shinobu: Init
This commit is contained in:
parent
9039e60225
commit
1b44e31627
|
@ -9,6 +9,7 @@ keys:
|
|||
- &renge FD4E1FB15DD0F36A77790229826C04C0BE319FA2
|
||||
- &nunotaba 3176be14f468c6d43ab2206b4f273abccd49806b
|
||||
- &okarin 868497ac4266a4d137e0718ae5fc3caa3b8107aa
|
||||
- &shinobu 28677f2e3584b39f528a779caf445ebb39c882b7
|
||||
creation_rules:
|
||||
- path_regex: machines/nunotaba/secrets\.yaml$
|
||||
key_groups:
|
||||
|
@ -55,6 +56,11 @@ creation_rules:
|
|||
- pgp:
|
||||
- *simon
|
||||
- *nunotaba
|
||||
- path_regex: machines/shinobu/secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *simon
|
||||
- *shinobu
|
||||
- path_regex: secrets\.yaml$
|
||||
key_groups:
|
||||
- pgp:
|
||||
|
|
28
keys/machines/shinobu.asc
Normal file
28
keys/machines/shinobu.asc
Normal file
|
@ -0,0 +1,28 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
xsFNBAAAAAABEADNBcn9+nyc5vgZt2xhOwKnNaLys5m7Ve59YWvCcFMaObVufaT3
|
||||
Xa99ysURbmvHLVxBF9rzhWgIlw6yLjfEku0/KsKN1PTc6MnmIV9s5SYy+3d1aqh/
|
||||
8iJyVjag3lqGX2NwgGRKrWeluTlp+GEtqf0hZwEyC/JIIWY7gZZMRbc+IiOY5dd1
|
||||
YkQBr4GsLfwDPMp0VX9TslaWGTVpFeM9m6Nw/3I5qXZugC7nIesNnuzFktW2d8CU
|
||||
tIdX1Bn/I0DQKUP/RyVPkfBEM8ECpBiJHs6W9owmoXFV/BFUmk28rdI4XSwlmOMf
|
||||
nsCVvhQwpm86401Ukzglf4s+Ng8QYlOZ4bKlEWEhqqG93283588NjDUHNEFkfakv
|
||||
65V9Q8qfmBpkUPHvjoIXdl9O4yzPTL+QTWzIwLBaeTjN90PFq2DMPi0NREsFNAgE
|
||||
vRrFkDckSGIt/7vK6q/QbsjaSMvTJoXU3pltncrJ/pfDhvZhyBXLJS+zEpjRiQf1
|
||||
krQbTxy2rqgLBYqBog4qjEsTE8Xuz8Ru9hZkzct5DCgZ906wjW0ilZ+dJeIOIDaj
|
||||
5wycryWCpHqu4j2XdubWfp4acVcU6yOBqaPwuWeIobzht0Ja68vbAnhvqZGx+86l
|
||||
qS2v6cfzmpvyvA3ICWwYuKam0j7H/X9DlgI/qEYGnGjWvi5XWACG3KWHRQARAQAB
|
||||
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
|
||||
AQgAFgUCAAAAAAkQr0ReuznIgrcCGw8CGQEAAOPzEACQyu6j5yZQQ05eE0kmIzXq
|
||||
cg/kazCqmHXHXNydxiEvKYySUW0ln4EE1bIxXAkWIVkmqvtOg5LqaqNfaPWkMHAz
|
||||
VX3O6aCYp0mKmMQnfjYq7zlErXsdU3d7k06AGrs6US7o6N9pnkO0/hT0KJrHyATb
|
||||
rAbAd7sUXcS/zogL8EQ65l6RWkElzqXDqlmUNwTfmwgb/Yhjk2130aDqZSBU17o+
|
||||
NTv2GQbW+HPWE1QWJV4h1/G4b1u4eeCTh3QvlTRcM95oRxCH+BYmJnQm6CRNgs6b
|
||||
601na1JRqRIDa8ttcAgXxn1PRbJquMSXD1xqDCAROvaiTVn47CXwhv5GPK290bqm
|
||||
jVwbIojzpJyOPkVdT/9+caOqevte/IbdVYcfAKNrGbF1FXanItlgrMfhsWN9MKh2
|
||||
B0Er/7yFEg12uMU4+I4T+NYEbn4x6KIA/I4xOkveXm4ik6zV6lbJmAVeof/H9YY5
|
||||
u5fMv+90ACbq6wJB7B+LMg493CiOGNK1GyakwWn+caENaHBiK1/60WigMpZESTBy
|
||||
yMqQvktilbU0dUdRwpLz+E7CtqyZzuMNbqBuT98GNSCYjLWMo/gF8WNQc4SLo0kG
|
||||
66hDrzhS9YLz9KmbsAjRl9E0lSygsqkjw0TguKh4DDuJGyAzgE+6Vl5vshDBNJRW
|
||||
qQBAOHjMg4kGZX2E3RbLCQ==
|
||||
=9i5r
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -29,8 +29,7 @@ in
|
|||
hardware.common-pc-ssd
|
||||
];
|
||||
|
||||
#targetHost = "fuuko.home.sbruder.de";
|
||||
targetHost = "10.80.1.1";
|
||||
targetHost = "fuuko.home.sbruder.de";
|
||||
};
|
||||
mayushii = {
|
||||
system = "x86_64-linux";
|
||||
|
@ -54,4 +53,13 @@ in
|
|||
|
||||
targetHost = "okarin.sbruder.xyz";
|
||||
};
|
||||
shinobu = {
|
||||
system = "x86_64-linux";
|
||||
extraModules = [
|
||||
hardware.common-cpu-intel
|
||||
hardware.common-pc-ssd
|
||||
];
|
||||
|
||||
