From a6a5ff50dfcf4b65413ed79ae3e036437b5d4727 Mon Sep 17 00:00:00 2001 From: Henri Dohmen Date: Wed, 18 Mar 2026 15:24:09 +0100 Subject: [PATCH] update, calibre, and wireguard on roam --- flake.lock | 42 +++++++++++++++---------------- host/roam/networking.nix | 29 ++++++++++++++++++++- mod/desktop/software/default.nix | 2 +- secrets.nix | 1 + secrets/roam/mullvad-vpn-key.age | Bin 0 -> 587 bytes 5 files changed, 51 insertions(+), 23 deletions(-) create mode 100644 secrets/roam/mullvad-vpn-key.age diff --git a/flake.lock b/flake.lock index fd15ef6..6d75b9c 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1772893680, + "narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "8baab586afc9c9b57645a734c820e4ac0a604af9", "type": "github" }, "original": { @@ -265,11 +265,11 @@ ] }, "locked": { - "lastModified": 1772164835, - "narHash": "sha256-zRcwrZDeBfYipqv/7K7TqsfPb87LFU6b7JhoNUGSnvQ=", + "lastModified": 1773810247, + "narHash": "sha256-6Vz1Thy/1s7z+Rq5OfkWOBAdV4eD+OrvDs10yH6xJzQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "2a39b0828bbffce0d73769a61e46e780488d098b", + "rev": "d47357a4c806d18a3e853ad2699eaec3c01622e7", "type": "github" }, "original": { @@ -325,11 +325,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1771969195, - "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=", + "lastModified": 1773533765, + "narHash": "sha256-qonGfS2lzCgCl59Zl63jF6dIRRpvW3AJooBGMaXjHiY=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e", + "rev": "f8e82243fd601afb9f59ad230958bd073795cbfe", "type": "github" }, "original": { @@ -341,11 +341,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", + "lastModified": 1773734432, + "narHash": "sha256-IF5ppUWh6gHGHYDbtVUyhwy/i7D261P7fWD1bPefOsw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", + "rev": "cda48547b432e8d3b18b4180ba07473762ec8558", "type": "github" }, "original": { @@ -357,11 +357,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1770650459, - "narHash": "sha256-hGeOnueXorzwDD1V9ldZr+y+zad4SNyqMnQsa/mIlvI=", + "lastModified": 1773046814, + "narHash": "sha256-3CEw64UyzEk5QjfbcXNIl4TfmIpa2oY+duuo6aiawcU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fff0554c67696d76a0cdd9cfe14403fbdbf1f378", + "rev": "0c6c0dd2469abaa216599bb19bbf77a328af6564", "type": "github" }, "original": { @@ -454,11 +454,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1772064816, - "narHash": "sha256-ks1D9Rtmopd5F/8ENjEUJpSYYMxv603/v6TRen9Hq54=", + "lastModified": 1773599089, + "narHash": "sha256-3R+2SlbvKyYprAwWafUk7ATVKcJRBKlNhbm6Bn6t0HU=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "ea4dc17f4bc0f65eed082fa394509e4543072b56", + "rev": "7dfcb21d35a4e8de09b38d822a0e0b7d64d61192", "type": "gitlab" }, "original": { @@ -520,11 +520,11 @@ ] }, "locked": { - "lastModified": 1772160053, - "narHash": "sha256-ZA8B+3MPfHmpZqzEzyjV8j3qQKq8LQitu5qEjSyZ+dQ=", + "lastModified": 1773802261, + "narHash": "sha256-yA91ySZRw9x7aLSy79LCWXt3l05lwNIfuNnGqz7Jy5A=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "104487aa06fdff228f52fc05f12808ea69c7daab", + "rev": "af36c53062b124e097e2a545c68eacfde3fc715b", "type": "github" }, "original": { diff --git a/host/roam/networking.nix b/host/roam/networking.nix index 47a5999..0ed210d 100644 --- a/host/roam/networking.nix +++ b/host/roam/networking.nix @@ -1,9 +1,21 @@ -{ var, ... }: +{ + var, + config, + secrets, + ... +}: let wireguard-port = 51820; in { + age.secrets.mullvad-vpn-key = { + file = secrets.roam."mullvad-vpn-key.age"; + owner = "root"; + group = "root"; + mode = "440"; + }; + networking = { enableIPv6 = true; @@ -48,6 +60,21 @@ in privateKeyFile = var.wg.keyFile; peers = var.wg.peers-for "roam"; }; + interfaces."mullvad" = { + ips = [ + "10.69.173.41/32" + "fc00:bbbb:bbbb:bb01::6:ad28/128" + ]; # free cat + privateKeyFile = config.age.secrets.mullvad-vpn-key.path; + peers = [ + { + name = "de-fra-wg-007"; + publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys="; + allowedIPs = [ ]; + endpoint = "de-fra-wg-007.relays.mullvad.net:51820"; + } + ]; + }; }; }; diff --git a/mod/desktop/software/default.nix b/mod/desktop/software/default.nix index 9c53cae..73ef796 100644 --- a/mod/desktop/software/default.nix +++ b/mod/desktop/software/default.nix @@ -15,7 +15,7 @@ in config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ bitwarden-desktop - # calibre FIXME: broken atm + calibre colmena fuzzel gh diff --git a/secrets.nix b/secrets.nix index 75eb17c..191b729 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ let "roam/nextcloud-admin-password" "hd-password" "tlskey" + "roam/mullvad-vpn-key" ]; trusted-secrets = [ # Can only be decrypted by clients diff --git a/secrets/roam/mullvad-vpn-key.age b/secrets/roam/mullvad-vpn-key.age new file mode 100644 index 0000000000000000000000000000000000000000..cf73797230e7e4af72e470dda19794bb5f790b04 GIT binary patch literal 587 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyOsOac4peaSPB*p) zGtD&$$j)&raLvvxO7<)EO9|5tOHVB^x2Vk1P7lb6%JvNpwcs-FNeu`#iE_7a)z5Yb z2@UghDh&xP&2kF#4R$JbFUqRQ4|C0MGBhqtaYVPxGs)Gm%2A=LB+=L?FDSXZG(A5& zqQuY4vY^B<%O%Uj!ob4R)i21kv^XraAidBpBcIFPDcm(6-6hOP+swSk-yk3{GA!K1 zD9qR>#MsBgD=W(M75N2~W%-#|cZs zRT!rvrE}@(>M9hKIQrzL75SxShnr_s`TGaBxCiHzWR|2wWO#-aIaQbyXzQ2yWag&$ zIC7cQwaU7FIV8+rvQ~E8#rc;nGVt6G`+n!8h0{jn?=eeRONE}NoG#u`+;07A)z_+9 jN7g#ssWY-s%BlZhyICX8t+n}d=ri4!I+DFC?EA9;j4{a( literal 0 HcmV?d00001