Make hyprland + network config system dependent

2023-04-26 20:40:29 +02:00
parent 1eabf9a160
commit 5b2dab3946
7 changed files with 187 additions and 165 deletions
--- a/config/hyprland/hyprland.conf
+++ b/config/hyprland/hyprland.conf
@ -1,34 +1,9 @@
-########################################################################################
+# Source a file (multi-file configs)
-AUTOGENERATED HYPR CONFIG.
+# source = ~/.config/hypr/myColors.conf
-PLEASE USE THE CONFIG PROVIDED IN THE GIT REPO /examples/hypr.conf AND EDIT IT,
+source = ~/.config/hypr/polkit.conf # NOTE: This needs to be sourced, because NixOS fills in the polkit executable path
-OR EDIT THIS ONE ACCORDING TO THE WIKI INSTRUCTIONS.
+source = ~/.config/hypr/waybar-reload.conf
-########################################################################################
+source = ~/.config/hypr/monitors.conf # NOTE: This file is different for each system
-
+source = ~/.config/hypr/input.conf
 #
 # Please note not all available settings / options are set here.
 # For a full list, see the wiki
 #
 # autogenerated = 1 # remove this line to remove the warning
 # See https://wiki.hyprland.org/Configuring/Monitors/
 # monitor=,preferred,auto,auto
 monitor = HDMI-A-1, 2560x1440@144, 1920x0, 1
 monitor = HDMI-A-2, 1920x1080@60, 0x0, 1
 # I have the first 9 workspaces on the main monitor, the last one on the secondary monitor
 wsbind = 1, HDMI-A-1
 wsbind = 2, HDMI-A-1
 wsbind = 3, HDMI-A-1
 wsbind = 4, HDMI-A-1
 wsbind = 5, HDMI-A-1
 wsbind = 6, HDMI-A-1
 wsbind = 7, HDMI-A-1
 wsbind = 8, HDMI-A-1
 wsbind = 9, HDMI-A-1
 wsbind = 10, HDMI-A-2
 # See https://wiki.hyprland.org/Configuring/Keywords/ for more
 # Execute your favorite apps at launch
 # exec-once = waybar
@ -44,33 +19,6 @@ exec-once = wl-paste -t text --watch clipman store --no-persist
 exec-once = wl-paste -p -t text --watch clipman store -P --histpath="~/.local/share/clipman-primary.json"
 exec-once = hyprctl setcursor Bibata-Modern-Classic 16
 # Source a file (multi-file configs)
 # source = ~/.config/hypr/myColors.conf
 source = ~/.config/hypr/polkit.conf # NOTE: This needs to be sourced, because NixOS fills in the polkit executable path
