = config.sops.secrets.wg-cloonar-key.path;
+
+      peers = [
+        {
+          publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
+          allowedIPs = [ "10.42.96.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
+          endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };

  # Facial recognition "Windows hello"
  # services.ir-toggle.enable = true;