Update comments
This commit is contained in:
@ -1,3 +1,4 @@
|
||||
# TODO: Easier mkLink/mkUnlink (include more hm.dag stuff into the function)
|
||||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
@ -34,14 +35,6 @@
|
||||
fi
|
||||
'';
|
||||
|
||||
# TODO
|
||||
mkMultiOptStr = {}: {
|
||||
};
|
||||
|
||||
# TODO
|
||||
mkMultiOptPkg = {}: {
|
||||
};
|
||||
|
||||
# Returns true if base contains element
|
||||
contains = base: element:
|
||||
lib.any (x: x == element) base;
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
# TODO: OpenVPN
|
||||
{
|
||||
inputs,
|
||||
pkgs,
|
||||
@ -32,7 +33,6 @@
|
||||
};
|
||||
};
|
||||
|
||||
# VPN stuff
|
||||
mkNetworkNamespace = name: ''
|
||||
${pkgs.iproute}/bin/ip netns add ${name} # Create the Namespace
|
||||
${pkgs.iproute}/bin/ip -n ${name} link set lo up # Enable the Loopback device
|
||||
@ -42,43 +42,47 @@
|
||||
${pkgs.iproute}/bin/ip netns del ${name} # Delete the Namespace
|
||||
'';
|
||||
|
||||
# TODO: IPv6 Configuration
|
||||
# NOTE: The interface and netns have the same name, so it's a bit confusing
|
||||
mkWireguardTunnel = name: privatekey: publickey: endpoint: ''
|
||||
${pkgs.iproute}/bin/ip link add ${name} type wireguard
|
||||
${pkgs.iproute}/bin/ip link set ${name} netns ${name}
|
||||
${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \
|
||||
private-key /home/christoph/.secrets/wireguard/${privatekey} \
|
||||
peer ${publickey} \
|
||||
allowed-ips 0.0.0.0/0 \
|
||||
endpoint ${endpoint}:51820
|
||||
${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name}
|
||||
${pkgs.iproute}/bin/ip -n ${name} link set ${name} up
|
||||
${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name}
|
||||
'';
|
||||
# VPN stuff
|
||||
mkWireguardService = let
|
||||
# NOTE: The interface and netns have the same name, so it's a bit confusing
|
||||
mkWireguardTunnel = name: privatekey: publickey: endpoint: ''
|
||||
${pkgs.iproute}/bin/ip link add ${name} type wireguard
|
||||
${pkgs.iproute}/bin/ip link set ${name} netns ${name}
|
||||
${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \
|
||||
private-key /home/christoph/.secrets/wireguard/${privatekey} \
|
||||
peer ${publickey} \
|
||||
allowed-ips 0.0.0.0/0 \
|
||||
endpoint ${endpoint}:51820
|
||||
${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name}
|
||||
${pkgs.iproute}/bin/ip -n ${name} link set ${name} up
|
||||
${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name}
|
||||
'';
|
||||
|
||||
killWireguardTunnel = name: ''
|
||||
${pkgs.iproute}/bin/ip -n ${name} link del ${name}
|
||||
'';
|
||||
|
||||
mkWireguardService = name: privatekey: publickey: endpoint: {
|
||||
description = "Wireguard ProtonVPN Server ${name}";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = pkgs.writeScript "${name}-up" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${mkNetworkNamespace "${name}"}
|
||||
${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"}
|
||||
'';
|
||||
ExecStop = pkgs.writeScript "wg0-de-115-down" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${killWireguardTunnel "${name}"}
|
||||
${killNetworkNamespace "${name}"}
|
||||
'';
|
||||
killWireguardTunnel = name: ''
|
||||
${pkgs.iproute}/bin/ip -n ${name} link del ${name}
|
||||
'';
|
||||
in
|
||||
name: privatekey: publickey: endpoint: {
|
||||
description = "Wireguard ProtonVPN Server ${name}";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
ExecStart = pkgs.writeScript "${name}-up" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${mkNetworkNamespace "${name}"}
|
||||
${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"}
|
||||
'';
|
||||
ExecStop = pkgs.writeScript "wg0-de-115-down" ''
|
||||
#! ${pkgs.bash}/bin/bash
|
||||
${killWireguardTunnel "${name}"}
|
||||
${killNetworkNamespace "${name}"}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# mkOpenVPNTunnel = "";
|
||||
# killOpenVPNTunnel = "";
|
||||
# mkOpenVPNService = let
|
||||
# mkOpenVPNTunnel = "";
|
||||
# killOpenVPNTunnel = "";
|
||||
# in
|
||||
# name: {};
|
||||
}
|
||||
|
||||
@ -1,3 +1,7 @@
|
||||
# TODO: Rofi Integration
|
||||
# - Hotkey through hyprland module
|
||||
# - Menu through rofi module
|
||||
# - Permissions through polkit module
|
||||
{
|
||||
lib,
|
||||
mylib,
|
||||
@ -29,8 +33,6 @@ with mylib.modules; {
|
||||
enable = mkEnableOpt "Enable SabNzbd Container";
|
||||
};
|
||||
|
||||
# TODO: I need to set the keys through the hyprland module
|
||||
# and generate the menu through the rofi module
|
||||
rofiIntegration = {
|
||||
enable = mkEnableOpt "Enable Rofi Menu for Container Servicing";
|
||||
hotkey = mkOption {
|
||||
|
||||
@ -1,3 +1,5 @@
|
||||
# TODO: Need to set permissions through polkit module
|
||||
# TODO: Setup Wireless (IWD/Networkd?)
|
||||
{
|
||||
inputs,
|
||||
config,
|
||||
@ -39,7 +41,6 @@ in {
|
||||
useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd
|
||||
# resolvconf.enable = true;
|
||||
|
||||
# TODO: Either IWD or WiFi through systemd-networkd
|
||||
wireless = {
|
||||
enable = false; # Enables wireless support via wpa_supplicant.
|
||||
iwd.enable = false; # Use iwd instead of NetworkManager
|
||||
|
||||
Reference in New Issue
Block a user