home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

machines.nix (8987B)


      1 let
      2   invert-suffix = ip:
      3     let
      4       elts = builtins.split "[\.]" ip;
      5     in
      6     "${builtins.elemAt elts 6}.${builtins.elemAt elts 4}";
      7   gpgRemoteForward = {
      8     bind.address = "/run/user/1000/gnupg/S.gpg-agent";
      9     host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
     10   };
     11   gpgSSHRemoteForward = {
     12     bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
     13     host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
     14   };
     15   home = {
     16     ips = {
     17       aomi = "192.168.1.23";
     18       aion = "192.168.1.49";
     19       dev = "192.168.1.60";
     20       hokkaido = "192.168.1.115";
     21       honshu = "192.168.1.17";
     22       kobe = "192.168.1.18";
     23       naruhodo = "192.168.1.36";
     24       okinawa = "192.168.1.19";
     25       sakhalin = "192.168.1.70";
     26       shikoku = "192.168.1.24";
     27       synodine = "192.168.1.20";
     28       wakasu = "192.168.1.77";
     29       hass = "192.168.1.181";
     30       demeter = "192.168.1.182";
     31       athena = "192.168.1.183";
     32     };
     33   };
     34   wireguard = {
     35     ips = {
     36       kerkouane = "10.100.0.1";
     37       shikoku = "10.100.0.2";
     38       #honshu = "10.100.0.4";
     39       aomi = "10.100.0.17";
     40       hokkaido = "10.100.0.5";
     41       wakasu = "10.100.0.8";
     42       ipad = "10.100.0.3";
     43       vincent = "10.100.0.9";
     44       honshu = "10.100.0.10";
     45       houbeb = "10.100.0.13";
     46       okinawa = "10.100.0.14";
     47       naruhodo = "10.100.0.15";
     48       sakhalin = "10.100.0.16";
     49       hass = "10.100.0.81";
     50       demeter = "10.100.0.82";
     51       athena = "10.100.0.83";
     52     };
     53     kerkouane = {
     54       allowedIPs = [ "${wireguard.ips.kerkouane}/32" ];
     55       publicKey = "+H3fxErP9HoFUrPgU19ra9+GDLQw+VwvLWx3lMct7QI=";
     56     };
     57     shikoku = {
     58       allowedIPs = [ "${wireguard.ips.shikoku}/32" ];
     59       publicKey = "foUoAvJXGyFV4pfEE6ISwivAgXpmYmHwpGq6X+HN+yA=";
     60     };
     61     wakasu = {
     62       allowedIPs = [ "${wireguard.ips.wakasu}/32" ];
     63       publicKey = "qyxGnd/YJefqb4eEPqKO5XinvNx14fPcuZMNeYuBvSQ=";
     64     };
     65     vincent = {
     66       allowedIPs = [ "${wireguard.ips.vincent}/32" ];
     67       publicKey = "1wzFG60hlrAoSYcRKApsH+WK3Zyz8IjdLgIb/8JbuW0=";
     68     };
     69     ipad = {
     70       allowedIPs = [ "${wireguard.ips.ipad}/32" ];
     71       publicKey = "6viS+HqkW+qSj4X+Sj8n1PCJ6QIaZsOkmFQytlRvRwk=";
     72     };
     73     # houbeb = {
     74     #   allowedIPs = [ "${wireguard.ips.houbeb}/32" ];
     75     #   publicKey = "tzanPdQBkD6FrWjalZAuc3G9PtLgHjPVCBjvJDCgdSw=";
     76     # };
     77     okinawa = {
     78       allowedIPs = [ "${wireguard.ips.okinawa}/32" ];
     79       publicKey = "gsX8RiTq7LkCiEIyNk2j9b8CHlJjSUbi1Im6nSWGmB4=";
     80     };
     81     sakhalin = {
     82       allowedIPs = [ "${wireguard.ips.sakhalin}/32" ];
     83       publicKey = "OAjw1l0z56F8kj++tqoasNHEMIWBEwis6iaWNAh1jlk=";
     84     };
     85     aomi = {
     86       allowedIPs = [ "${wireguard.ips.aomi}/32" ];
     87       publicKey = "XT4D9YLeVHwMb9R4mhBLSWHYF8iBO/UOT86MQL1jnA4=";
     88     };