 source = ~/.config/hypr/waybar-reload.conf
 # TODO: Move keybindings, rules and appearance to other files
 # Some default env vars.
 # env = XCURSOR_SIZE,24
 # For all categories, see https://wiki.hyprland.org/Configuring/Variables/
 input {
    kb_layout = us
    kb_variant = altgr-intl
    kb_model = pc104
    kb_options =
    kb_rules =
    follow_mouse = 1
    touchpad {
        natural_scroll = no
    }
    sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
 }
 general {
    # See https://wiki.hyprland.org/Configuring/Variables/ for more
--- a/home/christoph/default.nix
+++ b/home/christoph/default.nix
@ -95,15 +95,6 @@ rec {
      };
    };
    hyprland = {
      enable = true;
      theme = "Three-Bears";
      # TODO:
      # papirusIcons = true;
      # bibataCursor = true;
    };
    # TODO:
    # plasma = {
    #   enable = false;
--- a/home/christoph/nixinator/default.nix
+++ b/home/christoph/nixinator/default.nix
@ -17,6 +17,32 @@ rec {
  config = {
    modules = {
      hyprland = {
        enable = true;
        theme = "Three-Bears";
        kb-layout = "us";
        kb-variant = "altgr-intl";
        monitors = ''
          # See https://wiki.hyprland.org/Configuring/Monitors/
          monitor = HDMI-A-1, 2560x1440@144, 1920x0, 1
          monitor = HDMI-A-2, 1920x1080@60, 0x0, 1
          # I have the first 9 workspaces on the main monitor, the last one on the secondary monitor
          wsbind = 1, HDMI-A-1
          wsbind = 2, HDMI-A-1
          wsbind = 3, HDMI-A-1
          wsbind = 4, HDMI-A-1
          wsbind = 5, HDMI-A-1
          wsbind = 6, HDMI-A-1
          wsbind = 7, HDMI-A-1
          wsbind = 8, HDMI-A-1
          wsbind = 9, HDMI-A-1
          wsbind = 10, HDMI-A-2
        '';
      };
      audio = {
        enable = false;
--- a/home/christoph/nixtop/default.nix
+++ b/home/christoph/nixtop/default.nix
@ -17,6 +17,29 @@ rec {
  config = {
    modules = {
      hyprland = {
        enable = true;
        theme = "Three-Bears";
        kb-lalyout = "de";
        kb-variant = "nodeadkeys";
        monitors = ''
          # See https://wiki.hyprland.org/Configuring/Monitors/
          monitor = eDP-1, 1920x1080@60, 0x0, 1
          # I have the first 9 workspaces on the main monitor, the last one on the secondary monitor
          wsbind = 1, eDP-1
          wsbind = 2, eDP-1
          wsbind = 3, eDP-1
          wsbind = 4, eDP-1
          wsbind = 5, eDP-1
          wsbind = 6, eDP-1
          wsbind = 7, eDP-1
          wsbind = 8, eDP-1
          wsbind = 9, eDP-1
        '';
      };
    };
    home.packages = with pkgs; [
--- a/system/default.nix
+++ b/system/default.nix
@ -115,112 +115,72 @@
  # TODO: Networking system module
  # NOTE: The systemd networking options are not very flexible, so this will be a problem for the laptop. (=> Use IWD for WiFi)
-  systemd = {
+  systemd.services = let
-    network = let
+    # TODO: IPv6 Configuration
-      eth-interface = "enp0s31f6";
+    wgup = interface: privatekey: publickey: endpoint: ''
-      wireless-interface = "";
+      #! ${pkgs.bash}/bin/bash
-    in {
+      ${pkgs.iproute}/bin/ip link add ${interface} type wireguard
-      enable = true;
+      ${pkgs.iproute}/bin/ip link set ${interface} netns vpn
      ${pkgs.iproute}/bin/ip netns exec vpn ${pkgs.wireguard-tools}/bin/wg set ${interface} \
        private-key /home/christoph/.secrets/wireguard/${privatekey} \
        peer ${publickey} \
        allowed-ips 0.0.0.0/0 \
        endpoint ${endpoint}:51820
      ${pkgs.iproute}/bin/ip -n vpn addr add 10.2.0.2/32 dev ${interface}
      ${pkgs.iproute}/bin/ip -n vpn link set ${interface} up
      ${pkgs.iproute}/bin/ip -n vpn route add default dev ${interface}
    '';
-      # LAN
+    wgdown = interface: ''
-      networks."50-ether" = {
+      #! ${pkgs.bash}/bin/bash
-        # name = "enp0s31f6"; # Network interface name?
