Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add ddns, wireguard server

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-11-11 10:30:01 +01:00
parent 629c2abe16
commit a8e4d55e22
4 changed files with 92 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/fw.cloonar.com/configuration.nix
View File

@@ -17,6 +17,7 @@
./modules/unbound.nix ./modules/unbound.nix
./modules/avahi.nix ./modules/avahi.nix
./modules/openconnect.nix ./modules/openconnect.nix
./modules/wireguard.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];

62
hosts/fw.cloonar.com/modules/dhcp4.nix
View File

@@ -27,6 +27,12 @@
]; ];
subnet = "10.42.96.0/24"; subnet = "10.42.96.0/24";
interface = "lan"; interface = "lan";
option-data = [
{
name = "domain-name";
value = "cloonar.com";
}
];
reservations = [ reservations = [
{ {
hw-address = "98:b6:e9:b6:ef:f4"; hw-address = "98:b6:e9:b6:ef:f4";
@@ -53,6 +59,12 @@
]; ];
subnet = "10.42.97.0/24"; subnet = "10.42.97.0/24";
interface = "server"; interface = "server";
option-data = [
{
name = "domain-name";
value = "cloonar.com";
}
];
reservations = [ reservations = [
{ {
hw-address = "0a:0e:52:a2:f7:8e"; hw-address = "0a:0e:52:a2:f7:8e";
@@ -74,6 +86,12 @@
]; ];
subnet = "10.42.99.0/24"; subnet = "10.42.99.0/24";
interface = "multimedia"; interface = "multimedia";
option-data = [
{
name = "domain-name";
value = "cloonar.multimedia";
}
];
} }
{ {
pools = [ pools = [
@@ -92,6 +110,12 @@
]; ];
subnet = "10.42.254.0/24"; subnet = "10.42.254.0/24";
interface = "smart"; interface = "smart";
option-data = [
{
name = "domain-name";
value = "cloonar.smart";
}
];
reservations = [ reservations = [
{ {
hw-address = "7a:5a:d6:d0:29:fe"; hw-address = "7a:5a:d6:d0:29:fe";
@@ -162,7 +186,45 @@
} }
]; ];
dhcp-ddns = { dhcp-ddns = {
ip-address = "127.0.0.1";
port = 53001;
enable-updates = true; enable-updates = true;
forward-ddns = {
ddns-domains = [
{
name = "cloonar.com.";
key-name = "dhcp1-ns1";
dns-servers = [
{ ip-address = "127.0.0.1" }
];
}
{
name = "cloonar.smart.";
key-name = "dhcp1-ns1";
dns-servers = [
{ ip-address = "127.0.0.1" }
];
}
{
name = "cloonar.multimedia.";
key-name = "dhcp1-ns1";
dns-servers = [
{ ip-address = "127.0.0.1" }
];
}
];
};
reverse-ddns = {
ddns-domains = [
{
name = "42.10.in-addr.arpa.";
key-name = "dhcp1-ns1";
dns-servers = [
{ ip-address = "127.0.0.1" }
];
}
];
};
}; };
valid-lifetime = 4000; valid-lifetime = 4000;
}; };

8
hosts/fw.cloonar.com/modules/unbound.nix
View File

@@ -3,6 +3,7 @@
enable = true; enable = true;
server = { server = {
interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ]; interface = [ "10.42.96.1" "10.42.97.1" "10.42.99.1" "10.42.254.1" ];
tls-cert-bundle = "/var/lib/acme/fw.cloonar.com/fullchain.pem"
}; };
local-data = [ local-data = [
"localhost A 127.0.0.1" "localhost A 127.0.0.1"
@@ -65,7 +66,6 @@
"10.42.97.9 cl-storage-01.cloonar.com" "10.42.97.9 cl-storage-01.cloonar.com"
"10.42.97.118 git.cloonar.com" "10.42.97.118 git.cloonar.com"
"10.254.235.22 stage.wsw.at" "10.254.235.22 stage.wsw.at"
"10.254.217.23 prod.wsw.at" "10.254.217.23 prod.wsw.at"
"10.254.240.109 wohnservice-wien.at" "10.254.240.109 wohnservice-wien.at"
@@ -113,4 +113,10 @@
} }
]; ];
}; };
security.acme.certs.fw = {
domain = "fw.cloonar.com";
user = config.services.unbound.user;
group = config.services.unbound.group;
};
} }

22
hosts/fw.cloonar.com/modules/wireguard.nix Normal file
View File

@@ -0,0 +1,22 @@
{ ... }: {
sops.secrets.wg0_key = {};
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.42.98.1/24" ];
listenPort = 51820;
# publicKey: TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=
privateKeyFile = config.sops.secrets.wg0_key.path;
peers = [
{ # Notebook
publicKey = "YdlRGsjh4hS3OMJI+t6SZ2eGXKbs0wZBXWudHW4NyS8=";
allowedIPs = [ "10.42.98.201/32" ];
}
{ # iPhone
publicKey = "nkm10abmwt2G8gJXnpqel6QW5T8aSaxiqqGjE8va/A0=";
allowedIPs = [ "10.42.98.202/32" ];
}
];
};
};
}