     89     hass = {
     90       allowedIPs = [ "${wireguard.ips.hass}/32" ];
     91       publicKey = "sLi6Qpm6yyI0kuJ5LzCKXzFhhTW3Q50krxSin+b/sWs=";
     92     };
     93     demeter = {
     94       allowedIPs = [ "${wireguard.ips.demeter}/32" ];
     95       publicKey = "0n1CwaCwBUkRYlq0ZRzHK1VFGx1mXPQZvLKtTA3dqRw=";
     96     };
     97     athena = {
     98       allowedIPs = [ "${wireguard.ips.athena}/32" ];
     99       publicKey = "3bmLHTJYq++uESQD/WA0Qml38IIchPG3sL4epKPGc0I=";
    100     };
    101   };
    102   ssh = {
    103     yubikey = {
    104       key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCDr3bRw6r43BVOltmTXtDQAtZlJ/viBrCb58fG8suSdO97xLEGukZzf1QX46aXQEsenfKOalcd+OrukcoVIiZtlh1BHAaBB09Q0vKjtB1zKcUdZQYb6kA21/ItpW3gNsZq5M98QpwS9soJOLSccQosDoVBWDcHx72Kpzp2x4seKyAIpb1gtPnQjnnwA7urTcANw7CU8lmB3UtJZNPHclJNKso7h0ZBapausk9t0xGP18rmzQAe2ipa6pwUzS5rRq+j0LiY/JZQaQWBfc1i3IcKictKW5EykKmywJcwmr/PcTdcgTT4FaD+b1t1QAPLV82HxGzOYQO+/WBptBdq7Ss5 openpgp:0x86ADD81F";
    105       authorized = true;
    106     };
    107     yubikey5 = {
    108       # key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:000610153832";
    109       key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJoArpBsTXr3m6q2QnA1vI1DSwmgdU0OAp7DUxcxl9CJfeZIEs/iAerk8jmHgJ2xCEF6SpzI0FWSQIXy8dKpF4wLJ0tCoq5LqQx3jEzy3NUBLfxK+/Baa1te4qG2YImlgnzmEEm5uZlCGZRY2L/U9+4Hwo1AgD69Zzin6QGh2pyTWpmZ/WyhwIfGgqsnlM9XlaVzlMHYfStDi+rUU6XEAfdSqo1SnWKDBHc3mDYGTVhfAlt2LucLKu7oI2MsSlSxva072BExctadtB3TGHbt8gRJZj8CdwgRNhT+hFfbsL6YDvQn6dhTSMuiD8sBEvVble0Nj4p+Q6ROCRIuMuhgh3 cardno:10 153 832";
    110       authorized = true;
    111     };
    112     kerkouane = {
    113       port = 20000;
    114       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane";
    115       authorized = true;
    116     };
    117     california = {
    118       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICl4uBPx98p0m1ra4nKxaDvCP8TCou5J10gFUpYAuzp9 u0_a103@localhost";
    119     };
    120     hokkaido = {
    121       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKcmRh9Khviqrl9wPPzogW9vTMAtkFc0HfWQ5kgvOpCw vincent@hokkaido";
    122       authorized = true;
    123     };
    124     wakasu = {
    125       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIITpgxTnebhBnFyjWiF1nPM7Wl7qF+ce3xy/FvA4ZVN+ vincent@wakasu";
    126       authorized = true;
    127     };
    128     vincent = {
    129       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINsbGtpU/w7Ff3O7hJ1QoO/5CuCrssBXrT+iHev/+rbf Generated By Termius";
    130     };
    131     kobe = {
    132       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqGw3BHWvCtVr1YPlsUSO2Hw8wJ67jdajnOlROX2H/Y vincent@kobe";
    133     };
    134     houbeb = {
    135       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUnBCTxRoIDhExcSaiirM5nf2PIcTMDUodYlGNvqfmD Generated By Termius";
    136     };
    137     phantom = {
    138       key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDm23WasboyoiYcaCyxb/DWXRwWXR183gHwOcWTGMKZaYy0WMAWkBUPJjD5s7tlib2D7GJIoBqoPRvNQbmUdxFle+CftY7aj7oP7s0FlbNzFmybTzcZ/3zkkkKAOw2USw3saQ4kd8IqyACo9TsfhajX8jsrrHl3dzyjqTDWlcJmETUGpdYbSA7E3WavzPF2x3/kFcA5cmoYgpcFpGgXAKvaG2IFONLv+vTDPtGVq+GiOwQSVR7TXpFmdhHEw9hnzHnsuffQMxANaQMvqPV8+H0jfF3H2WNqp8GULcGyudngkKioTAVvBiTiRJnVK7hg6SxpdlszqO0yMjN37NB2gPJz houbeb@phantom.local";
    139     };
    140     okinawa = {
    141       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILcu4MmZNeBLE7HDjLc6T10tz6rerziQbsZN0LS+mAiq vincd@okinawa";