targetHost = "shinobu.home.sbruder.de";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -15,28 +15,12 @@ Custom build in a be quiet! Pure Base 600.
|
|||
* Case fan: Noctua NF-A9 PWM
|
||||
* Blu-ray burner LG WH16NS60
|
||||
* Additional NIC: Intel I225-V
|
||||
* Wireless card Gigabyte GC-WB1733D-I
|
||||
(includes user-serviceable Intel Wireless-AC 9260 card)
|
||||
|
||||
## Purpose
|
||||
|
||||
It is my main storage server
|
||||
that is responsible for handling storage and processing of big files
|
||||
to which I need a high throughput connection.
|
||||
It also acts as a router for my home network
|
||||
and provides a wireless access point.
|
||||
|
||||
## Notes on Wireless
|
||||
|
||||
TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt.
|
||||
|
||||
* Wireless cards are M.2 A+E key and don’t fit in a M.2 E key slot,
|
||||
because apparently using USB for Bluetooth is a good idea.
|
||||
* Intel Wireless cards only support AP mode on 2.4 GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469).
|
||||
* Almost all wireless cards only support one band at the same time (no dual-band AP).
|
||||
* Realtek Wireless cards don’t work at all (no wonder).
|
||||
* Hostapd’s configuration file is … interesting.
|
||||
* Regulatory stuff is fun.
|
||||
|
||||
## Name
|
||||
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
./services/languagetool.nix
|
||||
./services/media-backup.nix
|
||||
./services/media.nix
|
||||
./services/router.nix
|
||||
./services/torrent.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -13,10 +13,7 @@
|
|||
options gigabyte_wmi force_load=1
|
||||
'';
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
# FIXME this doesn’t work because (AFAIK) there is no VLAN support in the ip= parameter
|
||||
kernelParams = [
|
||||
(with config.systemd.network.networks; "ip=${lib.elemAt br-lan.address 0}::::${config.networking.hostName}:${lan.name}")
|
||||
];
|
||||
kernelParams = [ "ip=dhcp" ];
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"aesni_intel" # hardware crypto for luks
|
||||
|
@ -92,6 +89,11 @@
|
|||
|
||||
powerManagement.cpuFreqGovernor = "schedutil";
|
||||
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
interfaces.enp10s0.useDHCP = true;
|
||||
};
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandlePowerKey=suspend
|
||||
'';
|
||||
|
|
|
@ -68,6 +68,7 @@ in
|
|||
"hitagi.vpn.sbruder.de:9100"
|
||||
"vueko.vpn.sbruder.de:9100"
|
||||
"okarin.vpn.sbruder.de:9100"
|
||||
"shinobu.vpn.sbruder.de:9100"
|
||||
];
|
||||
}
|
||||
{
|
||||
|
@ -97,10 +98,10 @@ in
|
|||
)
|
||||
{
|
||||
job_name = "dnsmasq";
|
||||
static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
|
||||
static_configs = mkStaticTarget "shinobu.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
|
||||
relabel_configs = lib.singleton {
|
||||
target_label = "instance";
|
||||
replacement = "fuuko.home.sbruder.de";
|
||||
replacement = "shinobu.home.sbruder.de";
|
||||
};
|
||||
}
|
||||
{
|
||||
|
|
34
machines/shinobu/README.md
Normal file
34
machines/shinobu/README.md
Normal file
|
@ -0,0 +1,34 @@
|
|||
# shinobu
|
||||
|
||||
## Hardware
|
||||
|
||||
Protectli Vault Pro VP2420.
