hosts/20212060/configuration.nix

@@ -10,8 +10,21 @@
   # Admin users
   users.users.jan.extraGroups = [ "wheel" ];
 
+  # Enable virtualisation for VMs
   virtualisation.libvirtd.enable = true;
 
+  # Set up wstunnel client
+  services.wstunnel = {
+    enable = true;
+    clients.wg-tunnel = {
+      connectTo = "wss://wstunnel.bulthuis.dev:443";
+      localToRemote = [
+        "udp://51820:10.10.40.100:51820"
+      ];
+    };
+  };
+
+  # Module setup
   modules = {
     profiles.laptop.enable = true;
   };

hosts/vm-vpn/configuration.nix

@@ -0,0 +1,42 @@
+{
+  lib,
+  pkgs,
+  config,
+  ...
+}:
+
+{
+  # State version
+  system.stateVersion = "24.11";
+
+  # Machine hostname
+  networking.hostName = "vm-vpn";
+
+  # Enabled modules
+  modules = {
+    profiles.vm.enable = true;
+  };
+
+  # Setup wstunnel server
+  services.wstunnel = {
+    enable = true;
+    servers.wg-tunnel = {
+      enableHTTPS = true;
+      listen = {
+        host = "0.0.0.0";
+        port = 8080;
+      };
+      restrictTo = [
+        {
+          host = "10.10.40.100";
+          port = 51820;
+        }
+      ];
+      tlsCertificate = "/var/lib/secrets/fullchain.pem";
+      tlsKey = "/var/lib/secrets/key.pem";
+    };
+  };
+  networking.firewall = {
+    allowedTCPPorts = [ 8080 ];
+  };
+}

hosts/vm-vpn/users/local.nix

@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  home.stateVersion = "24.11";
+
+  modules.profiles.base.enable = true;
+}

modules/nixos/profiles/vm.nix

@@ -16,19 +16,18 @@ in
   };
 
   config = mkIf cfg.enable {
-    # Machine hostname
-    networking.hostName = lib.mkDefault "vm-base";
-
     # Enabled modules
     modules = {
       profiles.base.enable = true;
-      base.enable = true;
       ssh.enable = true;
     };
 
     # Enable qemu guest agent
     services.qemuGuest.enable = true;
 
+    # Machine platform
+    nixpkgs.hostPlatform = "x86_64-linux";
+
     # Hardware configuration
     hardware.enableRedistributableFirmware = true;
     boot.initrd.availableKernelModules = [