From 1b44e316279bf606f275ea840478a28a2806ccea Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Sat, 1 Jul 2023 12:37:12 +0200 Subject: [PATCH] shinobu: Init --- .sops.yaml | 6 +++ keys/machines/shinobu.asc | 28 ++++++++++ machines/default.nix | 12 ++++- machines/fuuko/README.md | 16 ------ machines/fuuko/configuration.nix | 1 - machines/fuuko/hardware-configuration.nix | 10 ++-- machines/renge/services/prometheus.nix | 5 +- machines/shinobu/README.md | 34 ++++++++++++ machines/shinobu/configuration.nix | 18 +++++++ machines/shinobu/hardware-configuration.nix | 52 ++++++++++++++++++ machines/shinobu/secrets.yaml | 54 +++++++++++++++++++ .../{fuuko => shinobu}/services/router.nix | 46 ++++++++++------ modules/ssh.nix | 4 ++ modules/wireguard/home.nix | 4 ++ 14 files changed, 250 insertions(+), 40 deletions(-) create mode 100644 keys/machines/shinobu.asc create mode 100644 machines/shinobu/README.md create mode 100644 machines/shinobu/configuration.nix create mode 100644 machines/shinobu/hardware-configuration.nix create mode 100644 machines/shinobu/secrets.yaml rename machines/{fuuko => shinobu}/services/router.nix (86%) diff --git a/.sops.yaml b/.sops.yaml index 071dc46..f90adc2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,6 +9,7 @@ keys: - &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2 - &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b - &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa + - &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7 creation_rules: - path_regex: machines/nunotaba/secrets\.yaml$ key_groups: @@ -55,6 +56,11 @@ creation_rules: - pgp: - *simon - *nunotaba + - path_regex: machines/shinobu/secrets\.yaml$ + key_groups: + - pgp: + - *simon + - *shinobu - path_regex: secrets\.yaml$ key_groups: - pgp: diff --git a/keys/machines/shinobu.asc b/keys/machines/shinobu.asc new file mode 100644 index 0000000..9c3f4e5 --- /dev/null +++ b/keys/machines/shinobu.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +xsFNBAAAAAABEADNBcn9+nyc5vgZt2xhOwKnNaLys5m7Ve59YWvCcFMaObVufaT3 +Xa99ysURbmvHLVxBF9rzhWgIlw6yLjfEku0/KsKN1PTc6MnmIV9s5SYy+3d1aqh/ +8iJyVjag3lqGX2NwgGRKrWeluTlp+GEtqf0hZwEyC/JIIWY7gZZMRbc+IiOY5dd1 +YkQBr4GsLfwDPMp0VX9TslaWGTVpFeM9m6Nw/3I5qXZugC7nIesNnuzFktW2d8CU +tIdX1Bn/I0DQKUP/RyVPkfBEM8ECpBiJHs6W9owmoXFV/BFUmk28rdI4XSwlmOMf +nsCVvhQwpm86401Ukzglf4s+Ng8QYlOZ4bKlEWEhqqG93283588NjDUHNEFkfakv +65V9Q8qfmBpkUPHvjoIXdl9O4yzPTL+QTWzIwLBaeTjN90PFq2DMPi0NREsFNAgE +vRrFkDckSGIt/7vK6q/QbsjaSMvTJoXU3pltncrJ/pfDhvZhyBXLJS+zEpjRiQf1 +krQbTxy2rqgLBYqBog4qjEsTE8Xuz8Ru9hZkzct5DCgZ906wjW0ilZ+dJeIOIDaj +5wycryWCpHqu4j2XdubWfp4acVcU6yOBqaPwuWeIobzht0Ja68vbAnhvqZGx+86l +qS2v6cfzmpvyvA3ICWwYuKam0j7H/X9DlgI/qEYGnGjWvi5XWACG3KWHRQARAQAB +zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT +AQgAFgUCAAAAAAkQr0ReuznIgrcCGw8CGQEAAOPzEACQyu6j5yZQQ05eE0kmIzXq +cg/kazCqmHXHXNydxiEvKYySUW0ln4EE1bIxXAkWIVkmqvtOg5LqaqNfaPWkMHAz +VX3O6aCYp0mKmMQnfjYq7zlErXsdU3d7k06AGrs6US7o6N9pnkO0/hT0KJrHyATb +rAbAd7sUXcS/zogL8EQ65l6RWkElzqXDqlmUNwTfmwgb/Yhjk2130aDqZSBU17o+ +NTv2GQbW+HPWE1QWJV4h1/G4b1u4eeCTh3QvlTRcM95oRxCH+BYmJnQm6CRNgs6b +601na1JRqRIDa8ttcAgXxn1PRbJquMSXD1xqDCAROvaiTVn47CXwhv5GPK290bqm +jVwbIojzpJyOPkVdT/9+caOqevte/IbdVYcfAKNrGbF1FXanItlgrMfhsWN9MKh2 +B0Er/7yFEg12uMU4+I4T+NYEbn4x6KIA/I4xOkveXm4ik6zV6lbJmAVeof/H9YY5 +u5fMv+90ACbq6wJB7B+LMg493CiOGNK1GyakwWn+caENaHBiK1/60WigMpZESTBy +yMqQvktilbU0dUdRwpLz+E7CtqyZzuMNbqBuT98GNSCYjLWMo/gF8WNQc4SLo0kG +66hDrzhS9YLz9KmbsAjRl9E0lSygsqkjw0TguKh4DDuJGyAzgE+6Vl5vshDBNJRW +qQBAOHjMg4kGZX2E3RbLCQ== +=9i5r +-----END PGP PUBLIC KEY BLOCK----- diff --git a/machines/default.nix b/machines/default.nix index e93bcf2..ee7bba8 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -29,8 +29,7 @@ in hardware.common-pc-ssd ]; - #targetHost = "fuuko.home.sbruder.de"; - targetHost = "10.80.1.1"; + targetHost = "fuuko.home.sbruder.de"; }; mayushii = { system = "x86_64-linux"; @@ -54,4 +53,13 @@ in targetHost = "okarin.sbruder.xyz"; }; + shinobu = { + system = "x86_64-linux"; + extraModules = [ + hardware.common-cpu-intel + hardware.common-pc-ssd + ]; + + targetHost = "shinobu.home.sbruder.de"; + }; } diff --git a/machines/fuuko/README.md b/machines/fuuko/README.md index c895d30..3eeba89 100644 --- a/machines/fuuko/README.md +++ b/machines/fuuko/README.md @@ -15,28 +15,12 @@ Custom build in a be quiet! Pure Base 600. * Case fan: Noctua NF-A9 PWM * Blu-ray burner LG WH16NS60 * Additional NIC: Intel I225-V - * Wireless card Gigabyte GC-WB1733D-I - (includes user-serviceable Intel Wireless-AC 9260 card) ## Purpose It is my main storage server that is responsible for handling storage and processing of big files to which I need a high throughput connection. -It also acts as a router for my home network -and provides a wireless access point. - -## Notes on Wireless - -TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt. - - * Wireless cards are M.2 A+E key and don’t fit in a M.2 E key slot, - because apparently using USB for Bluetooth is a good idea. - * Intel Wireless cards only support AP mode on 2.4 GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469). - * Almost all wireless cards only support one band at the same time (no dual-band AP). - * Realtek Wireless cards don’t work at all (no wonder). - * Hostapd’s configuration file is … interesting. - * Regulatory stuff is fun. ## Name diff --git a/machines/fuuko/configuration.nix b/machines/fuuko/configuration.nix index c969152..62e8779 100644 --- a/machines/fuuko/configuration.nix +++ b/machines/fuuko/configuration.nix @@ -9,7 +9,6 @@ ./services/languagetool.nix ./services/media-backup.nix ./services/media.nix - ./services/router.nix ./services/torrent.nix ]; diff --git a/machines/fuuko/hardware-configuration.nix b/machines/fuuko/hardware-configuration.nix index bc00c83..3b487b0 100644 --- a/machines/fuuko/hardware-configuration.nix +++ b/machines/fuuko/hardware-configuration.nix @@ -13,10 +13,7 @@ options gigabyte_wmi force_load=1 ''; supportedFilesystems = [ "btrfs" ]; - # FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter - kernelParams = [ - (with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}") - ]; + kernelParams = [ "ip=dhcp" ]; initrd = { availableKernelModules = [ "aesni_intel" # hardware crypto for luks @@ -92,6 +89,11 @@ powerManagement.cpuFreqGovernor = "schedutil"; + networking = { + useDHCP = false; + interfaces.enp10s0.useDHCP = true; + }; + services.logind.extraConfig = '' HandlePowerKey=suspend ''; diff --git a/machines/renge/services/prometheus.nix b/machines/renge/services/prometheus.nix index 8fa0f1d..e42654c 100644 --- a/machines/renge/services/prometheus.nix +++ b/machines/renge/services/prometheus.nix @@ -68,6 +68,7 @@ in "hitagi.vpn.sbruder.de:9100" "vueko.vpn.sbruder.de:9100" "okarin.vpn.sbruder.de:9100" + "shinobu.vpn.sbruder.de:9100" ]; } { @@ -97,10 +98,10 @@ in ) { job_name = "dnsmasq"; - static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}"; + static_configs = mkStaticTarget "shinobu.