christoph/flake-nixinator
1
Fork 0
Code Activity

Update comments

Browse Source
This commit is contained in:
Christoph Urlacher
2023-05-24 20:32:04 +02:00
parent feee85b79d
commit 5c58b7b455
4 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/modules.nix
View File

@ -1,3 +1,4 @@
# TODO: Easier mkLink/mkUnlink (include more hm.dag stuff into the function)
{ {
inputs, inputs,
pkgs, pkgs,
@ -34,14 +35,6 @@
fi fi
''; '';
# TODO
mkMultiOptStr = {}: {
};
# TODO
mkMultiOptPkg = {}: {
};
# Returns true if base contains element # Returns true if base contains element
contains = base: element: contains = base: element:
lib.any (x: x == element) base; lib.any (x: x == element) base;

78
lib/networking.nix
View File

@ -1,3 +1,4 @@
# TODO: OpenVPN
{ {
inputs, inputs,
pkgs, pkgs,
@ -32,7 +33,6 @@
}; };
}; };
# VPN stuff
mkNetworkNamespace = name: '' mkNetworkNamespace = name: ''
${pkgs.iproute}/bin/ip netns add ${name} # Create the Namespace ${pkgs.iproute}/bin/ip netns add ${name} # Create the Namespace
${pkgs.iproute}/bin/ip -n ${name} link set lo up # Enable the Loopback device ${pkgs.iproute}/bin/ip -n ${name} link set lo up # Enable the Loopback device
@ -42,43 +42,47 @@
${pkgs.iproute}/bin/ip netns del ${name} # Delete the Namespace ${pkgs.iproute}/bin/ip netns del ${name} # Delete the Namespace
''; '';
# TODO: IPv6 Configuration # VPN stuff
# NOTE: The interface and netns have the same name, so it's a bit confusing mkWireguardService = let
mkWireguardTunnel = name: privatekey: publickey: endpoint: '' # NOTE: The interface and netns have the same name, so it's a bit confusing
${pkgs.iproute}/bin/ip link add ${name} type wireguard mkWireguardTunnel = name: privatekey: publickey: endpoint: ''
${pkgs.iproute}/bin/ip link set ${name} netns ${name} ${pkgs.iproute}/bin/ip link add ${name} type wireguard
${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \ ${pkgs.iproute}/bin/ip link set ${name} netns ${name}
private-key /home/christoph/.secrets/wireguard/${privatekey} \ ${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \
peer ${publickey} \ private-key /home/christoph/.secrets/wireguard/${privatekey} \
allowed-ips 0.0.0.0/0 \ peer ${publickey} \
endpoint ${endpoint}:51820 allowed-ips 0.0.0.0/0 \
${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name} endpoint ${endpoint}:51820
${pkgs.iproute}/bin/ip -n ${name} link set ${name} up ${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name}
${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name} ${pkgs.iproute}/bin/ip -n ${name} link set ${name} up
''; ${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name}
'';
killWireguardTunnel = name: '' killWireguardTunnel = name: ''
${pkgs.iproute}/bin/ip -n ${name} link del ${name} ${pkgs.iproute}/bin/ip -n ${name} link del ${name}
''; '';
in
mkWireguardService = name: privatekey: publickey: endpoint: { name: privatekey: publickey: endpoint: {
description = "Wireguard ProtonVPN Server ${name}"; description = "Wireguard ProtonVPN Server ${name}";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStart = pkgs.writeScript "${name}-up" '' ExecStart = pkgs.writeScript "${name}-up" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
${mkNetworkNamespace "${name}"} ${mkNetworkNamespace "${name}"}
${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"} ${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"}
''; '';
ExecStop = pkgs.writeScript "wg0-de-115-down" '' ExecStop = pkgs.writeScript "wg0-de-115-down" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
${killWireguardTunnel "${name}"} ${killWireguardTunnel "${name}"}
${killNetworkNamespace "${name}"} ${killNetworkNamespace "${name}"}
''; '';
};
}; };
};
# mkOpenVPNTunnel = ""; # mkOpenVPNService = let
# killOpenVPNTunnel = ""; # mkOpenVPNTunnel = "";
# killOpenVPNTunnel = "";
# in
# name: {};
} }

6
system/modules/containers/options.nix
View File

@ -1,3 +1,7 @@
# TODO: Rofi Integration
# - Hotkey through hyprland module
# - Menu through rofi module
# - Permissions through polkit module
{ {
lib, lib,
mylib, mylib,
@ -29,8 +33,6 @@ with mylib.modules; {
enable = mkEnableOpt "Enable SabNzbd Container"; enable = mkEnableOpt "Enable SabNzbd Container";
}; };
# TODO: I need to set the keys through the hyprland module
# and generate the menu through the rofi module
rofiIntegration = { rofiIntegration = {
enable = mkEnableOpt "Enable Rofi Menu for Container Servicing"; enable = mkEnableOpt "Enable Rofi Menu for Container Servicing";
hotkey = mkOption { hotkey = mkOption {

3
system/modules/systemd-networkd/default.nix
View File

@ -1,3 +1,5 @@
# TODO: Need to set permissions through polkit module
# TODO: Setup Wireless (IWD/Networkd?)
{ {
inputs, inputs,
config, config,
@ -39,7 +41,6 @@ in {
useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd
# resolvconf.enable = true; # resolvconf.enable = true;
# TODO: Either IWD or WiFi through systemd-networkd
wireless = { wireless = {
enable = false; # Enables wireless support via wpa_supplicant. enable = false; # Enables wireless support via wpa_supplicant.
iwd.enable = false; # Use iwd instead of NetworkManager iwd.enable = false; # Use iwd instead of NetworkManager