From b1d0ea5d622d6e97ee812506f4783bff03d1b239 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= <patrickdgro@gmail.com>
Date: Sun, 12 Feb 2023 17:50:44 +0100
Subject: [PATCH] feat: wireguard config (closes #21)

---
 configuration.nix                       |   1 +
 modules/wireguard.nix                   |  43 ++++++++++++++++++++++++
 secrets/test.age                        |  12 -------
 secrets/wireguard/elisabeth-pre.wg.age  | Bin 0 -> 550 bytes
 secrets/wireguard/elisabeth-priv.wg.age | Bin 0 -> 474 bytes
 users/common/programs/thunderbird.nix   |   5 +++
 users/common/touchscreen.nix            |   1 +
 users/patrick.nix                       |   1 +
 8 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 modules/wireguard.nix
 delete mode 100644 secrets/test.age
 create mode 100644 secrets/wireguard/elisabeth-pre.wg.age
 create mode 100644 secrets/wireguard/elisabeth-priv.wg.age
 create mode 100644 users/common/programs/thunderbird.nix

diff --git a/configuration.nix b/configuration.nix
index 94c1b0e..2538347 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -16,6 +16,7 @@
     ./modules/pipewire.nix
     ./modules/rekey.nix
     ./modules/nvidia.nix
+    ./modules/wireguard.nix
   ];
 
   # Use the systemd-boot EFI boot loader.
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
new file mode 100644
index 0000000..4e27683
--- /dev/null
+++ b/modules/wireguard.nix
@@ -0,0 +1,43 @@
+{config, ...}: let
+  address = [
+    "10.0.0.2/32"
+  ];
+  peer = {
+    endpoint = "lel.lol:51820";
+    publicKey = "t/jR2/0hxBXG0Ytah2w5RQ1gn94k0/Ku9LYcbRR7pXo=";
+    presharedKeyFile = config.rekey.secrets.wireguard-pre.path;
+  };
+  privateKeyFile = config.rekey.secrets.wireguard-priv.path;
+in {
+  rekey.secrets = {
+    wireguard-pre.file = ../secrets/wireguard/elisabeth-pre.wg.age;
+    wireguard-priv.file = ../secrets/wireguard/elisabeth-priv.wg.age;
+  };
+
+  networking.wg-quick.interfaces = {
+    wg-intern = {
+      inherit address privateKeyFile;
+      peers = [
+        (peer
+          // {
+            allowedIPs = [
+              "10.0.0.1/32"
+            ];
+          })
+      ];
+    };
+    wg-all = {
+      inherit address privateKeyFile;
+      peers = [
+        (peer
+          // {
+            allowedIPs = [
+              "0.0.0.0/0"
+              "::/0"
+            ];
+          })
+      ];
+      autostart = false;
+    };
+  };
+}
diff --git a/secrets/test.age b/secrets/test.age
deleted file mode 100644
index d8f5f7f..0000000
--- a/secrets/test.age
+++ /dev/null
@@ -1,12 +0,0 @@
-age-encryption.org/v1
--> X25519 6PjX+qZyPYWTisaNUryJ12t/CEOrfLd+K1/wyKGFixM
-S5IV+M+l5LleLoXM3SUDioBCJiaHcwZslERVj5L0ygE
--> piv-p256 XTQkUA A1py15wjDt5uwgw2/s2/ueM2JMcT4RFMa+5fx+d2UhG8
-xIdD5DNoxvu3T0873Qv2hl9rHatWi4GhAGcWT/cxNE8
--> piv-p256 ZFgiIw AsSMYe/35S/b3kTqriw9Ur2eg2iB8dDSt4qtFzbMqTMz
-WnBSoehEmLtX9SEawmQIxsV8dReZPJRNq5oSLH6UWSU
--> bHCG/L-grease -|u
-77tuo6s/XdK97pc73YTUh/OShs4jX/01ODcQT/80LaoCI0bt+yVBIOwNPrLwHVIV
-iiqROaIIp+mRDQj6JUB7hlaPoiNJcfO6ozA
---- 7W4CK2idSDKwMlYi/FmPZVLPZZKv+5nyp0mpysWXork
-�H\������bw��ўug+uU+т?�\))	W�6�}��'��QH�/'���>�
\ No newline at end of file
diff --git a/secrets/wireguard/elisabeth-pre.wg.age b/secrets/wireguard/elisabeth-pre.wg.age
new file mode 100644
index 0000000000000000000000000000000000000000..df3e233c574a8b5fca6db3fd0d73200f03180d29
GIT binary patch
literal 550
zcmY+-yNlCs003YI2MH)Hw~1tME3wZc%_8Q}w7)c|O`0?h#Je=FCQX_&zb0urcpx~c
z=;EdzA_z|2Brdwi4GzwNsGFjrk4<j$`v*Qd@Gx)b<lAf=rpwD|9@NVwf?Yw47LGS5
z6s%PMI#m}WYUs~ek-|oOX*r|^9hsd_?vyC_so-3LPFx{5BuSq&2aSa7bSb+hI$Vd4
zgRKSZVPA<vhUpiM*{b(b?PSQp63bdRff}m3&}fv-i?Al}&5@(!hP0cEjh+DgD5xx4
zZ6^*1bl0u1W!s><7#YJ3<LgG1J7vr)Bald(2$me^8rF`C(jIKH)TWfBiDCYCS$q(J
z3Z>`M;dV5Ri4{R5c4*Oyxl0OUR&PpR2<J4rq6>4NnYz_TkVTclnW}>Jz;#NXuk~83
znh?W?id#IFxH2x`DK}f$TNR#MG#2EZ4LuaME)o02TtRY>WCJA=)zb5oDvWbysMq>!
zSx_x;BMVcy;1{_f#dXya%d&&(TGpOsBL?zx#!W^%k_HHdVQ78VPzYOCMRAcbR2Pn1
zQd`iF0o|xD#LVCtEotCOp2^V2i(f~~r?VIS9y~vObM@ZG{fGB|oI3jQ`|jbp^LyXU
zy}o#K=H^pZ{_vT(^M3MZ&wb{cKDd31-+HqA{`SVt!|N|SO?~j^)mOMNA4l;&L|nhG

