From 8f56e7d8085537376faf2b2be014b8048136e703 Mon Sep 17 00:00:00 2001 From: ChUrl Date: Wed, 26 Apr 2023 20:40:29 +0200 Subject: [PATCH] Make hyprland + network config system dependent --- config/hyprland/hyprland.conf | 64 ++--------- home/christoph/default.nix | 9 -- home/christoph/nixinator/default.nix | 26 +++++ home/christoph/nixtop/default.nix | 23 ++++ system/default.nix | 156 ++++++++++----------------- system/nixinator/default.nix | 37 +++++++ system/nixtop/default.nix | 37 +++++++ 7 files changed, 187 insertions(+), 165 deletions(-) diff --git a/config/hyprland/hyprland.conf b/config/hyprland/hyprland.conf index 94603364..548407ec 100644 --- a/config/hyprland/hyprland.conf +++ b/config/hyprland/hyprland.conf @@ -1,34 +1,9 @@ -######################################################################################## -AUTOGENERATED HYPR CONFIG. -PLEASE USE THE CONFIG PROVIDED IN THE GIT REPO /examples/hypr.conf AND EDIT IT, -OR EDIT THIS ONE ACCORDING TO THE WIKI INSTRUCTIONS. -######################################################################################## - -# -# Please note not all available settings / options are set here. -# For a full list, see the wiki -# - -# autogenerated = 1 # remove this line to remove the warning - -# See https://wiki.hyprland.org/Configuring/Monitors/ -# monitor=,preferred,auto,auto -monitor = HDMI-A-1, 2560x1440@144, 1920x0, 1 -monitor = HDMI-A-2, 1920x1080@60, 0x0, 1 - -# I have the first 9 workspaces on the main monitor, the last one on the secondary monitor -wsbind = 1, HDMI-A-1 -wsbind = 2, HDMI-A-1 -wsbind = 3, HDMI-A-1 -wsbind = 4, HDMI-A-1 -wsbind = 5, HDMI-A-1 -wsbind = 6, HDMI-A-1 -wsbind = 7, HDMI-A-1 -wsbind = 8, HDMI-A-1 -wsbind = 9, HDMI-A-1 -wsbind = 10, HDMI-A-2 - -# See https://wiki.hyprland.org/Configuring/Keywords/ for more +# Source a file (multi-file configs) +# source = ~/.config/hypr/myColors.conf +source = ~/.config/hypr/polkit.conf # NOTE: This needs to be sourced, because NixOS fills in the polkit executable path +source = ~/.config/hypr/waybar-reload.conf +source = ~/.config/hypr/monitors.conf # NOTE: This file is different for each system +source = ~/.config/hypr/input.conf # Execute your favorite apps at launch # exec-once = waybar @@ -44,33 +19,6 @@ exec-once = wl-paste -t text --watch clipman store --no-persist exec-once = wl-paste -p -t text --watch clipman store -P --histpath="~/.local/share/clipman-primary.json" exec-once = hyprctl setcursor Bibata-Modern-Classic 16 -# Source a file (multi-file configs) -# source = ~/.config/hypr/myColors.conf -source = ~/.config/hypr/polkit.conf # NOTE: This needs to be sourced, because NixOS fills in the polkit executable path -source = ~/.config/hypr/waybar-reload.conf - -# TODO: Move keybindings, rules and appearance to other files - -# Some default env vars. -# env = XCURSOR_SIZE,24 - -# For all categories, see https://wiki.hyprland.org/Configuring/Variables/ -input { - kb_layout = us - kb_variant = altgr-intl - kb_model = pc104 - kb_options = - kb_rules = - - follow_mouse = 1 - - touchpad { - natural_scroll = no - } - - sensitivity = 0 # -1.0 - 1.0, 0 means no modification. -} - general { # See https://wiki.hyprland.org/Configuring/Variables/ for more diff --git a/home/christoph/default.nix b/home/christoph/default.nix index a4ef0860..58f52ccc 100644 --- a/home/christoph/default.nix +++ b/home/christoph/default.nix @@ -95,15 +95,6 @@ rec { }; }; - hyprland = { - enable = true; - theme = "Three-Bears"; - - # TODO: - # papirusIcons = true; - # bibataCursor = true; - }; - # TODO: # plasma = { # enable = false; diff --git a/home/christoph/nixinator/default.nix b/home/christoph/nixinator/default.nix index 205c64d7..809a5b24 100644 --- a/home/christoph/nixinator/default.nix +++ b/home/christoph/nixinator/default.nix @@ -17,6 +17,32 @@ rec { config = { modules = { + hyprland = { + enable = true; + theme = "Three-Bears"; + + kb-layout = "us"; + kb-variant = "altgr-intl"; + + monitors = '' + # See https://wiki.hyprland.org/Configuring/Monitors/ + monitor = HDMI-A-1, 2560x1440@144, 1920x0, 1 + monitor = HDMI-A-2, 1920x1080@60, 0x0, 1 + + # I have the first 9 workspaces on the main monitor, the last one on the secondary monitor + wsbind = 1, HDMI-A-1 + wsbind = 2, HDMI-A-1 + wsbind = 3, HDMI-A-1 + wsbind = 4, HDMI-A-1 + wsbind = 5, HDMI-A-1 + wsbind = 6, HDMI-A-1 + wsbind = 7, HDMI-A-1 + wsbind = 8, HDMI-A-1 + wsbind = 9, HDMI-A-1 + wsbind = 10, HDMI-A-2 + ''; + }; + audio = { enable = false; diff --git a/home/christoph/nixtop/default.nix b/home/christoph/nixtop/default.nix index eb870d10..e0c03136 100644 --- a/home/christoph/nixtop/default.nix +++ b/home/christoph/nixtop/default.nix @@ -17,6 +17,29 @@ rec { config = { modules = { + hyprland = { + enable = true; + theme = "Three-Bears"; + + kb-lalyout = "de"; + kb-variant = "nodeadkeys"; + + monitors = '' + # See https://wiki.hyprland.org/Configuring/Monitors/ + monitor = eDP-1, 1920x1080@60, 0x0, 1 + + # I have the first 9 workspaces on the main monitor, the last one on the secondary monitor + wsbind = 1, eDP-1 + wsbind = 2, eDP-1 + wsbind = 3, eDP-1 + wsbind = 4, eDP-1 + wsbind = 5, eDP-1 + wsbind = 6, eDP-1 + wsbind = 7, eDP-1 + wsbind = 8, eDP-1 + wsbind = 9, eDP-1 + ''; + }; }; home.packages = with pkgs; [ diff --git a/system/default.nix b/system/default.nix index 39ad3291..e7b45be1 100644 --- a/system/default.nix +++ b/system/default.nix @@ -115,112 +115,72 @@ # TODO: Networking system module # NOTE: The systemd networking options are not very flexible, so this will be a problem for the laptop. (=> Use IWD for WiFi) - systemd = { - network = let - eth-interface = "enp0s31f6"; - wireless-interface = ""; - in { - enable = true; + systemd.services = let + # TODO: IPv6 Configuration + wgup = interface: privatekey: publickey: endpoint: '' + #! ${pkgs.bash}/bin/bash + ${pkgs.iproute}/bin/ip link add ${interface} type wireguard + ${pkgs.iproute}/bin/ip link set ${interface} netns vpn + ${pkgs.iproute}/bin/ip netns exec vpn ${pkgs.wireguard-tools}/bin/wg set ${interface} \ + private-key /home/christoph/.secrets/wireguard/${privatekey} \ + peer ${publickey} \ + allowed-ips 0.0.0.0/0 \ + endpoint ${endpoint}:51820 + ${pkgs.iproute}/bin/ip -n vpn addr add 10.2.0.2/32 dev ${interface} + ${pkgs.iproute}/bin/ip -n vpn link set ${interface} up + ${pkgs.iproute}/bin/ip -n vpn route add default dev ${interface} + ''; - # LAN - networks."50-ether" = { - # name = "enp0s31f6"; # Network interface name? - enable = true; + wgdown = interface: '' + #! ${pkgs.bash}/bin/bash + ${pkgs.iproute}/bin/ip -n vpn link del ${interface} + ''; + in { + # See https://reflexivereflection.com/posts/2018-12-18-wireguard-vpn-with-network-namespace-on-nixos.html + # See https://try.popho.be/vpn-netns.html#automatic-with-a-systemd.service5 + # This namespace contains the WireGuard virtual network device, because