    142     };
    143     honshu = {
    144       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAocnNHVCqloXfsvbOoMV0KYAdeon5NYrZX3bnWK+SAo vincent@honshu";
    145     };
    146     aomi = {
    147       key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJ3QqVCUiE4BIFKTJLN6mSnp9bLSnJ3gE8ScbAajGsH vincent@aomi";
    148       authorized = true;
    149     };
    150   };
    151 in
    152 {
    153   home = home;
    154   wireguard = wireguard;
    155   wg = {
    156     allowedIPs = "10.100.0.0/24";
    157     listenPort = 51820;
    158     endpointIP = "167.99.17.238";
    159     persistentKeepalive = 25;
    160     peers = [ wireguard.shikoku wireguard.wakasu wireguard.vincent wireguard.sakhalin wireguard.aomi wireguard.ipad wireguard.hass wireguard.demeter wireguard.athena ]; # wireguard.honshu wireguard.hokkaido wireguard.houbeb
    161   };
    162   ssh = ssh;
    163   sshConfig = {
    164     "naruhodo.home" = {
    165       hostname = "${home.ips.naruhodo}";
    166     };
    167     "naruhodo.vpn" = {
    168       hostname = "${wireguard.ips.naruhodo}";
    169     };
    170     "aomi.home" = {
    171       hostname = "${home.ips.aomi}";
    172       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    173     };
    174     "aion.home" = {
    175       hostname = "${home.ips.aion}";
    176       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    177     };
    178     "aomi.vpn" = {
    179       hostname = "${wireguard.ips.aomi}";
    180       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    181     };
    182     "okinawa.home" = {
    183       hostname = "${home.ips.okinawa}";
    184       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    185     };
    186     "okinawa.vpn" = {
    187       hostname = "${wireguard.ips.okinawa}";
    188       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    189     };
    190     "sakhalin.home" = {
    191       hostname = "${home.ips.sakhalin}";
    192       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    193     };
    194     "sakhalin.vpn" = {
    195       hostname = "${wireguard.ips.sakhalin}";
    196       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    197     };
    198     "hokkaido.home" = {
    199       hostname = "${home.ips.hokkaido}";
    200       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    201     };
    202     "hokkaido.vpn" = {
    203       hostname = "${wireguard.ips.hokkaido}";
    204       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    205     };
    206     "wakasu.home" = {
    207       hostname = "${home.ips.wakasu}";
    208       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    209     };
    210     "wakasu.vpn" = {
    211       hostname = "${wireguard.ips.wakasu}";
    212       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    213     };
    214     "athena.home" = {
    215       hostname = "${home.ips.athena}";
    216       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    217     };
    218     "demeter.home" = {
    219       hostname = "${home.ips.demeter}";
    220       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    221     };
    222     "dev.home" = {
    223       hostname = "${home.ips.dev}";
    224     };
    225     "kerkouane.vpn" = {
    226       hostname = "${wireguard.ips.kerkouane}";
    227       remoteForwards = [ gpgRemoteForward gpgSSHRemoteForward ];
    228     };
    229   };
    230 }