diff --git a/flake.lock b/flake.lock index 819cafa..0b4a156 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1712386041, - "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=", + "lastModified": 1714043624, + "narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=", "owner": "nix-community", "repo": "home-manager", - "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff", + "rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411", "type": "github" }, "original": { @@ -21,13 +21,28 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1713864415, + "narHash": "sha256-/BPDMJEkrsFAFOsQWhwm31wezlgshPFlLBn34KEUdVA=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "797f8d8082c7cc3259cba7275c699d4991b09ecc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1713828541, - "narHash": "sha256-KtvQeE12MSkCOhvVmnmcZCjnx7t31zWin2XVSDOwBDE=", + "lastModified": 1713995372, + "narHash": "sha256-fFE3M0vCoiSwCX02z8VF58jXFRj9enYUSTqjyHAjrds=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b500489fd3cf653eafc075f9362423ad5cdd8676", + "rev": "dd37924974b9202f8226ed5d74a252a9785aedf8", "type": "github" }, "original": { @@ -40,6 +55,7 @@ "root": { "inputs": { "home-manager": "home-manager", + "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs" } } diff --git a/flake.nix b/flake.nix index 8886818..e9f8821 100644 --- a/flake.nix +++ b/flake.nix @@ -3,13 +3,14 @@ inputs = { nixpkgs.url = github:nixos/nixpkgs/nixos-23.11; + nixos-hardware.url = github:NixOS/nixos-hardware; home-manager = { url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { self, nixpkgs, home-manager }: + outputs = { self, nixpkgs, home-manager, nixos-hardware }: let system = "x86_64-linux"; pkgs = import nixpkgs { @@ -81,6 +82,7 @@ }; modules = [ ./hosts/pinix/configuration.nix + nixos-hardware.nixosModules.raspberry-pi-4 home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; diff --git a/hosts/common.nix b/hosts/common.nix index 708b710..7b39c7f 100644 --- a/hosts/common.nix +++ b/hosts/common.nix @@ -1,10 +1,6 @@ { config, pkgs, ... }: { - # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - time.timeZone = "Europe/Berlin"; i18n.defaultLocale = "en_US.UTF-8"; i18n.extraLocaleSettings = { @@ -38,7 +34,7 @@ ]; }; - networking.networkmanager.enable = true; + networking.wireguard.enable = true; programs.neovim = { enable = true; diff --git a/hosts/dmeiburg/configuration.nix b/hosts/dmeiburg/configuration.nix index b3ca604..f9bc843 100644 --- a/hosts/dmeiburg/configuration.nix +++ b/hosts/dmeiburg/configuration.nix @@ -17,6 +17,30 @@ networking.hostName = "dmeiburg"; # Define your hostname. networking.firewall.trustedInterfaces = [ "docker0" ]; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; + networking.nat.enable = true; + networking.nat.externalInterface = "enp3s0"; + networking.nat.internalInterfaces = [ "wg0" ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.1/24" ]; + listenPort = 51820; + + privateKeyFile = "/home/dm/.wireguard/dmeiburg"; + + peers = [ + { # p14s + publicKey = "BTIuA08t8lwPZa418EJ7vcni3MxC8ihhadem6uicnAA="; + allowedIPs = [ "10.100.0.2/32" ]; + } + { # pinix + publicKey = "Zhnl8OJXjCk4zmuTg6xFnWPyf3Asnkhk/yW09s6yJCc="; + allowedIPs = [ "10.100.0.3/32" ]; + } + ]; + }; + }; environment.systemPackages = with pkgs; [ gnupg @@ -33,5 +57,4 @@ }; system.stateVersion = "23.11"; # Did you read the comment? - } diff --git a/hosts/p14s/configuration.nix b/hosts/p14s/configuration.nix index 212fe88..1192d2d 100644 --- a/hosts/p14s/configuration.nix +++ b/hosts/p14s/configuration.nix @@ -18,6 +18,30 @@ programs.light.enable = true; services.tlp.enable = true; + networking.firewall = { + allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport + }; + # Enable WireGuard + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.3/24" ]; + listenPort = 51820; + privateKeyFile = "/home/dm/.wireguard/p14s"; + + peers = [ + { # dmeiburg + publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY="; + + allowedIPs = [ "10.100.0.0/24"]; + + endpoint = "152.53.0.23:51820"; + + persistentKeepalive = 25; + } + ]; + }; + }; + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/hosts/pinix/configuration.nix b/hosts/pinix/configuration.nix index a466d31..0643987 100644 --- a/hosts/pinix/configuration.nix +++ b/hosts/pinix/configuration.nix @@ -1,35 +1,68 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, pkgs, ... }: { imports = [ # Include the results of the hardware scan. - ../common.nix ./hardware-configuration.nix ]; -hardware = { - raspberry-pi."4".apply-overlays-dtmerge.enable = true; - deviceTree = { - enable = true; - filter = "*rpi-4-*.dtb"; - }; + hardware = { + raspberry-pi."4".apply-overlays-dtmerge.enable = true; + deviceTree = { + enable = true; + filter = "*rpi-4-*.dtb"; + overlays = [ + { + name = "w1-gpio"; + dtboFile = ./w1-gpio.dtbo; + } + ]; + }; }; + boot.kernelModules = [ "pwm_bcm2835" "w1-gpio" ]; +#hardware = { +# raspberry-pi."4".apply-overlays-dtmerge.enable = true; +# deviceTree = { +# enable = true; +# filter = "*rpi-4-*.dtb"; +# }; +# }; # Use the extlinux boot loader. (NixOS wants to enable GRUB by default) boot.loader.grub.enable = false; # Enables the generation of /boot/extlinux/extlinux.conf boot.loader.generic-extlinux-compatible.enable = true; + networking.hostName = "pinix"; + networking.firewall = { + allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport + }; - # networking.hostName = "pinix"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - # time.timeZone = "Europe/Berlin"; + networking.networkmanager.enable = true; + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.3/24" ]; + listenPort = 51820; + privateKeyFile = "/home/dm/.wireguard/pinix"; + + peers = [ + { # dmeiburg + publicKey = "jc61U+bmIT8lNxirhjrxpB+rELLUoPhLmUKvUpo/OjY="; + + allowedIPs = [ "10.100.0.0/24"]; + + endpoint = "152.53.0.23:51820"; + + persistentKeepalive = 25; + } + ]; + }; + }; + + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; system.stateVersion = "24.05"; # Did you read the comment? } diff --git a/hosts/pinix/w1-gpio.dtbo b/hosts/pinix/w1-gpio.dtbo new file mode 100644 index 0000000..83eda9e Binary files /dev/null and b/hosts/pinix/w1-gpio.dtbo differ diff --git a/hosts/workstation.nix b/hosts/workstation.nix index 37daaca..3aaa3c2 100644 --- a/hosts/workstation.nix +++ b/hosts/workstation.nix @@ -38,6 +38,7 @@ }; security.pam.services.swaylock = {}; + networking.networkmanager.enable = true; # enable nitrokeys services.udev.packages = [ pkgs.nitrokey-udev-rules ];