ips readjustments to add workstation to wireguard

2026-02-15 13:34:03 -06:00
parent 13a525ca12
commit a5f45292ff
5 changed files with 31 additions and 22 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -45,7 +45,7 @@ in
    }
  ];
  sops.secrets = {
-    "vps/home/private" = lib.mkIf config.my.secureHost {
+    "server/private" = lib.mkIf config.my.secureHost {
      sopsFile = ../../secrets/wireguard.yaml;
    };
    lidarr-mb-gap = lib.mkIf config.my.secureHost {
@@ -71,7 +71,7 @@ in
    };
    wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
      ips = [ "${config.my.ips.wg-server}/32" ];
-      privateKeyFile = config.sops.secrets."vps/home/private".path;
+      privateKeyFile = config.sops.secrets."server/private".path;
      peers = [
        {
          publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -6,6 +6,7 @@
 }:
 let
  shellType = config.my.shell.type;
+  comfyuiPort = 8188;
  krita-thumbnailer = pkgs.writeTextFile {
    name = "krita-thumbnailer";
    destination = "/share/thumbnailers/kra.thumbnailer";
@@ -58,8 +59,6 @@ in
      allowedTCPPorts = [
        6674 # ns-usbloader
        8384 # syncthing
-        config.services.open-webui.port
-        config.services.sillytavern.port
      ];
      allowedTCPPortRanges = [
        {
@@ -67,6 +66,12 @@ in
          to = 1764;
        }
      ];
+      interfaces.wg0.allowedTCPPorts = [
+        config.services.ollama.port
+        config.services.open-webui.port
+        config.services.sillytavern.port
+        comfyuiPort
+      ];
    };
  };
  users = {
@@ -137,7 +142,7 @@ in
    open-webui = {
      enable = true;
      port = 2345;
-      host = config.my.ips.workstation;
+      host = config.my.ips.wg-workstation;
    };
    scx = {
      enable = true;
@@ -157,13 +162,14 @@ in
      models = "/srv/ai/ollama";
      user = "ollama";
      group = "ai";
+      host = config.my.ips.wg-workstation;
    };
    sillytavern = {
      enable = true;
      group = "ai";
      listen = true;
      port = 9324;
-      listenAddressIPv4 = config.my.ips.workstation;
+      listenAddressIPv4 = config.my.ips.wg-workstation;
    };
  };
 }