removed helper flake for proton

2024-11-22 12:49:32 -08:00 · 2024-01-02 19:03:24 -08:00 · 2024-01-02 19:03:24 -08:00 · 6a0768985c
commit 6a0768985c
parent 292b198f08
4 changed files with 63 additions and 59 deletions
--- a/flake.lock
+++ b/flake.lock
@ -3,7 +3,9 @@
    "erosanix": {
      "inputs": {
        "flake-compat": "flake-compat",
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
      },
      "locked": {
        "lastModified": 1704240213,
@ -21,7 +23,7 @@
    },
    "ewwtilities": {
      "inputs": {
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
@ -210,7 +212,7 @@
    },
    "kmonad": {
      "inputs": {
-        "nixpkgs": "nixpkgs_4"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "dir": "nix",
@ -230,7 +232,7 @@
    },
    "nicks_nextcloud_integrations": {
      "inputs": {
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_4",
        "rust-overlay": "rust-overlay_2"
      },
      "locked": {
@ -249,16 +251,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1703894134,
-        "narHash": "sha256-hCRiCTTWuJs+lL78MNj0LoJlblRDdYDp4uCfgOb16R8=",
+        "lastModified": 1699099776,
+        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "95e64993338571677c2af816112d57f5ac426dc1",
+        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "master",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -296,22 +298,6 @@
      }
    },
    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1699099776,
-        "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_3": {
      "locked": {
        "lastModified": 1681358109,
        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
@ -327,7 +313,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1653326962,
        "narHash": "sha256-W8feCYqKTsMre4nAEpv5Kx1PVFC+hao/LwqtB2Wci/8=",
@ -343,7 +329,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1692447944,
        "narHash": "sha256-fkJGNjEmTPvqBs215EQU4r9ivecV5Qge5cF/QDLVn3U=",
@ -359,7 +345,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1681358109,
        "narHash": "sha256-eKyxW4OohHQx9Urxi7TQlFBTDWII+F+x2hklDOQPB50=",
@ -375,7 +361,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1703637592,
        "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
@ -391,7 +377,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_8": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1703637592,
        "narHash": "sha256-8MXjxU0RfFfzl57Zy3OfXCITS0qWDNLzlBAdwxGZwfY=",
@ -410,7 +396,7 @@
    "nixvim": {
      "inputs": {
        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_8",
+        "nixpkgs": "nixpkgs_7",
        "pre-commit-hooks": "pre-commit-hooks"
      },
      "locked": {
@ -460,7 +446,7 @@
        "home-manager": "home-manager",
        "kmonad": "kmonad",
        "nicks_nextcloud_integrations": "nicks_nextcloud_integrations",
-        "nixpkgs": "nixpkgs_7",
+        "nixpkgs": "nixpkgs_6",
        "nixpkgs-stable": "nixpkgs-stable",
        "nixvim": "nixvim",
        "utils": "utils"
@ -469,7 +455,7 @@
    "rust-overlay": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1699323235,
@ -488,7 +474,7 @@
    "rust-overlay_2": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_5"
      },
      "locked": {
        "lastModified": 1692497375,
--- a/flake.nix
+++ b/flake.nix
@ -22,11 +22,6 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };

-    erosanix = {
-      url = "github:emmanuelrosa/erosanix";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
-
    nicks_nextcloud_integrations.url = "git+https://git.nickiel.net/Nickiel/nicks_nextcloud_integrations.git";
    ewwtilities.url = "git+https://git.nickiel.net/Nickiel/Ewwtilities.git";

--- a/hosts/Alaska/default.nix
+++ b/hosts/Alaska/default.nix
@ -9,11 +9,12 @@
    ./hardware-configuration.nix
    ./modules/dnsmasq.nix
    ./modules/forgejo.nix
+    ./modules/headscale.nix
+    ./modules/msmtp.nix
    ./modules/nginx.nix
    ./modules/nextcloud.nix
    ./modules/nicks_nextcould_integrations.nix
-    ./modules/msmtp.nix
-    ./modules/headscale.nix
+    ./modules/protonvpn.nix
    ./modules/tailscale.nix
    ./modules/vaultwarden.nix
  ];
@ -56,7 +57,7 @@
    pkgs.hddtemp
    pkgs.smartmontools
    pkgs.screen
-    pkgs.wiregaurd-tools
+    pkgs.wireguard-tools
  ];

  services.xserver.videoDrivers = [ "nvidia" ];
--- a/hosts/Alaska/modules/protonvpn.nix
+++ b/hosts/Alaska/modules/protonvpn.nix
@ -1,26 +1,48 @@
-{ config, ...}:
+{ config, pkgs, ...}:

 let
 in
 {
-  services.protonvpn = {
-    enable = true;
+  networking.firewall = {
+    allowedUDPPorts = [
+      53
+      config.services.protonvpn.interface.port
+    ];
+    allowedTCPPorts = [
+      53
+    ];
+  };
+
+  networking.wg-quick.interfaces."protonvpn" = {
    autostart = false;
-    interface = {
-      name = "protonvpn";
-      ip = "10.2.0.2/32";
-      port = 51820;
-      privateKeyFile = "/home/nixolas/.passfiles/protonvpn";
-      dns = {
-        enable = true;
-        ip = "10.2.0.1";
-      };
-    };
-    endpoint = {
-      publicKey = "yB6ySO0kjqbgVWanDYKDgWoAMwM3X//nBiKXwaqmiwU=";
-      ip = "89.187.180.55";
-      port = 51820;
-    };
+    #dns = [ 10.2.0.1 ];
+    privateKeyFile = "/home/nixolas/.passfiles/protonvpn";
+    address = [ "10.2.0.2/32" ];
+    listenPort = 51820;
+
+    peers = [
+      {
+        publicKey = "yB6ySO0kjqbgVWanDYKDgWoAMwM3X//nBiKXwaqmiwU=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "89.187.180.55:51820";
+      }
+    ];
+
+    # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
+    postUp = ''
+      # ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
+      # ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
+      # ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
+      # ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
+    '';
+
+    # Undo the above
+    preDown = ''
+      # ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
+      # ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
+      # ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
+      # ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
+    '';
  };

 }