flake cleanup and wg setup persistence

configs/container_config.nix

@@ -1,4 +1,4 @@
-{ modulesPath, pkgs, ... }: {
+{ modulesPath, pkgs, lib, ... }: {
   imports = [ (modulesPath + "/virtualisation/proxmox-lxc.nix") ];
 
   time.timeZone = "Europe/Berlin";
@@ -43,7 +43,24 @@
   };
 
   # Enable networking
-  networking.networkmanager.enable = true;
+  networking = {
+    networkmanager.enable = true;
+    
+    # configure firewall
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 22 ];
+    };
+
+    # enable routing of wireguard reachable subnet via wgbr
+    interfaces.wgbr.ipv4.routes = lib.mkDefault [
+      {
+        address = "10.8.0.0";
+        prefixLength = 16;
+        via = "10.8.1.1";
+      }
+    ];
+  };
 
   # enable ssh access
   services.openssh = {
@@ -58,9 +75,6 @@
     };
   };
 
-  # configure firewall
-  networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 22 ];
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

configs/containers/mc_container.nix

@@ -0,0 +1,19 @@
+{ lib, pkgs, config, ... }: {
+
+  deployment = {
+    targetHost = "192.168.178.56";
+    targetPort = 22;
+    targetUser = "root";
+  };
+  networking.hostName = "mcserver";
+  networking.interfaces.wgbr.ipv4.addresses = [
+    {
+      address = "10.8.1.2";
+      prefixLength = 24;
+    }
+  ];
+  imports = [
+    ../container_config.nix
+    ../services/minecraft-server.nix
+  ];
+}

configs/containers/wg_container.nix

@@ -0,0 +1,12 @@
+{ lib, pkgs, config, ... }: {
+  deployment = {
+    targetHost = "192.168.178.44";
+    targetPort = 22;
+    targetUser = "root";
+  };
+  networking.hostName = "wireguard";
+  imports = [
+    ../container_config.nix
+    ../services/wireguard.nix
+  ];
+}

configs/containers/zammad_container.nix

@@ -0,0 +1,17 @@
+{ lib, pkgs, config, ... }: {
+  deployment = {
+    targetHost = "192.168.178.50";
+    targetPort = 22;
+    targetUser = "root";
+  };
+  networking.hostName = "zammad";
+  networking.interfaces.wgbr.ipv4.addresses = [
+    {
+      address = "10.8.1.3";
+      prefixLength = 24;
+    }
+  ];
+  imports = [
+    ../container_config.nix
+  ];
+}

configs/services/minecraft-server.nix

@@ -35,6 +35,4 @@
   };
 
   networking.firewall.allowedTCPPorts = [ 8080 ];
-
-
 }

configs/services/wireguard.nix

@@ -9,6 +9,15 @@ in {
     firewall.allowedUDPPorts = [ wg_port ];
     firewall.rejectPackets = true;
     firewall.trustedInterfaces = [ "wgbr" "wg0" ];
+    interfaces.wgbr.ipv4 = {
+      routes = [ ];
+      addresses = [
+        {
+          address = "10.8.1.1";
+          prefixLength = 24;
+        }
+      ];
+    };
 
     wg-quick.interfaces = {
       wg0 = {
@@ -27,7 +36,7 @@ in {
             publicKey = "AJ1nr0/w8OvsNq5Ju//m4856u7yY0hlPGMEGeZtlhlY=";
 
             # Forward all the traffic via VPN.
-            allowedIPs = [ "10.8.0.0/24" ];
+            allowedIPs = [ "10.8.0.0/16" ];
 
             # Set this to the server IP and port.
             endpoint = "202.61.230.52:51820";

flake.nix

@@ -10,32 +10,11 @@
         };
       };
 
-      mcserver = {
-        deployment = {
-          targetHost = "192.168.178.50";
-          targetPort = 22;
-          targetUser = "root";
-        };
-        networking.hostName = "mcserver";
-        imports = [
-          ./configs/container_config.nix
-          ./configs/services/minecraft-server.nix
-        ];
-      };
+      mcserver = import ./configs/containers/mc_container.nix;
 
-      wireguard = {
-        deployment = {
-          targetHost = "192.168.178.44";
-          targetPort = 22;
-          targetUser = "root";
-        };
-        networking.hostName = "wireguard";
-        imports = [
-          ./configs/container_config.nix
-          ./configs/services/wireguard.nix
-        ];
+      wireguard = import ./configs/containers/wg_container.nix;
 
-      };
+      zammad = import ./configs/containers/zammad_container.nix;
     };
   };
 }