From 621d75db949cad47f4019b6cfed14217ac44467c Mon Sep 17 00:00:00 2001
From: alexanderwallau <alexander.wallau@gmx.net>
Date: Fri, 22 Dec 2023 13:10:39 +0100
Subject: [PATCH] Wg for mayer

---
 machines/kipchoge/wg0.nix        |  5 +++++
 machines/mayer/configuration.nix | 23 ++++++++++++++++++-----
 machines/mayer/wg0.nix           | 25 +++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 5 deletions(-)
 create mode 100644 machines/mayer/wg0.nix

diff --git a/machines/kipchoge/wg0.nix b/machines/kipchoge/wg0.nix
index 21588ad..de258ec 100644
--- a/machines/kipchoge/wg0.nix
+++ b/machines/kipchoge/wg0.nix
@@ -20,6 +20,11 @@
       '';
 
       peers = [
+        # Mayer
+        {
+          publicKey = "xa2Uz91bibsU6nBDkx+oi/O7OjILBi+S4V7jL2Tylxs=";
+          allowedIPs = [ "192.168.69.2/32" ];
+        }
         # Thinkpad
         {
           publicKey = "Y6v8C//JacOi/EVb80JBtJ7Bv+6viDnfpnS0hmAHUDo=";
diff --git a/machines/mayer/configuration.nix b/machines/mayer/configuration.nix
index 590b303..8be20ac 100644
--- a/machines/mayer/configuration.nix
+++ b/machines/mayer/configuration.nix
@@ -10,11 +10,20 @@
     [
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./wg0.nix
     ];
   services.qemuGuest.enable = true;
   # top level option name
   # by using awallau.* for all our modules, we won't have any conflicts with other modules
   awallau = {
+    # enable freshrss
+    freshrss = {
+      enable = true;
+      defaultUser = "awallau";
+      passwordFile = "/var/src/secret/freshrss";
+      passwordFilePostgres = "/var/src/secret/freshrss-postgres";
+      domain = "rss.alexanderwallau.de";
+    };
     #enable gitea
     gitea.enable = true;
     # enable hedgedoc
@@ -27,14 +36,23 @@
       enable = true;
       profile = "server";
     };
+    nginx.enable = true;
     # set up general nix stuff
     nix-common.enable = true;
     # set up language and timezone    
     locales.enable = true;
     # set up paperless
     paperless.enable = true;
+    # set up postgresql
+    postgres.enable = true;
     # set up ssh server
     openssh.enable = true;
+    # recepies 
+    tandoor = {
+      enable = true;
+      domain = "rezepte.alexanderwallau.de";
+    };
+
     # enables users which got moved into a seperate file
     user = {
       awallau.enable = true;
@@ -52,11 +70,6 @@
       git
     ];
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "mail@alexanderwallau.de";
-  };
-
   networking = {
     enableIPv6 = true;
     dhcpcd.IPv6rs = true;
diff --git a/machines/mayer/wg0.nix b/machines/mayer/wg0.nix
new file mode 100644
index 0000000..21f20f8
--- /dev/null
+++ b/machines/mayer/wg0.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }: {
+
+  networking = {
+    firewall.allowedUDPPorts = [ 52192 ];
+    wireguard.interfaces.wg0 = {
+
+      ips = [ "192.168.69.2/24" ];
+      listenPort = 52192;
+      mtu = 1412;
+
+      privateKeyFile = toString /var/src/secret/wireguard/privatekey;
+
+      peers = [
+        {
+          # Public key of the server (not a file path).
+          publicKey = "VVVqrs6Nxn3MxsTWD+mSFzVJQZpWcY4xMCYOwI70BFU=";
+          allowedIPs = [ "192.168.69.0/24" "192.168.178.0/24" ];
+          # Set this to the server IP and port.
+          endpoint = "152.70.161.104:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+}