diff --git a/README.md b/README.md index 43b5b58..9abb258 100644 --- a/README.md +++ b/README.md @@ -1,85 +1,2 @@ # birdsong -A private WireGuard VPN. - -## Connecting a new host - -1. Generate a new WireGuard keypair with the `wg` binary (packaged on many distros as `wireguard-tools`.) [There are instructions on the Arch wiki.](https://wiki.archlinux.org/title/WireGuard#Key_generation) - -2. Add the host to `hosts.nix`, being sure to read the documentation carefully. - -3. For a NixOS host: - 1. Install the NixOS module as described below. - 2. Enable the `birdsong` service in your NixOS configuration: - ```nix - birdsong.peering = { - enable = true; - privateKeyFile = /path/to/wireguard/private.key; - # This is the bare minimum - check peering.nix for other options. - # In particular, quick fix for issues with NAT or dynamic public IPs: - # persistentKeepalive = 23 - }; - ``` - -4. For a non-NixOS host: - 1. TODO - -## Installing the NixOS module - -### With plain Nix fetching - -```nix -{ config, lib, pkgs, ... }: -{ - imports = [ - # ... - - (let - birdsong = fetchgit { - url = "https://git.qenya.tel/qenya/birdsong"; - hash = "sha256-pPrREPA7kJdfMXk0hJLbq6UGOiq+KtJo1LR4vC69vxM="; - rev = "04e5519bf363388debfafc31285851c7816d087a"; - # This shows an example commit ID; update to the most recent and - # recalculate the hash - }; - in import "${birdsong}/module.nix" - ) - ]; -} -``` - -### With [npins](https://github.com/andir/npins) - -```sh -$ npins add --name birdsong git --branch main "https://git.qenya.tel/qenya/birdsong.git" -``` - -```nix -{ config, lib, pkgs, ... }: -let sources = import ./npins; -in { - imports = [ - # ... - (import "${sources.birdsong}/module.nix") - ]; -} -``` - -### With flakes - -```nix -{ - inputs.birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main" - - outputs = { self, nixpkgs, birdsong, ... }: { - # Tweak as appropriate for your hostname, platform, architecture etc. - nixosConfigurations.your-box = nixpkgs.lib.nixosSystem { - system = "x86_64-linux" - modules = [ - # ... - birdsong.nixosModules.default - ]; - }; - }; -} -``` \ No newline at end of file diff --git a/module.nix b/default.nix similarity index 100% rename from module.nix rename to default.nix diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 3555ffd..0000000 --- a/flake.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - outputs = { self }: { - nixosModules.default = import ./module.nix { }; - }; -} diff --git a/hosts.nix b/hosts.nix index 5896188..47b45cf 100644 --- a/hosts.nix +++ b/hosts.nix @@ -26,8 +26,7 @@ with lib; The special value `roaming` will not peer with other `roaming` hosts, but will still peer with `internet` hosts. This is to be used for portable devices like laptops that regularly move between - networks. Also use this for non-NixOS devices that can't use the - NixOS module and therefore only peer with the subnet router. + networks. ''; type = types.str; }; @@ -49,22 +48,12 @@ with lib; }; ipv4 = mkOption { example = "10.127.1.1"; - description = '' - IPv4 address of this peer within the network. - - We are currently using the range 10.127.0.0/16, divided into /24 - subnets. Please try to keep this consistent. - ''; + description = "IPv4 address of this peer within the network"; type = types.str; }; ipv6 = mkOption { example = "fd70:81ca:0f8f:1::1"; - description = '' - IPv6 address of this peer within the network. - - We are currently using the range fd70:81ca:0f8f::/48, divided - into /64 subnets. Please try to keep this consistent. - ''; + description = "IPv6 address of this peer within the network"; type = types.str; }; port = mkOption {