this should be the only interface available for apps that should run through VPN + netns-vpn = { + description = "Network namespace for ProtonVPN using Wireguard"; + wantedBy = ["default.target"]; + before = ["display-manager.service" "network.target"]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; - # See man systemd.link, man systemd.netdev, man systemd.network - matchConfig = { - # This corresponds to the [MATCH] section - Name = eth-interface; # Match ethernet interface - }; + ExecStart = pkgs.writeScript "create-vpn-netns" '' + #! ${pkgs.bash}/bin/bash + ${pkgs.iproute}/bin/ip netns add vpn # Create the Namespace + ${pkgs.iproute}/bin/ip -n vpn link set lo up # Enable the Loopback device + ''; - # See man systemd.network - networkConfig = { - # This corresponds to the [NETWORK] section - DHCP = "yes"; - - # TODO: What does this all do? - # IPv6AcceptRA = true; - # MulticastDNS = "yes"; # Needed? - # LLMNR = "no"; # Needed? - # LinkLocalAddressing = "no"; # Needed? - }; - - linkConfig = { - # This corresponds to the [LINK] section - # RequiredForOnline = "routable"; - }; + ExecStop = "${pkgs.iproute}/bin/ip netns del vpn"; }; - - # TODO: WiFi Hotspot? }; - services = let - # TODO: IPv6 Configuration - wgup = interface: privatekey: publickey: endpoint: '' - #! ${pkgs.bash}/bin/bash - ${pkgs.iproute}/bin/ip link add ${interface} type wireguard - ${pkgs.iproute}/bin/ip link set ${interface} netns vpn - ${pkgs.iproute}/bin/ip netns exec vpn ${pkgs.wireguard-tools}/bin/wg set ${interface} \ - private-key /home/christoph/.secrets/wireguard/${privatekey} \ - peer ${publickey} \ - allowed-ips 0.0.0.0/0 \ - endpoint ${endpoint}:51820 - ${pkgs.iproute}/bin/ip -n vpn addr add 10.2.0.2/32 dev ${interface} - ${pkgs.iproute}/bin/ip -n vpn link set ${interface} up - ${pkgs.iproute}/bin/ip -n vpn route add default dev ${interface} - ''; - - wgdown = interface: '' - #! ${pkgs.bash}/bin/bash - ${pkgs.iproute}/bin/ip -n vpn link del ${interface} - ''; - in { - # See https://reflexivereflection.com/posts/2018-12-18-wireguard-vpn-with-network-namespace-on-nixos.html - # See https://try.popho.be/vpn-netns.html#automatic-with-a-systemd.service5 - # This namespace contains the WireGuard virtual network device, because this should be the only interface available for apps that should run through VPN - netns-vpn = { - description = "Network namespace for ProtonVPN using Wireguard"; - wantedBy = ["default.target"]; - before = ["display-manager.service" "network.target"]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - - ExecStart = pkgs.writeScript "create-vpn-netns" '' - #! ${pkgs.bash}/bin/bash - ${pkgs.iproute}/bin/ip netns add vpn # Create the Namespace - ${pkgs.iproute}/bin/ip -n vpn link set lo up # Enable the Loopback device - ''; - - ExecStop = "${pkgs.iproute}/bin/ip netns del vpn"; - }; + # TODO: This should be parametrized + # - Each server should get its own link? + # - The endpoints/public keys should be in a map? + wg0-DE-115 = { + description = "Wireguard ProtonVPN Server DE-115"; + requires = ["netns-vpn.service"]; + after = ["netns-vpn.service"]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeScript "DE-115-up" (wgup "wg0-de-115" "proton-de-115.key" "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic=" "194.126.177.14"); + ExecStop = pkgs.writeScript "DE-115-down" (wgdown "wg0-de-115"); }; + }; - # TODO: This should be parametrized - # - Each