Merge remote changes + feat: AIO v2 board module

- Cross-compile overlays for Hyprland (libcamera, pipewire, gjs) - Refactor uconsoleBaseModules into reusable list - Add wireguard-client service module - Restructure users into subdirectories - New: hardware.uconsole-cm5-aio-v2 module (GPIO rails, aiov2_ctl, GPS UART) - Update configuration.nix with Hyprland + AIO v2 - Add AIO v2 module to both toplevel and SD image config
2026-06-16 19:02:38 -04:00
parent 2572f47e41 bd8b1c564e
commit 1550219e77
17 changed files with 384 additions and 321 deletions
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./systemd
+  ];
+}
--- a/modules/nixos/services/wireguard-client.nix
+++ b/modules/nixos/services/wireguard-client.nix
@@ -0,0 +1,54 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.gortium.wireguard-client;
+in
+{
+  ##### Options #####
+  options.gortium.wireguard-client = {
+    enable = mkEnableOption "WireGuard VPN client to lazyworkhorse VPN server";
+
+    vpnIp = mkOption {
+      type = types.str;
+      description = "Assigned VPN IP with CIDR, e.g. \"10.8.0.4/24\"";
+      example = "10.8.0.4/24";
+    };
+
+    privateKeyFile = mkOption {
+      type = types.path;
+      description = "Path to the WireGuard private key (age-encrypted, via agenix)";
+    };
+
+    presharedKeyFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Path to the WireGuard preshared key (optional, age-encrypted)";
+    };
+  };
+
+  ##### Config #####
+  config = mkIf cfg.enable {
+    networking.wireguard.interfaces = {
+      wg0 = {
+        ips = [ cfg.vpnIp ];
+        privateKeyFile = cfg.privateKeyFile;
+
+        peers = [
+          {
+            # Server public key (lazyworkhorse wg-easy)
+            publicKey = "rY9zII3AOm8rog2rv02PyA3Bq7zdvTOGkZapfCV1DkE=";
+            presharedKeyFile = cfg.presharedKeyFile;
+            # Split-tunnel: only route the VPN subnet
+            allowedIPs = [ "10.8.0.0/24" ];
+            endpoint = "vpn.lazyworkhorse.net:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+
+    environment.systemPackages = with pkgs; [ wireguard-tools ];
+  };
+}