diff --git a/flake.lock b/flake.lock index 4fcae03..12682b8 100644 --- a/flake.lock +++ b/flake.lock @@ -474,7 +474,28 @@ "nixpkgs-unstable": "nixpkgs-unstable", "nvim-kitty-navigator": "nvim-kitty-navigator", "openwrt-imagebuilder": "openwrt-imagebuilder", - "pre-commit-hooks": "pre-commit-hooks" + "pre-commit-hooks": "pre-commit-hooks", + "seven-modules": "seven-modules" + } + }, + "seven-modules": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1749209568, + "narHash": "sha256-D8EN+fjyhYGhQQoY5WfGlX7arc+C7OyDk66CJuscpGo=", + "ref": "refs/heads/main", + "rev": "520d5c291ca0d059fc38f42f503bb704d72b22f4", + "revCount": 3, + "type": "git", + "url": "ssh://git@felschr.com:2222/felschr/seven-modules" + }, + "original": { + "type": "git", + "url": "ssh://git@felschr.com:2222/felschr/seven-modules" } }, "systems": { diff --git a/flake.nix b/flake.nix index f9295b2..53ca564 100644 --- a/flake.nix +++ b/flake.nix @@ -77,6 +77,10 @@ rec { inputs.nixpkgs.follows = "nixpkgs"; }; + seven-modules = { + url = "git+ssh://git@felschr.com:2222/felschr/seven-modules"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = diff --git a/home/felschr-work.nix b/home/felschr-work.nix index 1ccc9f4..73e4003 100644 --- a/home/felschr-work.nix +++ b/home/felschr-work.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: +{ inputs, pkgs, ... }: with pkgs; { @@ -18,6 +13,7 @@ with pkgs; ./browsers ./planck.nix ./services/easyeffects.nix + inputs.seven-modules.homeModules.seven ]; programs.gpg.enable = true; @@ -77,5 +73,7 @@ with pkgs; emblem ]; + seven.enable = true; + home.stateVersion = "25.05"; } diff --git a/home/felschr.nix b/home/felschr.nix index 49eb332..b0e32b0 100644 --- a/home/felschr.nix +++ b/home/felschr.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, ... }: +{ inputs, pkgs, ... }: { imports = [ @@ -15,6 +15,7 @@ ./ausweisapp.nix ./gaming ./services/easyeffects.nix + inputs.seven-modules.homeModules.seven ]; programs.gpg.enable = true; @@ -90,5 +91,7 @@ emblem ]; + seven.enable = true; + home.stateVersion = "25.05"; } diff --git a/hosts/cmdframe/default.nix b/hosts/cmdframe/default.nix index cb95dfc..e1750c8 100644 --- a/hosts/cmdframe/default.nix +++ b/hosts/cmdframe/default.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ inputs, config, ... }: { imports = [ @@ -13,8 +13,14 @@ ../../virtualisation/podman.nix ../../virtualisation/libvirt.nix ../../modules/systemdNotify.nix + inputs.seven-modules.nixosModules.seven ]; + age.secrets.wireguard-seven-cmdframe-key = { + file = ../../secrets/wireguard/seven/cmdframe.key.age; + owner = "systemd-network"; + }; + services.fprintd.enable = true; programs.zsh.enable = true; @@ -33,6 +39,17 @@ "--operator=felschr" ]; + seven = { + enable = true; + wireguard = { + addresses = [ + "198.18.1.241/15" + "fd00:5ec::1f1/48" + ]; + privateKeyFile = config.age.secrets.wireguard-seven-cmdframe-key.path; + }; + }; + systemd.notify.enable = true; systemd.notify.method = "libnotify"; systemd.notify.libnotify.user = "felschr"; diff --git a/hosts/home-pc/default.nix b/hosts/home-pc/default.nix index 2a26cfd..5e32deb 100644 --- a/hosts/home-pc/default.nix +++ b/hosts/home-pc/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ inputs, config, ... }: { imports = [ @@ -20,8 +20,14 @@ ../../services/restic/home-pc.nix ../../services/pcscd.nix ../../services/open-webui.nix + inputs.seven-modules.nixosModules.seven ]; + age.secrets.wireguard-seven-home-pc-key = { + file = ../../secrets/wireguard/seven/home-pc.key.age; + owner = "systemd-network"; + }; + boot.loader.systemd-boot.memtest86.enable = true; # running binaries for other architectures @@ -54,6 +60,17 @@ "87.98.162.88" = [ "portcheck.transmissionbt.com" ]; }; + seven = { + enable = true; + wireguard = { + addresses = [ + "198.18.1.239/15" + "fd00:5ec::1ef/48" + ]; + privateKeyFile = config.age.secrets.wireguard-seven-home-pc-key.path; + }; + }; + systemd.notify.enable = true; systemd.notify.method = "libnotify"; systemd.notify.libnotify.user = "felschr"; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 6354b4b..a906a73 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,6 +14,14 @@ let ]; in { + "wireguard/seven/home-pc.key.age".publicKeys = [ + felschr + home-pc + ]; + "wireguard/seven/cmdframe.key.age".publicKeys = [ + felschr + cmdframe + ]; "restic/b2.age".publicKeys = [ felschr home-pc diff --git a/secrets/wireguard/seven/cmdframe.key.age b/secrets/wireguard/seven/cmdframe.key.age new file mode 100644 index 0000000..8189467 --- /dev/null +++ b/secrets/wireguard/seven/cmdframe.key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 OAZQhA FfKFQDfxUjN7GOUnkkfChufgJubjr58U73ZPf7NYVk4 +yhnJ8a/rWjo3d0zv26K1RWjSZ1cIodrfZM3/GkrUWYc +-> ssh-ed25519 4e2jfw cbNujNcFJlIUmdiju+vKa+/nGl7nktktp/qdCRABEVA +6JKFvoJUOx/oOoF2FBIGQtrqeDelgTXkz5jT7NKNfgE +--- NclMQArY2fMEnOMEBnm/4hD8v7F1gZcuZU2QBjH4HzU +�R��4�E�'q�����AEh�Z��ٝ$6�F4B�����'_Ky�� u����)�~��Y��ߎ#�*�`����Us3h:3 \ No newline at end of file diff --git a/secrets/wireguard/seven/home-pc.key.age b/secrets/wireguard/seven/home-pc.key.age new file mode 100644 index 0000000..9fc1e99 --- /dev/null +++ b/secrets/wireguard/seven/home-pc.key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 OAZQhA KeGvnhp8qfU1yhvjVOa0r6yX6O+kVPt6OsVLZ7O/Hws +enisg9tJchYm3vn2ybB11mIV797QiREfBbr/eboPPxg +-> ssh-ed25519 lJaKnA xckO8hkJshSnzUjQNcFpdlQtc+UcW+MY7D2NN5M/qlI +GDRoXlQNvZU4zvbdLuw3CfxP6BDx3BKzWGjAqYP44d4 +--- 7Epn11NgBId/XxQRbi3RuRnDfvzL9fEzDMAvKM6rkOY +����)yh Хg^���s�j�wC8�M@��S�X&Ho�m��p�1� ?9!����k����V��W*:q��e�uэ \ No newline at end of file