server should get its own link? - # - The endpoints/public keys should be in a map? - wg0-DE-115 = { - description = "Wireguard ProtonVPN Server DE-115"; - requires = ["netns-vpn.service"]; - after = ["netns-vpn.service"]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeScript "DE-115-up" (wgup "wg0-de-115" "proton-de-115.key" "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic=" "194.126.177.14"); - ExecStop = pkgs.writeScript "DE-115-down" (wgdown "wg0-de-115"); - }; - }; - - wg0-LU-16 = { - description = "Wireguard ProtonVPN Server LU-16"; - requires = ["netns-vpn.service"]; - after = ["netns-vpn.service"]; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = pkgs.writeScript "LU-16-up" (wgup "wg0-lu-16" "proton-lu-16.key" "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w=" "92.223.89.133"); - ExecStop = pkgs.writeScript "LU-16-down" (wgdown "wg0-lu-16"); - }; + wg0-LU-16 = { + description = "Wireguard ProtonVPN Server LU-16"; + requires = ["netns-vpn.service"]; + after = ["netns-vpn.service"]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeScript "LU-16-up" (wgup "wg0-lu-16" "proton-lu-16.key" "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w=" "92.223.89.133"); + ExecStop = pkgs.writeScript "LU-16-down" (wgdown "wg0-lu-16"); }; }; }; diff --git a/system/nixinator/default.nix b/system/nixinator/default.nix index ceabc0e7..56504f47 100644 --- a/system/nixinator/default.nix +++ b/system/nixinator/default.nix @@ -27,4 +27,41 @@ # videoDrivers = [ "nvidia" ]; # NVIDIA videoDrivers = ["amdgpu"]; }; + + # TODO: System module for this + systemd.network = let + eth-interface = "enp0s31f6"; + wireless-interface = "wlp5s0"; + in { + enable = true; + + # LAN + networks."50-ether" = { + # name = "enp0s31f6"; # Network interface name? + enable = true; + + # See man systemd.link, man systemd.netdev, man systemd.network + matchConfig = { + # This corresponds to the [MATCH] section + Name = eth-interface; # Match ethernet interface + }; + + # See man systemd.network + networkConfig = { + # This corresponds to the [NETWORK] section + DHCP = "yes"; + + # TODO: What does this all do? + # IPv6AcceptRA = true; + # MulticastDNS = "yes"; # Needed? + # LLMNR = "no"; # Needed? + # LinkLocalAddressing = "no"; # Needed? + }; + + linkConfig = { + # This corresponds to the [LINK] section + # RequiredForOnline = "routable"; + }; + }; + }; } diff --git a/system/nixtop/default.nix b/system/nixtop/default.nix index 59543d90..a1f6c027 100644 --- a/system/nixtop/default.nix +++ b/system/nixtop/default.nix @@ -19,4 +19,41 @@ # Proprietary graphics drivers videoDrivers = ["intel"]; }; + + + systemd.network = let + eth-interface = "enp0s20u2"; + wireless-interface = "wlp3s0"; + in { + enable = true; + + # LAN + networks."50-tether" = { + # name = "enp0s31f6"; # Network interface name? + enable = true; + + # See man systemd.link, man systemd.netdev, man systemd.network + matchConfig = { + # This corresponds to the [MATCH] section + Name = eth-interface; # Match ethernet interface + }; + + # See man systemd.network + networkConfig = { + # This corresponds to the [NETWORK] section + DHCP = "yes"; + + # TODO: What does this all do? + # IPv6AcceptRA = true; + # MulticastDNS = "yes"; # Needed? + # LLMNR = "no"; # Needed? + # LinkLocalAddressing = "no"; # Needed? + }; + + linkConfig = { + # This corresponds to the [LINK] section + # RequiredForOnline = "routable"; + }; + }; + }; }