+      ${pkgs.iproute}/bin/ip -n vpn link del ${interface}
-        enable = true;
+    '';
  in {
    # See https://reflexivereflection.com/posts/2018-12-18-wireguard-vpn-with-network-namespace-on-nixos.html
    # See https://try.popho.be/vpn-netns.html#automatic-with-a-systemd.service5
    # This namespace contains the WireGuard virtual network device, because this should be the only interface available for apps that should run through VPN
    netns-vpn = {
      description = "Network namespace for ProtonVPN using Wireguard";
      wantedBy = ["default.target"];
      before = ["display-manager.service" "network.target"];
      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
-        # See man systemd.link, man systemd.netdev, man systemd.network
+        ExecStart = pkgs.writeScript "create-vpn-netns" ''
-        matchConfig = {
+          #! ${pkgs.bash}/bin/bash
-          # This corresponds to the [MATCH] section
+          ${pkgs.iproute}/bin/ip netns add vpn # Create the Namespace
-          Name = eth-interface; # Match ethernet interface
+          ${pkgs.iproute}/bin/ip -n vpn link set lo up # Enable the Loopback device
-        };
+        '';
-        # See man systemd.network
+        ExecStop = "${pkgs.iproute}/bin/ip netns del vpn";
        networkConfig = {
          # This corresponds to the [NETWORK] section
          DHCP = "yes";
          # TODO: What does this all do?
          # IPv6AcceptRA = true;
          # MulticastDNS = "yes"; # Needed?
          # LLMNR = "no"; # Needed?
          # LinkLocalAddressing = "no"; # Needed?
        };
        linkConfig = {
          # This corresponds to the [LINK] section
          # RequiredForOnline = "routable";
        };
      };
      # TODO: WiFi Hotspot?
    };
-    services = let
+    # TODO: This should be parametrized
-      # TODO: IPv6 Configuration
+    #       - Each server should get its own link?
-      wgup = interface: privatekey: publickey: endpoint: ''
+    #       - The endpoints/public keys should be in a map?
-        #! ${pkgs.bash}/bin/bash
+    wg0-DE-115 = {
-        ${pkgs.iproute}/bin/ip link add ${interface} type wireguard
+      description = "Wireguard ProtonVPN Server DE-115";
-        ${pkgs.iproute}/bin/ip link set ${interface} netns vpn
+      requires = ["netns-vpn.service"];
-        ${pkgs.iproute}/bin/ip netns exec vpn ${pkgs.wireguard-tools}/bin/wg set ${interface} \
+      after = ["netns-vpn.service"];
-          private-key /home/christoph/.secrets/wireguard/${privatekey} \
+      serviceConfig = {
-          peer ${publickey} \
+        Type = "oneshot";
-          allowed-ips 0.0.0.0/0 \
+        RemainAfterExit = true;
-          endpoint ${endpoint}:51820
+        ExecStart = pkgs.writeScript "DE-115-up" (wgup "wg0-de-115" "proton-de-115.key" "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic=" "194.126.177.14");
-        ${pkgs.iproute}/bin/ip -n vpn addr add 10.2.0.2/32 dev ${interface}
+        ExecStop = pkgs.writeScript "DE-115-down" (wgdown "wg0-de-115");
        ${pkgs.iproute}/bin/ip -n vpn link set ${interface} up
        ${pkgs.iproute}/bin/ip -n vpn route add default dev ${interface}
      '';
      wgdown = interface: ''
        #! ${pkgs.bash}/bin/bash
        ${pkgs.iproute}/bin/ip -n vpn link del ${interface}
      '';
    in {
      # See https://reflexivereflection.com/posts/2018-12-18-wireguard-vpn-with-network-namespace-on-nixos.html
      # See https://try.popho.be/vpn-netns.html#automatic-with-a-systemd.service5
      # This namespace contains the WireGuard virtual network device, because this should be the only interface available for apps that should run through VPN
      netns-vpn = {
        description = "Network namespace for ProtonVPN using Wireguard";
        wantedBy = ["default.target"];
        before = ["display-manager.service" "network.target"];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = pkgs.writeScript "create-vpn-netns" ''
            #! ${pkgs.bash}/bin/bash
            ${pkgs.iproute}/bin/ip netns add vpn # Create the Namespace
            ${pkgs.iproute}/bin/ip -n vpn link set lo up # Enable the Loopback device
          '';
          ExecStop = "${pkgs.iproute}/bin/ip netns del vpn";
        };
      };
    };
-      # TODO: This should be parametrized
+    wg0-LU-16 = {
-      #       - Each server should get its own link?