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}"; relabel_configs = lib.singleton { target_label = "instance"; - replacement = "fuuko.home.sbruder.de"; + replacement = "shinobu.home.sbruder.de"; }; } { diff --git a/machines/shinobu/README.md b/machines/shinobu/README.md new file mode 100644 index 0000000..c7331a5 --- /dev/null +++ b/machines/shinobu/README.md @@ -0,0 +1,34 @@ +# shinobu + +## Hardware + +Protectli Vault Pro VP2420. + + * CPU: [Intel Celeron J6412](https://ark.intel.com/content/www/us/en/ark/products/214758/intel-celeron-processor-j6412-1-5m-cache-up-to-2-60-ghz.html) (4 × 2.0 GHz) + * RAM: [8 GB Crucial DDR4-2666 SO-DIMM `CT8G4SFRA266.M8FRS`](https://www.crucial.com/memory/ddr4/ct8g4sfra266) + * PSU: Channel Well Technology 60 W (12 V, 3.333 A) + * SSD: 120 GB Protectli SATA M.2 + * NIC: 4 Intel i225-V (2.5GbE) + * Wireless: Intel Wireless-AC 9260 + * FINTEK F81232 USB to UART bridge (for easy serial console) + * Dasharo coreboot firemware + +## Purpose + +It is the main router for my home network. + +## Notes on Wireless (copied from fuuko’s previous README) + +TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt. + + * Wireless cards are M.2 A+E key and don’t fit in an M.2 E key slot, + because apparently using USB for Bluetooth is a good idea. + * Intel Wireless cards only support AP mode on 2.4 GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469). + * Almost all wireless cards only support one band at the same time (no dual-band AP). + * Realtek Wireless cards don’t work at all (no wonder). + * Hostapd’s configuration file is … interesting. + * Regulatory stuff is fun. + +## Name + +Shinobu Oshino (previously known as Kiss-Shot Acerola-Orion Heart-Under-Blade) is a Vampire Oddity from the Monogatari Series. diff --git a/machines/shinobu/configuration.nix b/machines/shinobu/configuration.nix new file mode 100644 index 0000000..bbdfbb4 --- /dev/null +++ b/machines/shinobu/configuration.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ../../modules + + ./services/router.nix + ]; + + sbruder = { + wireguard.home.enable = true; + nginx.hardening.enable = true; + }; + + networking.hostName = "shinobu"; + + system.stateVersion = "23.05"; +} diff --git a/machines/shinobu/hardware-configuration.nix b/machines/shinobu/hardware-configuration.nix new file mode 100644 index 0000000..c848224 --- /dev/null +++ b/machines/shinobu/hardware-configuration.nix @@ -0,0 +1,52 @@ +{ config, lib, modulesPath, pkgs, ... }: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + loader = { + grub.enable = false; + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + supportedFilesystems = [ "btrfs" ]; + kernelParams = [ + "console=ttyS0,115200n8" + ]; + initrd = { + availableKernelModules = [ + "aesni_intel" # hardware crypto for luks + "ahci" + "sd_mod" + "sdhci_pci" + "usb_storage" + "xhci_pci" + ]; + kernelModules = [ ]; + luks.devices = { + root = { + device = "/dev/disk/by-uuid/66b38a54-13b4-4c56-a1b7-d45e789e6718"; + allowDiscards = true; + }; + }; + }; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/7fd4f8f4-0a36-424b-b7cc-f7df49781c7f"; + fsType = "btrfs"; + options = [ "compress=zstd" "discard" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/446B-FC4C"; + fsType = "vfat"; + }; + }; + + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/machines/shinobu/secrets.yaml b/machines/shinobu/secrets.yaml new file mode 100644 index 0000000..c478f14 --- /dev/null +++ b/machines/shinobu/secrets.yaml @@ -0,0 +1,54 @@ +wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str] +wg-mullvad-private-key: ENC[AES256_GCM,data:yJ3+/rc3EQPhCMlHQ5BNA/NmPZiinjgV4A34UkmZgABvYLWzQMEQH5S8K9Q=,iv:YsGvRIaLbsYkbYCoD+szTIFPgBeyq/hoO4ljFSvp9f8=,tag:oil95breVKac7CdH/pA8FA==,type:str] +hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2023-06-29T17:51:22Z" + mac: ENC[AES256_GCM,data:1mkrR2swPTwV5VzClUSfp+VdYXOXRD3hxITS1r3y3kmc7c4XDPJPiNuYXzgvLr6LN4xoAteVgYY+McVT3/JKykENtgpoiMVeWBvJvLPjFPt8FufnhqqCmlsVM17C5dlxdTvdtZtAPrebNqgxvVOdBfUcNugMx52ngmMNv9E7r1o=,iv:h8z5XO0r2zCA/gZSuLgFCupHizc4OMZeiBP+oHiXEBo=,tag:BzgBhgQIikNHSmYgNfPppA==,type:str] + pgp: + - created_at: "2023-06-29T16:44:16Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMAwDgSONkM+d4AQ//XL7P5/P31g5aA3wEuLI2Fv6NuNnf3/M2R3jpy/dMVvM4 + rH+c3aDH6QnXvA2JzPAz235m60LKlKQPCQbakiBucuPm0al/lFf3YblEaW4l68ZG + 75sKk5YZqVpBqoirQTT/o4/lD1pLset5UM4OJ1Tq8t6FlNVasFah1YBKbe7I9l53 + 4Y85y1/dCcuAfRTM21l54+iL5Lhz/CPd0B1glfgszI0Lh0bPoB+HHGi3HNb/S3PP + L91892RCF2EYVb0aK54mpeq6ZVrpdnH37mFuNOHTha6qvpklreIcUSP9TNT4UEQW + Pz+YytPH0vGeIq26Eb/1pfLiZvqn3eHs7p2hrV3sDXFdrAnG6MO/vy5rRd4vyTUM + GmUBGUHS6acaOLdnDFHMQ/+tewreq9NnJFppBQz8t/hk9mjz1XWnflMHipKe+t6V + kflhjDi7kwndG9sxHn7Mqj059ZKcKs8o8BTqPMgBAp/Z1IvSVyj+Q/nM/RpNZim3 + bs5z9PY8KUzD+4Biabitj21c4ah9pFXw/6W2sesAlFQGP+DkgIKuIEhyuV6HSshn + m/M2Q9Ma0rgKCgtgse41TbMMQASiJPA1mdtO7RE92t5gMKVVAiVHD6kTfOJZSAkx + TbxGjlXDLuqugKnZI41NwnHUdCUfxTGoeFqtaqYiWQ0hdgsziHHEkMxlPEGDFjfS + UQGlBUSl6nB1+RI2x9lLSoQbz3x5ZdXnapi+KGLfQZb11nCegTLVyO5NO+sI54+Z + umyIAqj6/MqgQQGt9oWJnybbFnhcjwdfEIwW4sSWJA5geQ== + =y5Sy + -----END PGP MESSAGE----- + fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC + - created_at: "2023-06-29T16:44:16Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA69EXrs5yIK3ARAAvjxMdia3YDWmBDM27K/om1wUtZk+isrQ5r8U1Di6uF0Q + qImLsCXRPumL3ZtzZ9qls2OJlUvZQkfE9Ek2/hHINGfUIdNGkXCgJs42Edcfd6tK + bd8hZf/kCJSX3V3c13sUdVQWy8RavUAb0Ezc0H1rZq8K1Gp8iMO9NAm/m8UJe2tM + +cBVvzhBoI+onkrWBCsiquPuts+hgiWMwr+hOPsQhT5VP1HM/si7k9JgEEMlqnMo + NOJUaqbYSR8Q/cy3jjfkAbrpYJ/ZuvZefvU2j+nlfnyzmiWV/Xh6QVseaq1IvFqg + ZmdFLyursv19xTYE0HOBX3c1QlEK5vMFdzADOdu3KDO0JpGwLMcR2dzX8CRYNzyR + B3cbfwp679B3RvKhMHKuVTy9bdb5df6CGBjVeQCNFmBSbimVTjTpFxMk5rusp/j9 + Ql8h4ULajrfSmN4T5xoIShsmAAFeeSdHCLrACXHjHU0v2xh+MG5dTZTLa9V+4s7e + wIeq4v9ED5PFFRr+mQUdlmQP+fdH4Cwor8OZxA4g09RFoo3MUgLHWaa5emL1z1YN + fWgZs6EsFFTNYtUoey91eFzhKYYKa1P1gXztgEbc0L95Qqa15QPeWGYgf1WIRASZ + POTGCjleDuqnEoFFdt+qaVYtpCoJnAKjhSFf10DvN6AQ0zraXldHdx4B1wYBLQTS + WAG5qS56CCwMxqjic2OfdSul2zHsCSsoXrWmqG1vtv2WGE7iIsseUor7eeLxbHIW + /8Y9+kx+ZcTSXcs9t1xBHCEv3LAgwneVorOhiHVS4gu6R7crYLKpygE= + =7Sdh + -----END PGP MESSAGE----- + fp: 28677f2e3584b39f528a779caf445ebb39c882b7 + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/machines/fuuko/services/router.nix b/machines/shinobu/services/router.nix similarity index 86% rename from machines/fuuko/services/router.nix rename to machines/shinobu/services/router.nix