feature(toxvpn): add initial commit

2024-09-28 14:06:46 +10:00 · 2024-09-28 14:06:46 +10:00 · c3ce25c827
parent 9c3858318a
commit c3ce25c827
9 changed files with 44 additions and 12 deletions
--- a/flake.lock
+++ b/flake.lock
@ -5125,16 +5125,16 @@
    },
    "nixpkgsUnstable": {
      "locked": {
-        "lastModified": 1727122398,
-        "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=",
+        "lastModified": 1727561184,
+        "narHash": "sha256-mVR5o+9xEs8EJqNXQDeXq6v3KlcSAKsB2L2z4rNRjZY=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093",
+        "rev": "60c3d109ffe080e672f14047c1e7a24896f06186",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
-        "ref": "nixos-unstable",
+        "ref": "pull/345190/head",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -12,7 +12,7 @@
    iohkNix.url = github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd;
    nix.url = github:NixOS/nix/?ref=2.24.6;
    nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05;
-    nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable;
+    nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=pull/345190/head;
    ragenix = {
      url = github:yaxitech/ragenix;
      inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/cuallaidh/default.nix
+++ b/hosts/cuallaidh/default.nix
@ -13,7 +13,7 @@
    ../../profiles/ipv6.nix
    ../../profiles/mastodon.nix
    ../../profiles/matrix.nix
-    #../../profiles/mcwhirter.io.nix
+    ../../profiles/mcwhirter.io.nix
    #../../profiles/minecraftServer.nix
    ../../profiles/nextcloud.nix
    ../../profiles/nixpkgs-dev.nix
--- a/hosts/sanganto/default.nix
+++ b/hosts/sanganto/default.nix
@ -21,8 +21,6 @@
    ../../profiles/users-ops.nix # MIO Ops users
  ];

-  deployment.targetHost = "10.42.0.11";
-
  nixpkgs = {
    config = {
      allowUnfree = true;
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -1,6 +1,7 @@
 [
  ./profiles/cosmicDesktop
  ./profiles/starship
+  ./profiles/toxvpn
  ./roles/desktop
  ./roles/desktopCraige
 ]
--- a/modules/profiles/toxvpn/default.nix
+++ b/modules/profiles/toxvpn/default.nix
@ -0,0 +1,23 @@
+# VPN configuration for MIO.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.profiles.toxvpn;
+in {
+  options.profiles.toxvpn = {
+    enable = mkEnableOption "to enable toxvpn.";
+  };
+  config = mkIf (cfg.enable) {
+    services.toxvpn = {
+      enable = true;
+      auto_add_peers = [
+        "4b921c107cd25b9bc62dfa4a040a9409f51d3aa001d4f12e15f01b4eba9e2f7f8ecc3b68cd13" # sanganto
+        "a18dfff426f5a752eb1bdc90ea307850982c1dff1444caf72b75f73483e358213b60281235a4" # eamhair
+      ];
+    };
+  };
+}
--- a/modules/roles/desktop/default.nix
+++ b/modules/roles/desktop/default.nix
@ -23,6 +23,7 @@ in {
      libreoffice-fresh # Comprehensive, professional-quality productivity suite
      mplayer # A movie player that supports many video formats
      nextcloud-client # Nextcloud desktop client
+      pavucontrol # PulseAudio Volume Control
      pwgen # Password generator
      rsync
      shotwell # Photo organizer
--- a/outputs.nix
+++ b/outputs.nix
@ -36,14 +36,20 @@ in {
        overlays = [];
      };
    };
-    defaults = {
+    defaults = {pkgs, ...}: {
      imports = [
        ./modules
        cosmicDesktop.nixosModules.default
      ];
      # make flake inputs accessible in NixOS
      _module.args.inputs = inputs;
+      nixpkgs.overlays = [
+        (super: self: {
+          inherit (nixpkgsUnstable.legacyPackages."${pkgs.system}") toxvpn;
+        })
+      ];
      profiles.starship.enable = true;
+      profiles.toxvpn.enable = true;
    };
    # Comment out deployment line when building the SD Image.
    airgead = {
@ -128,6 +134,7 @@ in {
        tags = ["active" "rPi"];
        targetHost = "10.42.0.205";
      };
+      services.toxvpn.localip = "10.37.0.205";
    };
    iolear-beag = {
      imports = [
@ -150,8 +157,10 @@ in {
        hosts/sanganto
        ragenix.nixosModules.default
      ];
+      deployment.targetHost = "10.42.0.11";
      roles.desktop.enable = true;
      roles.desktopCraige.enable = true;
+      services.toxvpn.localip = "10.37.0.11";
    };
    sercanto = {
      imports = [
--- a/profiles/mcwhirter.io.nix
+++ b/profiles/mcwhirter.io.nix
@ -4,8 +4,8 @@
  pkgs,
  ...
 }: let
-  sources = import ../nix/sources.nix;
-  mcwhirter-io = import sources.mcwhirter-io {};
+  #sources = import ../nix/sources.nix;
+  #mcwhirter-io = import sources.mcwhirter-io {};
  webdomain = "mcwhirter.io";
 in {
  environment.sessionVariables = {
@ -23,7 +23,7 @@ in {
        # website hostname
        enableACME = true; # Use ACME certs
        forceSSL = true; # Force SSL
-        root = "${mcwhirter-io}"; # Wesbite root
+        #root = "${mcwhirter-io}"; # Wesbite root
      };
      "www.${webdomain}" = {
        # Respect our elders :-)