|
||||
|
||||
* CPU: [Intel Celeron J6412](https://ark.intel.com/content/www/us/en/ark/products/214758/intel-celeron-processor-j6412-1-5m-cache-up-to-2-60-ghz.html) (4 × 2.0 GHz)
|
||||
* RAM: [8 GB Crucial DDR4-2666 SO-DIMM `CT8G4SFRA266.M8FRS`](https://www.crucial.com/memory/ddr4/ct8g4sfra266)
|
||||
* PSU: Channel Well Technology 60 W (12 V, 3.333 A)
|
||||
* SSD: 120 GB Protectli SATA M.2
|
||||
* NIC: 4 Intel i225-V (2.5GbE)
|
||||
* Wireless: Intel Wireless-AC 9260
|
||||
* FINTEK F81232 USB to UART bridge (for easy serial console)
|
||||
* Dasharo coreboot firemware
|
||||
|
||||
## Purpose
|
||||
|
||||
It is the main router for my home network.
|
||||
|
||||
## Notes on Wireless (copied from fuuko’s previous README)
|
||||
|
||||
TL;DR: Never try to build an AP yourself, just get a dedicated AP and use OpenWrt.
|
||||
|
||||
* Wireless cards are M.2 A+E key and don’t fit in an M.2 E key slot,
|
||||
because apparently using USB for Bluetooth is a good idea.
|
||||
* Intel Wireless cards only support AP mode on 2.4 GHz [because of broken LAR](https://bugzilla.kernel.org/show_bug.cgi?id=206469).
|
||||
* Almost all wireless cards only support one band at the same time (no dual-band AP).
|
||||
* Realtek Wireless cards don’t work at all (no wonder).
|
||||
* Hostapd’s configuration file is … interesting.
|
||||
* Regulatory stuff is fun.
|
||||
|
||||
## Name
|
||||
|
||||
Shinobu Oshino (previously known as Kiss-Shot Acerola-Orion Heart-Under-Blade) is a Vampire Oddity from the Monogatari Series.
|
18
machines/shinobu/configuration.nix
Normal file
18
machines/shinobu/configuration.nix
Normal file
|
@ -0,0 +1,18 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
../../modules
|
||||
|
||||
./services/router.nix
|
||||
];
|
||||
|
||||
sbruder = {
|
||||
wireguard.home.enable = true;
|
||||
nginx.hardening.enable = true;
|
||||
};
|
||||
|
||||
networking.hostName = "shinobu";
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
52
machines/shinobu/hardware-configuration.nix
Normal file
52
machines/shinobu/hardware-configuration.nix
Normal file
|
@ -0,0 +1,52 @@
|
|||
{ config, lib, modulesPath, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
grub.enable = false;
|
||||
systemd-boot.enable = true;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
kernelModules = [ "kvm-intel" ];
|
||||
extraModulePackages = [ ];
|
||||
supportedFilesystems = [ "btrfs" ];
|
||||
kernelParams = [
|
||||
"console=ttyS0,115200n8"
|
||||
];
|
||||
initrd = {
|
||||
availableKernelModules = [
|
||||
"aesni_intel" # hardware crypto for luks
|
||||
"ahci"
|
||||
"sd_mod"
|
||||
"sdhci_pci"
|
||||
"usb_storage"
|
||||
"xhci_pci"
|
||||
];
|
||||
kernelModules = [ ];
|
||||
luks.devices = {
|
||||
root = {
|
||||
device = "/dev/disk/by-uuid/66b38a54-13b4-4c56-a1b7-d45e789e6718";
|
||||
allowDiscards = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems = {
|
||||
"/" = {
|
||||
