From 2675f029e0667b672e6163f47a1de47f6a609705 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sun, 8 Oct 2023 20:43:23 -0700 Subject: [PATCH] finish setup for wireguard clients --- home/private_dot_wireguard/adjudicator.conf.tmpl | 12 ++++++++++++ home/private_dot_wireguard/adjudicator.pub | 1 + home/private_dot_wireguard/adjudicator.tmpl | 1 + provision/nixos/hosts/kestrel/configuration.nix | 9 +++++++++ provision/nixos/modules/system/wireguard-client.nix | 3 +++ 5 files changed, 26 insertions(+) create mode 100644 home/private_dot_wireguard/adjudicator.conf.tmpl create mode 100644 home/private_dot_wireguard/adjudicator.pub create mode 100644 home/private_dot_wireguard/adjudicator.tmpl diff --git a/home/private_dot_wireguard/adjudicator.conf.tmpl b/home/private_dot_wireguard/adjudicator.conf.tmpl new file mode 100644 index 00000000..33b4b8fa --- /dev/null +++ b/home/private_dot_wireguard/adjudicator.conf.tmpl @@ -0,0 +1,12 @@ +[Interface] +# your own IP on the wireguard network +Address = 192.168.2.2/24 +Table = auto +PrivateKey = {{ (secret "Wireguard - Adjudicator Secret" "NOTES") }} + +[Peer] +PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ= +# restrict this to the wireguard subnet if you don't want to route everything to the tunnel +AllowedIPs = 0.0.0.0/0, ::/0 +# ip and port of the peer +Endpoint = 66.218.43.87:51820 diff --git a/home/private_dot_wireguard/adjudicator.pub b/home/private_dot_wireguard/adjudicator.pub new file mode 100644 index 00000000..5813cede --- /dev/null +++ b/home/private_dot_wireguard/adjudicator.pub @@ -0,0 +1 @@ +r2/IeYCO1T+l248387wUBoNnc2DK9O8pHcIr/NQqezM= diff --git a/home/private_dot_wireguard/adjudicator.tmpl b/home/private_dot_wireguard/adjudicator.tmpl new file mode 100644 index 00000000..068aff98 --- /dev/null +++ b/home/private_dot_wireguard/adjudicator.tmpl @@ -0,0 +1 @@ +{{ (secret "Wireguard - Adjudicator Secret" "NOTES") }} diff --git a/provision/nixos/hosts/kestrel/configuration.nix b/provision/nixos/hosts/kestrel/configuration.nix index 20720f66..4a526710 100644 --- a/provision/nixos/hosts/kestrel/configuration.nix +++ b/provision/nixos/hosts/kestrel/configuration.nix @@ -58,6 +58,15 @@ extraGroups = [ "dialout" "wheel" "docker" "libvirtd" ]; # Enable ‘sudo’ for the user. }; + # Password-less root + security.sudo.extraRules = [{ + users = [ "${user}" ]; + commands = [{ + command = "ALL" ; + options= [ "NOPASSWD" ]; # "SETENV" # Adding the following could be a good idea + }]; + }]; + # List packages installed in system profile. environment.systemPackages = with pkgs; [ # One-off stable packages diff --git a/provision/nixos/modules/system/wireguard-client.nix b/provision/nixos/modules/system/wireguard-client.nix index f2c48917..c5dac83b 100644 --- a/provision/nixos/modules/system/wireguard-client.nix +++ b/provision/nixos/modules/system/wireguard-client.nix @@ -16,6 +16,9 @@ in { }; config = lib.mkIf cfg.enable { + # Create qr code for phones with: + # qrencode -t ansiutf8 < myfile_here + environment.systemPackages = with pkgs; [ qrencode ]; networking.firewall = { allowedUDPPorts = [ 51820 ]; };