+      description = "Wireguard ProtonVPN Server LU-16";
-      #       - The endpoints/public keys should be in a map?
+      requires = ["netns-vpn.service"];
-      wg0-DE-115 = {
+      after = ["netns-vpn.service"];
-        description = "Wireguard ProtonVPN Server DE-115";
+      serviceConfig = {
-        requires = ["netns-vpn.service"];
+        Type = "oneshot";
-        after = ["netns-vpn.service"];
+        RemainAfterExit = true;
-        serviceConfig = {
+        ExecStart = pkgs.writeScript "LU-16-up" (wgup "wg0-lu-16" "proton-lu-16.key" "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w=" "92.223.89.133");
-          Type = "oneshot";
+        ExecStop = pkgs.writeScript "LU-16-down" (wgdown "wg0-lu-16");
          RemainAfterExit = true;
          ExecStart = pkgs.writeScript "DE-115-up" (wgup "wg0-de-115" "proton-de-115.key" "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic=" "194.126.177.14");
          ExecStop = pkgs.writeScript "DE-115-down" (wgdown "wg0-de-115");
        };
      };
      wg0-LU-16 = {
        description = "Wireguard ProtonVPN Server LU-16";
        requires = ["netns-vpn.service"];
        after = ["netns-vpn.service"];
        serviceConfig = {
          Type = "oneshot";
          RemainAfterExit = true;
          ExecStart = pkgs.writeScript "LU-16-up" (wgup "wg0-lu-16" "proton-lu-16.key" "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w=" "92.223.89.133");
          ExecStop = pkgs.writeScript "LU-16-down" (wgdown "wg0-lu-16");
        };
      };
    };
  };
--- a/system/nixinator/default.nix
+++ b/system/nixinator/default.nix
@ -27,4 +27,41 @@
    # videoDrivers = [ "nvidia" ]; # NVIDIA
    videoDrivers = ["amdgpu"];
  };
  # TODO: System module for this
  systemd.network = let
    eth-interface = "enp0s31f6";
    wireless-interface = "wlp5s0";
  in {
    enable = true;
    # LAN
    networks."50-ether" = {
      # name = "enp0s31f6"; # Network interface name?
      enable = true;
      # See man systemd.link, man systemd.netdev, man systemd.network
      matchConfig = {
        # This corresponds to the [MATCH] section
        Name = eth-interface; # Match ethernet interface
      };
      # See man systemd.network
      networkConfig = {
        # This corresponds to the [NETWORK] section
        DHCP = "yes";
        # TODO: What does this all do?
        # IPv6AcceptRA = true;
        # MulticastDNS = "yes"; # Needed?
        # LLMNR = "no"; # Needed?
        # LinkLocalAddressing = "no"; # Needed?
      };
      linkConfig = {
        # This corresponds to the [LINK] section
        # RequiredForOnline = "routable";
      };
    };
  };
 }
--- a/system/nixtop/default.nix
+++ b/system/nixtop/default.nix
@ -19,4 +19,41 @@
    # Proprietary graphics drivers
    videoDrivers = ["intel"];
  };
  systemd.network = let
    eth-interface = "enp0s20u2";
    wireless-interface = "wlp3s0";
  in {
    enable = true;
    # LAN
    networks."50-tether" = {
      # name = "enp0s31f6"; # Network interface name?
      enable = true;
      # See man systemd.link, man systemd.netdev, man systemd.network
      matchConfig = {
        # This corresponds to the [MATCH] section
        Name = eth-interface; # Match ethernet interface
      };
      # See man systemd.network
      networkConfig = {
        # This corresponds to the [NETWORK] section
        DHCP = "yes";
        # TODO: What does this all do?
        # IPv6AcceptRA = true;
        # MulticastDNS = "yes"; # Needed?
        # LLMNR = "no"; # Needed?
        # LinkLocalAddressing = "no"; # Needed?
      };
      linkConfig = {
        # This corresponds to the [LINK] section
        # RequiredForOnline = "routable";
      };
    };
  };
 }