index 165550c..e056eed 100644 --- a/machines/fuuko/services/router.nix +++ b/machines/shinobu/services/router.nix @@ -1,18 +1,24 @@ # Home network configuration +# (2.5GbE clients) +# | | +# +----------+ +----------+ +# | | | | | | (1GbE clients) +# | | | | | +|-|-|-|-|+ +# +---+----+ +-+-+-+-+-+ |5 4 3 2 1| +# |upstream| | 1 2 3 4 | |TL-SG105 | +# +--------+ | shinobu | +---------+ +# +---------+ # -# +----------+ +------+ -# | | | | ( clients ) -# | | | +|-|-|-|-|+ -# +---+----+ +-+-+-+ |5 4 3 2 1| -# |upstream| |fuuko| |TL-SG105 | -# +--------+ +-----+ +---------+ -# -# It consists of fuuko as a router (this configuration), +# It consists of shinobu as a router (this configuration), # connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch. # The upstream comes from some plasic Huawei router/AP I don’t control. # -# fuuko has two physical network interfaces, -# because remote unlocking (which requires network in initrd) is hard with VLANs. +# Because the switch only supports GbE, +# the two clients I currently have with support for 2.5GbE are connected +# directly to the two remaining network interfaces on shinobu. +# Once I have more devices with support for 2.5GbE +# or I find a good deal on a matching switch, +# I will change this. # # Wireless is configured by providing the whole hostapd configuration file as a secret. # Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module. @@ -49,6 +55,8 @@ in systemd.network = { enable = true; + # not all interfaces need to be up + wait-online.extraArgs = [ "--any" ]; netdevs = { br-lan = { netdevConfig = { @@ -77,7 +85,7 @@ in }; networks = { wan = { - name = "enp9s0"; + name = "enp1s0"; networkConfig = { # Upstream provides no IPv6 :( # If this is not set, it waits and fails systemd-networkd-wait-online @@ -89,8 +97,16 @@ in UseDNS = "no"; }; }; - lan = { - name = "enp10s0"; + lan1 = { + name = "enp2s0"; + bridge = [ "br-lan" ]; + }; + lan2 = { + name = "enp3s0"; + bridge = [ "br-lan" ]; + }; + lan3 = { + name = "enp4s0"; bridge = [ "br-lan" ]; }; br-lan = { @@ -209,8 +225,8 @@ in # The service is mostly taken from nixpkgs pr 222536. systemd.services.hostapd = { path = with pkgs; [ hostapd ]; - after = [ "sys-subsystem-net-devices-wlp8s0.device" ]; - bindsTo = [ "sys-subsystem-net-devices-wlp8s0.device" ]; + after = [ "sys-subsystem-net-devices-wlp5s0.device" ]; + bindsTo = [ "sys-subsystem-net-devices-wlp5s0.device" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { diff --git a/modules/ssh.nix b/modules/ssh.nix index a72ad67..612846f 100644 --- a/modules/ssh.nix +++ b/modules/ssh.nix @@ -63,5 +63,9 @@ hostNames = [ "[okarin.sbruder.de]:2222" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT"; }; + shinobu = { + hostNames = [ "shinobu" "shinobu.home.sbruder.de" "shinobu.vpn.sbruder.de" ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJNZPT2Mmys2nw/ovX6Z1Cb4WDAaWBWanycNwF9IEjl"; + }; }; } diff --git a/modules/wireguard/home.nix b/modules/wireguard/home.nix index 965e285..29e57e3 100644 --- a/modules/wireguard/home.nix +++ b/modules/wireguard/home.nix @@ -32,6 +32,10 @@ let address = "10.80.0.10"; publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk="; }; + shinobu = { + address = "10.80.0.12"; + publicKey = "ErLWueo4ikYH/mKHr3axyoAVZh+Bdh1NQBet42aD0kk="; + }; }; cfg = config.sbruder.wireguard.home;