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/elisabeth-priv.wg.age b/secrets/wireguard/elisabeth-priv.wg.age
new file mode 100644
index 0000000000000000000000000000000000000000..78048a5fafe076b634711060cbd0799ab92e325d
GIT binary patch
literal 474
zcmY+-yNlCc003||HIsirmP0Yb_DjAt>7d-#SDNP0OVc*J4no@I)uj1yX`a3Ha1|6?
z)LGm_5N>etCQ-pvI0O+V!NmuNf^wt3f8b|27Hx%#xQr4Hhu3iIR5C!&H^?bdtAPgT
zg@#ljhUxZXEhzT0)p%m*0;ns?9F?YAB!~k0c*t}*kcbUCC|M<52>C3x+lfA6ct2F;
zlsX-kO;zKhj1nwMci8IL5P2CLF||559clg;kqAssfEKx(Xz@UiAZ4wmNoAwEmIp#s
zvK5zaR&dVQDl;dRs5Jrny3(E+Y{2rfKwQaiSgKOf@aHkN^&x~Kqw9wd|98#0jwj|M
zs><P(S+nlS^){%NsF+%H%qUj$8D#p_a>x$~B*YVKM)AZZAK8_b$eQ)Ge30@D&~uAi
zcY`gaL<vlcV5`;~EJ<nGKf7+yPHdSQiy&y4CQEc+3Z|1KfrhKwUa{BWm*YLV-ydsj
zxN10BnxuLJ(~bd&-?y(nx^@58lkZXY@bX1T!7mBn*n4*A$HNcez0csz`EOrebLXC)
q+!cSm|9Jdh=St4~+1+`2^7zd=@#^l;=_l$m%D%j~@ape?eEJVgy{B;i

literal 0
HcmV?d00001

diff --git a/users/common/programs/thunderbird.nix b/users/common/programs/thunderbird.nix
new file mode 100644
index 0000000..c34966f
--- /dev/null
+++ b/users/common/programs/thunderbird.nix
@@ -0,0 +1,5 @@
+{pkgs, ...}: {
+  programs.thunderbird = {
+    enable = true;
+  };
+}
diff --git a/users/common/touchscreen.nix b/users/common/touchscreen.nix
index 7c91e1b..c18541f 100644
--- a/users/common/touchscreen.nix
+++ b/users/common/touchscreen.nix
@@ -4,6 +4,7 @@
   # with udev and X11 we truly do not live in an ideal world
   fix = pkgs.writeShellScriptBin "fix-shit" ''
     xinput --map-to-output "ELAN2514:00 04F3:2817" eDP-1
+    xinput --map-to-output "ELAN2514:00 04F3:2817 Stylus Pen (0)" eDP-1
   '';
 in {
   home.packages = [fix];
diff --git a/users/patrick.nix b/users/patrick.nix
index 3f423e6..7dd12f5 100644
--- a/users/patrick.nix
+++ b/users/patrick.nix
@@ -10,6 +10,7 @@
     common/programs/polybar.nix
     common/programs/rofi.nix
     common/touchscreen.nix
+    #common/programs/thunderbird.nix
     #common/touchegg.nix
   ];