From 6292137bdc2362aa4ec58487b1836ce2303306a2 Mon Sep 17 00:00:00 2001 From: ChUrl Date: Wed, 24 May 2023 20:32:04 +0200 Subject: [PATCH] Update comments --- lib/modules.nix | 9 +-- lib/networking.nix | 78 +++++++++++---------- system/modules/containers/options.nix | 6 +- system/modules/systemd-networkd/default.nix | 3 +- 4 files changed, 48 insertions(+), 48 deletions(-) diff --git a/lib/modules.nix b/lib/modules.nix index fbcd1c10..41bcdfb2 100644 --- a/lib/modules.nix +++ b/lib/modules.nix @@ -1,3 +1,4 @@ +# TODO: Easier mkLink/mkUnlink (include more hm.dag stuff into the function) { inputs, pkgs, @@ -34,14 +35,6 @@ fi ''; - # TODO - mkMultiOptStr = {}: { - }; - - # TODO - mkMultiOptPkg = {}: { - }; - # Returns true if base contains element contains = base: element: lib.any (x: x == element) base; diff --git a/lib/networking.nix b/lib/networking.nix index 1bc4fc79..be37bd00 100644 --- a/lib/networking.nix +++ b/lib/networking.nix @@ -1,3 +1,4 @@ +# TODO: OpenVPN { inputs, pkgs, @@ -32,7 +33,6 @@ }; }; - # VPN stuff mkNetworkNamespace = name: '' ${pkgs.iproute}/bin/ip netns add ${name} # Create the Namespace ${pkgs.iproute}/bin/ip -n ${name} link set lo up # Enable the Loopback device @@ -42,43 +42,47 @@ ${pkgs.iproute}/bin/ip netns del ${name} # Delete the Namespace ''; - # TODO: IPv6 Configuration - # NOTE: The interface and netns have the same name, so it's a bit confusing - mkWireguardTunnel = name: privatekey: publickey: endpoint: '' - ${pkgs.iproute}/bin/ip link add ${name} type wireguard - ${pkgs.iproute}/bin/ip link set ${name} netns ${name} - ${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \ - private-key /home/christoph/.secrets/wireguard/${privatekey} \ - peer ${publickey} \ - allowed-ips 0.0.0.0/0 \ - endpoint ${endpoint}:51820 - ${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name} - ${pkgs.iproute}/bin/ip -n ${name} link set ${name} up - ${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name} - ''; + # VPN stuff + mkWireguardService = let + # NOTE: The interface and netns have the same name, so it's a bit confusing + mkWireguardTunnel = name: privatekey: publickey: endpoint: '' + ${pkgs.iproute}/bin/ip link add ${name} type wireguard + ${pkgs.iproute}/bin/ip link set ${name} netns ${name} + ${pkgs.iproute}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \ + private-key /home/christoph/.secrets/wireguard/${privatekey} \ + peer ${publickey} \ + allowed-ips 0.0.0.0/0 \ + endpoint ${endpoint}:51820 + ${pkgs.iproute}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name} + ${pkgs.iproute}/bin/ip -n ${name} link set ${name} up + ${pkgs.iproute}/bin/ip -n ${name} route add default dev ${name} + ''; - killWireguardTunnel = name: '' - ${pkgs.iproute}/bin/ip -n ${name} link del ${name} - ''; - - mkWireguardService = name: privatekey: publickey: endpoint: { - description = "Wireguard ProtonVPN Server ${name}"; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeScript "${name}-up" '' - #! ${pkgs.bash}/bin/bash - ${mkNetworkNamespace "${name}"} - ${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"} - ''; - ExecStop = pkgs.writeScript "wg0-de-115-down" '' - #! ${pkgs.bash}/bin/bash - ${killWireguardTunnel "${name}"} - ${killNetworkNamespace "${name}"} - ''; + killWireguardTunnel = name: '' + ${pkgs.iproute}/bin/ip -n ${name} link del ${name} + ''; + in + name: privatekey: publickey: endpoint: { + description = "Wireguard ProtonVPN Server ${name}"; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeScript "${name}-up" '' + #! ${pkgs.bash}/bin/bash + ${mkNetworkNamespace "${name}"} + ${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"} + ''; + ExecStop = pkgs.writeScript "wg0-de-115-down" '' + #! ${pkgs.bash}/bin/bash + ${killWireguardTunnel "${name}"} + ${killNetworkNamespace "${name}"} + ''; + }; }; - }; - # mkOpenVPNTunnel = ""; - # killOpenVPNTunnel = ""; + # mkOpenVPNService = let + # mkOpenVPNTunnel = ""; + # killOpenVPNTunnel = ""; + # in + # name: {}; } diff --git a/system/modules/containers/options.nix b/system/modules/containers/options.nix index b8fab260..087df1a8 100644 --- a/system/modules/containers/options.nix +++ b/system/modules/containers/options.nix @@ -1,3 +1,7 @@ +# TODO: Rofi Integration +# - Hotkey through hyprland module +# - Menu through rofi module +# - Permissions through polkit module { lib, mylib, @@ -29,8 +33,6 @@ with mylib.modules; { enable = mkEnableOpt "Enable SabNzbd Container"; }; - # TODO: I need to set the keys through the hyprland module - # and generate the menu through the rofi module rofiIntegration = { enable = mkEnableOpt "Enable Rofi Menu for Container Servicing"; hotkey = mkOption { diff --git a/system/modules/systemd-networkd/default.nix b/system/modules/systemd-networkd/default.nix index 360e9215..4ad36bab 100644 --- a/system/modules/systemd-networkd/default.nix +++ b/system/modules/systemd-networkd/default.nix @@ -1,3 +1,5 @@ +# TODO: Need to set permissions through polkit module +# TODO: Setup Wireless (IWD/Networkd?) { inputs, config, @@ -39,7 +41,6 @@ in { useNetworkd = false; # Only use this if the configuration can't be written in systemd.network completely. It translates some of the networking... options to systemd # resolvconf.enable = true; - # TODO: Either IWD or WiFi through systemd-networkd wireless = { enable = false; # Enables wireless support via wpa_supplicant. iwd.enable = false; # Use iwd instead of NetworkManager