maple/flake-rewrite
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
a monolithic rebuild of my personal flakes
94 commits 1 branch 0 tags 2.6 MiB
  • Nix 100%
Find a file
Exact
Winter 07cf9f17c4 switched from vesktop to discord and added a home manager rule to create a 
pipewire device for discord capture
2026-03-20 00:57:34 -05:00
certs added mononoki to fonts 2026-02-25 19:12:55 -06:00
home added hm module for zed 2026-03-05 20:59:26 -06:00
hosts add custom package shijima-qt 2026-03-09 17:14:35 -05:00
modules switched from vesktop to discord and added a home manager rule to create a 2026-03-20 00:57:34 -05:00
pkgs packaged fluxer and added to modules/messaging.nix 2026-03-15 02:22:01 -05:00
secrets added t490 to wireguard 2026-03-01 22:28:03 -06:00
.envrc added devshell for flake 2026-03-20 00:37:45 -05:00
.gitignore ignore .direnv/ 2026-03-20 00:38:14 -05:00
.sops.yaml added t490 to wireguard 2026-03-01 22:28:03 -06:00
flake.lock updated flake inputs 2026-03-20 00:37:02 -05:00
flake.nix added devshell for flake 2026-03-20 00:37:45 -05:00
README.md updated flake inputs and README 2026-03-16 20:15:34 -05:00
shell.nix added steamdeck w/ jovian 2026-02-19 19:44:33 -06:00

README.md

ABOUT

This is part of an ongoing effort to merge my various Nix flakes into a single repo.

TODO

  • Merge my laptop's flake into this repo - [ ] Extract custom bits for flake-wide use (for example, custom firefox packages with extensions pre-installed) switching to NUR for firefox stuff
  • Flesh out documentation
  • Flesh out wireguard module
    • Change logic to enable more complex topologies
    • Enable allowed routes configuration to allow for network egress
  • Transition cloud servers to Nix
    • Build out flakes mostly in advance
    • Install NixOS with nixos-anywhere
    • Debug until things work

DOCS

This flake uses deploy-rs and nix-sops to declaratively manage my personal systems as well as their relation to each other, such as wireguard connections.

The Wireguard module specifically aims to replace my personal usage of tools like Tailscale and Netmaker, which add too much overhead for my taste and mostly just abstract away Wireguard anyway. Peers are defined in modules/wireguard/topology.nix, and have most settings exposed for configuration.

Example modules/wireguard/topology.nix configuration:

#modules/wireguard/topology.nix
{
  cidr = "16"; # CIDR for wireguard mesh
  wireguardPort = "51820" # Port wireguard listens on (defaults to "51820" if not set)
  nodes = {
    hub = {
      internalIP = "10.100.0.1"; # this hosts's IP in the wireguard mesh
      endpoint = "192.0.2.1"; # IP/hostname where this node can be reached (for hubs with static IPs)
      peers = [
        "spoke-1"
        "spoke-2"
        "spoke-3"
      ]; # List of peer names that can connect to this node
      advertisedRoutes = [
        "10.100.0.0/16" # Wireguard mesh network
        "192.0.2.0/24" # Local network this hub can route to
      ]; # Networks this node advertises it can reach (for routing through this node)
      forward = true; # Enable IP forwarding and NAT (required for routing/gateway functionality)
      lanInterface = "eth0"; # Network interface for external NAT traffic (defaults to "eth0" if not set)
    };

    spoke-1 = {
      internalIP = "10.100.0.11";
      endpoint = null; # No public endpoint (this node connects outbound only)
      peers = [ "hub" ]; # Connect only to the hub
      advertisedRoutes = [ ]; # Not advertising any routes
      routeThrough = {
        "192.0.2.0/24" = "alpha"; # Route to 192.0.2.0/24 through "hub"
      };
      forward = false; # Not a gateway
    };

    # Define more nodes as needed, each node name must be unique and match its hostname
  };
}