profiles/desktop: Give desktop users special permisions for networkmanager

hosts/dn42-il-gw1: Add peer jonas
2025-12-14 13:13:54 +01:00 · 2025-12-07 12:35:30 +01:00
4 changed files with 44 additions and 2 deletions
--- a/hosts/dn42-il-gw1/configuration.nix
+++ b/hosts/dn42-il-gw1/configuration.nix
@@ -243,6 +243,25 @@
      ];
      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
    };
+    # jona / cryne
+    wg3402 = {
+      ips = [
+        "fe80::2574/128"
+      ];
+      postSetup = ''
+      ip addr replace dev wg3402 fe80::2574/128 peer fe80::3402/128
+      '';
+      listenPort = 53402;
+      allowedIPsAsRoutes = false;
+      peers = [
+        {
+          allowedIPs = [ "fe80::/10" "fd00::/8" ];
+          endpoint = "dn42.cryne.me:42574";
+          publicKey = "YsKInIp90is8ysnQDHGoKnz2CqlTMWMZDmQ+vwvN2C0=";
+        }
+      ];
+      privateKeyFile = config.sops.secrets.dn42-router-general-wireguard-key.path;
+    };
    # lutoma
    wg4719 = {
      ips = [
@@ -296,6 +315,7 @@
    51411 # wg1411
    51718 # wg1718
    52189 # wg2189
+    53402 # wg3402
    54719 # wg4719
    56190 # wg6190
  ];
@@ -391,6 +411,13 @@
        remoteAsn = "4242422189";
        localAddress = "fe80::2574";
      }
+      {
+        peerName = "peer_3402";
+        remoteAddress = "fe80::3402";
+        interfaceName = "wg3402";
+        remoteAsn = "4242423402";
+        localAddress = "fe80::2574";
+      }
      {
        peerName = "peer_4719";
        remoteAddress = "fe80::acab";
--- a/hosts/krypton/configuration.nix
+++ b/hosts/krypton/configuration.nix
@@ -13,6 +13,10 @@
    ];

  profiles.clerie.desktop.enable = true;
+  profiles.clerie.desktop.users = [
+    "clerie"
+  ];
+

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
--- a/profiles/desktop/default.nix
+++ b/profiles/desktop/default.nix
@@ -6,6 +6,11 @@ with lib;

  options.profiles.clerie.desktop = {
    enable = mkEnableOption "clerie Desktop Config";
+    users = mkOption {
+      type = with types; listOf str;
+      default = [];
+      description = "Names of users that are considered desktop users and therefore get special permissions";
+    };
  };

  imports = [
--- a/profiles/desktop/networking.nix
+++ b/profiles/desktop/networking.nix
@@ -2,9 +2,13 @@

 with lib;

-{
+let

-  config = mkIf config.profiles.clerie.desktop.enable {
+  cfg = config.profiles.clerie.desktop;
+
+in {
+
+  config = mkIf cfg.enable {

    networking.networkmanager.settings = {
      connectivity = {
@@ -15,6 +19,8 @@ with lib;
      };
    };

+    users.groups.networkmanager.members = cfg.users;
+
  };

 }
Author	SHA1	Message	Date
clerie	9b3d9993f4	profiles/desktop: Give desktop users special permisions for networkmanager	2025-12-14 13:13:54 +01:00
clerie	f152e1c60d	hosts/dn42-il-gw1: Add peer jonas	2025-12-07 12:35:30 +01:00