Added vpn vm with wstunnel server

2025-05-28 12:23:31 +02:00 · 2025-05-28 12:23:31 +02:00 · 01374fe5b0
commit 01374fe5b0
parent a75b839bc1
4 changed files with 65 additions and 4 deletions
--- a/hosts/20212060/configuration.nix
+++ b/hosts/20212060/configuration.nix
@ -10,8 +10,21 @@
  # Admin users
  users.users.jan.extraGroups = [ "wheel" ];

+  # Enable virtualisation for VMs
  virtualisation.libvirtd.enable = true;

+  # Set up wstunnel client
+  services.wstunnel = {
+    enable = true;
+    clients.wg-tunnel = {
+      connectTo = "wss://wstunnel.bulthuis.dev:443";
+      localToRemote = [
+        "udp://51820:10.10.40.100:51820"
+      ];
+    };
+  };
+
+  # Module setup
  modules = {
    profiles.laptop.enable = true;
  };
--- a/hosts/vm-vpn/configuration.nix
+++ b/hosts/vm-vpn/configuration.nix
@ -0,0 +1,42 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.11";
+
+  # Machine hostname
+  networking.hostName = "vm-vpn";
+
+  # Enabled modules
+  modules = {
+    profiles.vm.enable = true;
+  };
+
+  # Setup wstunnel server
+  services.wstunnel = {
+    enable = true;
+    servers.wg-tunnel = {
+      enableHTTPS = true;
+      listen = {
+        host = "0.0.0.0";
+        port = 8080;
+      };
+      restrictTo = [
+        {
+          host = "10.10.40.100";
+          port = 51820;
+        }
+      ];
+      tlsCertificate = "/var/lib/secrets/fullchain.pem";
+      tlsKey = "/var/lib/secrets/key.pem";
+    };
+  };
+  networking.firewall = {
+    allowedTCPPorts = [ 8080 ];
+  };
+}
--- a/hosts/vm-vpn/users/local.nix
+++ b/hosts/vm-vpn/users/local.nix
@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  home.stateVersion = "24.11";
+
+  modules.profiles.base.enable = true;
+}
--- a/modules/nixos/profiles/vm.nix
+++ b/modules/nixos/profiles/vm.nix
@ -16,19 +16,18 @@ in
  };

  config = mkIf cfg.enable {
-    # Machine hostname
-    networking.hostName = lib.mkDefault "vm-base";
-
    # Enabled modules
    modules = {
      profiles.base.enable = true;
-      base.enable = true;
      ssh.enable = true;
    };

    # Enable qemu guest agent
    services.qemuGuest.enable = true;

+    # Machine platform
+    nixpkgs.hostPlatform = "x86_64-linux";
+
    # Hardware configuration
    hardware.enableRedistributableFirmware = true;
    boot.initrd.availableKernelModules = [