device = "/dev/disk/by-uuid/7fd4f8f4-0a36-424b-b7cc-f7df49781c7f";
|
||||
fsType = "btrfs";
|
||||
options = [ "compress=zstd" "discard" "noatime" ];
|
||||
};
|
||||
"/boot" = {
|
||||
device = "/dev/disk/by-uuid/446B-FC4C";
|
||||
fsType = "vfat";
|
||||
};
|
||||
};
|
||||
|
||||
powerManagement.cpuFreqGovernor = "powersave";
|
||||
}
|
54
machines/shinobu/secrets.yaml
Normal file
54
machines/shinobu/secrets.yaml
Normal file
|
@ -0,0 +1,54 @@
|
|||
wg-home-private-key: ENC[AES256_GCM,data:gm4INfmp226u4wp+LuKgf5m2nTFFw4S24w4PRPcW/A7CU713c9NtQ+kPDKg=,iv:JAir9z5/Db6+Oroq+0vXPZLZLA2gjY2Be6hRAmgV5AE=,tag:fxL9nK3v5xERfcoBbCUsXg==,type:str]
|
||||
wg-mullvad-private-key: ENC[AES256_GCM,data:yJ3+/rc3EQPhCMlHQ5BNA/NmPZiinjgV4A34UkmZgABvYLWzQMEQH5S8K9Q=,iv:YsGvRIaLbsYkbYCoD+szTIFPgBeyq/hoO4ljFSvp9f8=,tag:oil95breVKac7CdH/pA8FA==,type:str]
|
||||
hostapd-config: ENC[AES256_GCM,data:a0ESrrsquLq6VRJM588C5A+FmVxJwJSzwRuv2o//LL5OybcDS8jkVUajosXEs0qmQ6Xfc1gFDcevCYUwJ24eZ+ynKLWwoNx8RXXwbpllO7FkI68vcauUij1CtUgVb8aHheKfrFuyW7WU1wE3NTtOt2gij1+nM3iKS3vFXtX2n9L2fuy2b3EhOUBiakxAeQmyVmclSVBDYt12i4h4tW7GpPr8AjoIiZgz0Hyx5zA5f/JTPzz/P200eM0tCttNPbMNPBGztJfw7raRIX+v6xw7QNPMgf03TOae17mt6uggTNKJfEPeanzcEMA3xR6xoFUqJL6Hvowyl4MrSFc+E5Rvft+qhp8m6tAqQln9Z3MzaDtxSBWnWdvWEcyeK1aDBQ57/aIwo8kVs47Iblqbi5+jM/n4DoeQtqTM1kS7sZ3XDQ26suW5KCw+VIeqEEqdu6g5ZXMO2SipSOzP5jPjX+5ubX3SXcyoAIo41Efa6YGdWtl3,iv:oLk5tatZEY5AI/PlTBJHShGCKiyvve9rPhGARAtMMj4=,tag:Bkan2Hff8L8ZcC67r+fWjg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2023-06-29T17:51:22Z"
|
||||
mac: ENC[AES256_GCM,data:1mkrR2swPTwV5VzClUSfp+VdYXOXRD3hxITS1r3y3kmc7c4XDPJPiNuYXzgvLr6LN4xoAteVgYY+McVT3/JKykENtgpoiMVeWBvJvLPjFPt8FufnhqqCmlsVM17C5dlxdTvdtZtAPrebNqgxvVOdBfUcNugMx52ngmMNv9E7r1o=,iv:h8z5XO0r2zCA/gZSuLgFCupHizc4OMZeiBP+oHiXEBo=,tag:BzgBhgQIikNHSmYgNfPppA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-06-29T16:44:16Z"
|
||||
enc: |-
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
wcFMAwDgSONkM+d4AQ//XL7P5/P31g5aA3wEuLI2Fv6NuNnf3/M2R3jpy/dMVvM4
|
||||
rH+c3aDH6QnXvA2JzPAz235m60LKlKQPCQbakiBucuPm0al/lFf3YblEaW4l68ZG
|
||||
75sKk5YZqVpBqoirQTT/o4/lD1pLset5UM4OJ1Tq8t6FlNVasFah1YBKbe7I9l53
|
||||
4Y85y1/dCcuAfRTM21l54+iL5Lhz/CPd0B1glfgszI0Lh0bPoB+HHGi3HNb/S3PP
|
||||
L91892RCF2EYVb0aK54mpeq6ZVrpdnH37mFuNOHTha6qvpklreIcUSP9TNT4UEQW
|
||||
Pz+YytPH0vGeIq26Eb/1pfLiZvqn3eHs7p2hrV3sDXFdrAnG6MO/vy5rRd4vyTUM
|
||||
GmUBGUHS6acaOLdnDFHMQ/+tewreq9NnJFppBQz8t/hk9mjz1XWnflMHipKe+t6V
|
||||
kflhjDi7kwndG9sxHn7Mqj059ZKcKs8o8BTqPMgBAp/Z1IvSVyj+Q/nM/RpNZim3
|
||||
bs5z9PY8KUzD+4Biabitj21c4ah9pFXw/6W2sesAlFQGP+DkgIKuIEhyuV6HSshn
|
||||
m/M2Q9Ma0rgKCgtgse41TbMMQASiJPA1mdtO7RE92t5gMKVVAiVHD6kTfOJZSAkx
|
||||
TbxGjlXDLuqugKnZI41NwnHUdCUfxTGoeFqtaqYiWQ0hdgsziHHEkMxlPEGDFjfS
|
||||
UQGlBUSl6nB1+RI2x9lLSoQbz3x5ZdXnapi+KGLfQZb11nCegTLVyO5NO+sI54+Z
|
||||
umyIAqj6/MqgQQGt9oWJnybbFnhcjwdfEIwW4sSWJA5geQ==
|
||||
=y5Sy
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
||||
- created_at: "2023-06-29T16:44:16Z"
