diff --git a/home/bin/executable_linux-toggle-vpn b/home/bin/executable_linux-toggle-vpn
new file mode 100644
index 00000000..5847a92e
--- /dev/null
+++ b/home/bin/executable_linux-toggle-vpn
@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+
+if [ -f ~/.wg0 ]; then
+ sudo systemctl stop wg-quick-wg0.service
+ rm ~/.wg0
+else
+ sudo systemctl restart wg-quick-wg0.service
+ touch ~/.wg0
+fi
diff --git a/home/dot_config/sway/config.tmpl b/home/dot_config/sway/config.tmpl
index 7037709b..0ccce0bb 100644
--- a/home/dot_config/sway/config.tmpl
+++ b/home/dot_config/sway/config.tmpl
@@ -127,7 +127,6 @@ mode utility {
bindsym q exit
bindsym r reload
bindsym g exec "~/.config/sway/scripts/gamemode.sh", $e
- bindsym v exec "~/.config/sway/scripts/toggle-vpn.sh {{ .hostname }}", $e
bindsym Escape mode default
}
diff --git a/home/dot_config/sway/scripts/executable_status.sh.tmpl b/home/dot_config/sway/scripts/executable_status.sh.tmpl
index b99b49fe..20f758e9 100644
--- a/home/dot_config/sway/scripts/executable_status.sh.tmpl
+++ b/home/dot_config/sway/scripts/executable_status.sh.tmpl
@@ -44,11 +44,11 @@ txmb=$(echo "scale = 1; $tx / 1280000" | bc | awk '{printf "%05.1f\n", $0}')
rxmb=$(echo "scale = 1; $rx / 1280000" | bc | awk '{printf "%05.1f\n", $0}')
# Vpn status
-vpn=$(nmcli c show --active | grep wireguard | cut -d ' ' -f1)
-if $vpn ; then
+if [ -f ~/.wg0 ] ; then
+ vpn="wg0"
+else
vpn="none"
fi
#lel
echo -e "👍 $txmb 👎 $rxmb | 📡 $vpn | ⬆️ $uptime_formatted | 🔉$volume% | $gamemode | 🐧 $linux_version | $date_formatted "
-
diff --git a/home/dot_config/sway/scripts/executable_toggle-vpn.sh b/home/dot_config/sway/scripts/executable_toggle-vpn.sh
deleted file mode 100644
index 326fe195..00000000
--- a/home/dot_config/sway/scripts/executable_toggle-vpn.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-
-cons=$(nmcli -t -f NAME c show --active | grep $1)
-if [ $cons ]; then
- nmcli c down $1 1> /dev/null
-else
- nmcli c up $1 1> /dev/null
-fi
diff --git a/provision/nixos/hosts/kestrel/configuration.nix b/provision/nixos/hosts/kestrel/configuration.nix
index 7ce1e3f3..20720f66 100644
--- a/provision/nixos/hosts/kestrel/configuration.nix
+++ b/provision/nixos/hosts/kestrel/configuration.nix
@@ -1,7 +1,6 @@
{ config, pkgs, user, lib, ... }:
{
imports = [
- ./wireguard-client.nix
../../modules
];
@@ -81,7 +80,7 @@
steam.enable = true;
};
services = {
- #jellyfin.enable = true;
+ jellyfin.enable = false;
peripherals.enable = true;
samba-client.enable = true;
syncthing.enable = true;
@@ -90,6 +89,13 @@
system = {
ssh.enable = true;
terminal.enable = true;
+ wireguard-client = {
+ enable = true;
+ privateKeyFile = "/home/${user}/.wireguard/kestrel";
+ address = [ "192.168.2.3/24" ];
+ publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
+ endpoint = "66.218.43.87";
+ };
};
};
# Did you read the comment?
diff --git a/provision/nixos/hosts/kestrel/wireguard-client.nix b/provision/nixos/hosts/kestrel/wireguard-client.nix
deleted file mode 100644
index 0c23b6e8..00000000
--- a/provision/nixos/hosts/kestrel/wireguard-client.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, pkgs, user, lib, ... }:
-{
- networking.firewall = {
- allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
- };
- # Enable WireGuard
- networking.wireguard.interfaces = {
- # "wg0" is the network interface name. You can name the interface arbitrarily.
- wg0 = {
- # Determines the IP address and subnet of the client's end of the tunnel interface.
- ips = [ "192.168.2.3/32" ];
- listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
-
- # Path to the private key file.
- #
- # Note: The private key can also be included inline via the privateKey option,
- # but this makes the private key world-readable; thus, using privateKeyFile is
- # recommended.
- privateKeyFile = "/home/${user}/.wireguard/kestrel";
-
- peers = [
- # For a client configuration, one peer entry for the server will suffice.
-
- {
- # Public key of the server (not a file path).
- publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
-
- # Forward all the traffic via VPN.
- allowedIPs = [ "0.0.0.0/0" "::/0" ];
- # Or forward only particular subnets
- #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ];
-
- # Set this to the server IP and port.
- endpoint = "192.168.1.175:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
-
- # Send keepalives every 25 seconds. Important to keep NAT tables alive.
- persistentKeepalive = 25;
- }
- ];
- };
- };
-}
diff --git a/provision/nixos/modules/system/default.nix b/provision/nixos/modules/system/default.nix
index 3d1a89d9..9abd35a0 100644
--- a/provision/nixos/modules/system/default.nix
+++ b/provision/nixos/modules/system/default.nix
@@ -1,4 +1,4 @@
{ ... }:
{
- imports = [ ./terminal.nix ./ssh.nix ];
+ imports = [ ./wireguard-client.nix ./terminal.nix ./ssh.nix ];
}
diff --git a/provision/nixos/modules/system/wireguard-client.nix b/provision/nixos/modules/system/wireguard-client.nix
new file mode 100644
index 00000000..f2c48917
--- /dev/null
+++ b/provision/nixos/modules/system/wireguard-client.nix
@@ -0,0 +1,37 @@
+{ config, lib, pkgs, user, ... }:
+
+let cfg = config.modules.system.wireguard-client;
+
+in {
+ options.modules.system.wireguard-client = with lib; {
+ enable = lib.mkEnableOption "wireguard-client";
+ privateKeyFile = lib.mkOption { type = with types; str; };
+ address = lib.mkOption { type = with types; listOf str; };
+ publicKey = lib.mkOption { type = with types; str; };
+ endpoint = lib.mkOption { type = with types; str; };
+ autostart = lib.mkOption {
+ type = with types; bool;
+ default = false;
+ };
+ };
+
+ config = lib.mkIf cfg.enable {
+ networking.firewall = {
+ allowedUDPPorts = [ 51820 ];
+ };
+ networking.wg-quick.interfaces = {
+ wg0 = {
+ address = cfg.address;
+ listenPort = 51820;
+ privateKeyFile = cfg.privateKeyFile;
+ autostart = cfg.autostart;
+ peers = [{
+ publicKey = cfg.publicKey;
+ allowedIPs = [ "0.0.0.0/0" "::/0" ];
+ endpoint = "${cfg.endpoint}:51820";
+ persistentKeepalive = 25;
+ }];
+ };
+ };
+ };
+}