|
||||
enc: |
|
||||
-----BEGIN PGP MESSAGE-----
|
||||
|
||||
hQIMA69EXrs5yIK3ARAAvjxMdia3YDWmBDM27K/om1wUtZk+isrQ5r8U1Di6uF0Q
|
||||
qImLsCXRPumL3ZtzZ9qls2OJlUvZQkfE9Ek2/hHINGfUIdNGkXCgJs42Edcfd6tK
|
||||
bd8hZf/kCJSX3V3c13sUdVQWy8RavUAb0Ezc0H1rZq8K1Gp8iMO9NAm/m8UJe2tM
|
||||
+cBVvzhBoI+onkrWBCsiquPuts+hgiWMwr+hOPsQhT5VP1HM/si7k9JgEEMlqnMo
|
||||
NOJUaqbYSR8Q/cy3jjfkAbrpYJ/ZuvZefvU2j+nlfnyzmiWV/Xh6QVseaq1IvFqg
|
||||
ZmdFLyursv19xTYE0HOBX3c1QlEK5vMFdzADOdu3KDO0JpGwLMcR2dzX8CRYNzyR
|
||||
B3cbfwp679B3RvKhMHKuVTy9bdb5df6CGBjVeQCNFmBSbimVTjTpFxMk5rusp/j9
|
||||
Ql8h4ULajrfSmN4T5xoIShsmAAFeeSdHCLrACXHjHU0v2xh+MG5dTZTLa9V+4s7e
|
||||
wIeq4v9ED5PFFRr+mQUdlmQP+fdH4Cwor8OZxA4g09RFoo3MUgLHWaa5emL1z1YN
|
||||
fWgZs6EsFFTNYtUoey91eFzhKYYKa1P1gXztgEbc0L95Qqa15QPeWGYgf1WIRASZ
|
||||
POTGCjleDuqnEoFFdt+qaVYtpCoJnAKjhSFf10DvN6AQ0zraXldHdx4B1wYBLQTS
|
||||
WAG5qS56CCwMxqjic2OfdSul2zHsCSsoXrWmqG1vtv2WGE7iIsseUor7eeLxbHIW
|
||||
/8Y9+kx+ZcTSXcs9t1xBHCEv3LAgwneVorOhiHVS4gu6R7crYLKpygE=
|
||||
=7Sdh
|
||||
-----END PGP MESSAGE-----
|
||||
fp: 28677f2e3584b39f528a779caf445ebb39c882b7
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
|
@ -1,18 +1,24 @@
|
|||
# Home network configuration
|
||||
# (2.5GbE clients)
|
||||
# | |
|
||||
# +----------+ +----------+
|
||||
# | | | | | | (1GbE clients)
|
||||
# | | | | | +|-|-|-|-|+
|
||||
# +---+----+ +-+-+-+-+-+ |5 4 3 2 1|
|
||||
# |upstream| | 1 2 3 4 | |TL-SG105 |
|
||||
# +--------+ | shinobu | +---------+
|
||||
# +---------+
|
||||
#
|
||||
# +----------+ +------+
|
||||
# | | | | ( clients )
|
||||
# | | | +|-|-|-|-|+
|
||||
# +---+----+ +-+-+-+ |5 4 3 2 1|
|
||||
# |upstream| |fuuko| |TL-SG105 |
|
||||
# +--------+ +-----+ +---------+
|
||||
#
|
||||
# It consists of fuuko as a router (this configuration),
|
||||
# It consists of shinobu as a router (this configuration),
|
||||
# connected to a TP-LINK TL-SG105E “smart managed” (i.e., it can do VLANs) 5-port switch.
|
||||
# The upstream comes from some plasic Huawei router/AP I don’t control.
|
||||
#
|
||||
# fuuko has two physical network interfaces,
|
||||
# because remote unlocking (which requires network in initrd) is hard with VLANs.
|
||||
# Because the switch only supports GbE,
|
||||
# the two clients I currently have with support for 2.5GbE are connected
|
||||
# directly to the two remaining network interfaces on shinobu.
|
||||
# Once I have more devices with support for 2.5GbE
|
||||
# or I find a good deal on a matching switch,
|
||||
# I will change this.
|
||||
#
|
||||
# Wireless is configured by providing the whole hostapd configuration file as a secret.
|
||||
# Once nixpkgs PR 222536 is merged, I will migrate to using the NixOS module.
|
||||
|
@ -49,6 +55,8 @@ in
|
|||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
# not all interfaces need to be up
|
||||
wait-online.extraArgs = [ "--any" ];
|
||||
netdevs = {
|
||||
br-lan = {
|
||||
netdevConfig = {
|
||||
|
@ -77,7 +85,7 @@ in
|
|||
};
|
||||
networks = {
|
||||
wan = {
|
||||
name = "enp9s0";
|
||||
name = "enp1s0";
|
||||
networkConfig = {
|
||||
# Upstream provides no IPv6 :(
|
||||
# If this is not set, it waits and fails systemd-networkd-wait-online
|
||||
|
@ -89,8 +97,16 @@ in
|
|||
UseDNS = "no";
|
||||
};
|
||||
};
|
||||
lan = {
|
||||
name = "enp10s0";
|
||||
lan1 = {
|
||||
name = "enp2s0";
|
||||
bridge = [ "br-lan" ];
|
||||
};
|
||||
lan2 = {
|
||||
name = "enp3s0";
|
||||
bridge = [ "br-lan" ];
|
||||
};
|
||||
lan3 = {
|
||||
name = "enp4s0";
|
||||
bridge = [ "br-lan" ];
|
||||
};
|
||||
br-lan = {
|
||||
|
@ -209,8 +225,8 @@ in
|
|||
# The service is mostly taken from nixpkgs pr 222536.
|
||||
systemd.services.hostapd = {
|
||||
path = with pkgs; [ hostapd ];
|
||||
after = [ "sys-subsystem-net-devices-wlp8s0.device" ];
|
||||
bindsTo = [ "sys-subsystem-net-devices-wlp8s0.device" ];
|
||||
after = [ "sys-subsystem-net-devices-wlp5s0.device" ];
|
||||
bindsTo = [ "sys-subsystem-net-devices-wlp5s0.device" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = {
|
|
@ -63,5 +63,9 @@
|
|||
hostNames = [ "[okarin.sbruder.de]:2222" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT";
|
||||
};
|
||||
shinobu = {
|
||||
hostNames = [ "shinobu" "shinobu.home.sbruder.de" "shinobu.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJNZPT2Mmys2nw/ovX6Z1Cb4WDAaWBWanycNwF9IEjl";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -32,6 +32,10 @@ let
|
|||
address = "10.80.0.10";
|
||||
publicKey = "KjDdTOVZ9RadDrNjJ11BWsY8SNBmDbuNoKm72wh9uCk=";
|
||||
};
|
||||
shinobu = {
|
||||
address = "10.80.0.12";
|
||||
publicKey = "ErLWueo4ikYH/mKHr3axyoAVZh+Bdh1NQBet42aD0kk=";
|
||||
};
|
||||
};
|
||||
|
||||
cfg = config.sbruder.wireguard.home;
|
||||
|
|
Loading…
Reference in a new issue