Merge remote-tracking branch 'prism/master'
This commit is contained in:
commit
172a746c3a
@ -122,6 +122,7 @@ let
|
||||
shack = "hosts";
|
||||
i = "hosts";
|
||||
r = "hosts";
|
||||
w = "hosts";
|
||||
};
|
||||
|
||||
krebs.users = {
|
||||
|
@ -1,7 +1,11 @@
|
||||
{ config, ... }:
|
||||
|
||||
with import <stockholm/lib>;
|
||||
let
|
||||
|
||||
rip6 = krebs.genipv6 "retiolum" "lass";
|
||||
wip6 = krebs.genipv6 "wirelum" "lass";
|
||||
|
||||
in
|
||||
{
|
||||
dns.providers = {
|
||||
"lassul.us" = "zones";
|
||||
@ -85,11 +89,22 @@ with import <stockholm/lib>;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wirelum = {
|
||||
via = internet;
|
||||
ip4.addr = "10.244.1.1";
|
||||
ip6.addr = (wip6 "1").address;
|
||||
aliases = [
|
||||
"prism.w"
|
||||
];
|
||||
wireguard = {
|
||||
pubkey = "oKJotppdEJqQBjrqrommEUPw+VFryvEvNJr/WikXohk=";
|
||||
subnets = [ "10.244.1.0/24" (wip6 "1").subnetCIDR ];
|
||||
};
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
};
|
||||
|
||||
archprism = {
|
||||
cores = 1;
|
||||
nets = rec {
|
||||
@ -177,6 +192,13 @@ with import <stockholm/lib>;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wirelum = {
|
||||
ip6.addr = (wip6 "dea7").address;
|
||||
aliases = [
|
||||
"mors.w"
|
||||
];
|
||||
wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za3J3SQ=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
@ -203,6 +225,13 @@ with import <stockholm/lib>;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wirelum = {
|
||||
ip6.addr = (wip6 "50da").address;
|
||||
aliases = [
|
||||
"shodan.w"
|
||||
];
|
||||
wireguard.pubkey = "FkcxMathQzJYwuJBli/nibh0C0kHe9/T2xU0za4J3SQ=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
@ -229,6 +258,13 @@ with import <stockholm/lib>;
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wirelum = {
|
||||
ip6.addr = (wip6 "1205").address;
|
||||
aliases = [
|
||||
"icarus.w"
|
||||
];
|
||||
wireguard.pubkey = "mVe3YdlWOlVF5+YD5vgNha3s03dv6elmNVsARtPLXQQ=";
|
||||
};
|
||||
};
|
||||
secure = true;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
@ -425,6 +461,13 @@ with import <stockholm/lib>;
|
||||
-----END PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
wirelum = {
|
||||
ip6.addr = (wip6 "e110").address;
|
||||
aliases = [
|
||||
"yellow.w"
|
||||
];
|
||||
wireguard.pubkey = "YeWbR3mW+nOVBE7bcNSzF5fjj9ppd8OGHBJqERAUVxU=";
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC03TCO73NQZHo7NKZiVJp2iiUbe6PQP14Kg3Bnlkqje ";
|
||||
@ -459,6 +502,49 @@ with import <stockholm/lib>;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSBxtPf8yJfzzI7/iYpoRSc/TT+zYmE/HM9XWS3MZlv";
|
||||
};
|
||||
phone = {
|
||||
nets = {
|
||||
wirelum = {
|
||||
ip6.addr = (wip6 "a").address;
|
||||
ip4.addr = "10.244.1.2";
|
||||
aliases = [
|
||||
"phone.w"
|
||||
];
|
||||
wireguard.pubkey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
||||
};
|
||||
};
|
||||
external = true;
|
||||
ci = false;
|
||||
};
|
||||
morpheus = {
|
||||
cores = 1;
|
||||
nets = {
|
||||
retiolum = {
|
||||
ip4.addr = "10.243.0.19";
|
||||
ip6.addr = "42::19";
|
||||
aliases = [
|
||||
"morpheus.r"
|
||||
];
|
||||
tinc.pubkey = ''
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAptrlSKQKsBH2QMQxllZR94S/fXneajpJifRjXR5bi+7ME2ThdQXY
|
||||
T7yWiKaUuBJThWged9PdPltLUEMmv+ubQqpWHZq442VWSS36r1yMSGpUeKK+oYMN
|
||||
/Sfu+1yC4m2uXno95wpJZIcDfbbn26jT6ldJ4Yd97zyrXKljvcdrz3wZzQq0tojh
|
||||
S5Q59x/aQMJbnQpnlFnMIEVgULuFPW16+vPGsXIPdYNggaF1avcBaFl8i3M0EZVz
|
||||
Swn4hArDynDJhR7M0QdlwOpOh7O+1iOnmXqqei3LxMVHb+YtzfHgxOPxggUsy7CR
|
||||
bj9uBR9loGwgmZwaxXd1Vfbw8kn/feOb9FcW73u+SZyzwEA9HFRV0jGQe3P9mGfI
|
||||
Bwe02DOTVXEB8jTAGCw5T3bXLIOX8kqdlCECuAWFfrt8H+GjZDuGUWRcMn32orMz
|
||||
sMvkab95ZOHK6Q31mrhILOIOdyZWKPZIabL3HF6CZtu52h6MDHbmGS0w0OJYhj2+
|
||||
VnT9ZBoaeooVg8QOE43rCXvmL5vzhLKrj4s/53wTGG5SpzLs9Q9rrJVgAnz4YQ7j
|
||||
3Ov5q3Zxyr+vO6O7Pb5X49vCQw/jzK41S0/15GEmKcoxXemzeZCpX1mbeeTUtLvA
|
||||
U7OJwldrElzictBJ1gT94L4BDvoGZVqAkXJCJPamfsWaiw6SsMqtTfECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXS60mmNWMdMRvaPxGn91Cm/hm7zY8xn5rkI4n2KG/f ";
|
||||
};
|
||||
};
|
||||
users = rec {
|
||||
lass = lass-blue;
|
||||
|
33
lass/1systems/morpheus/config.nix
Normal file
33
lass/1systems/morpheus/config.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ config, pkgs, ... }:
|
||||
with import <stockholm/lib>;
|
||||
{
|
||||
imports = [
|
||||
<stockholm/lass>
|
||||
|
||||
<stockholm/lass/2configs/retiolum.nix>
|
||||
<stockholm/lass/2configs/power-action.nix>
|
||||
<stockholm/lass/2configs/baseX.nix>
|
||||
<stockholm/lass/2configs/games.nix>
|
||||
<stockholm/lass/2configs/steam.nix>
|
||||
];
|
||||
|
||||
krebs.build.host = config.krebs.hosts.morpheus;
|
||||
|
||||
networking.wireless.enable = false;
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
HandleLidSwitch=ignore
|
||||
'';
|
||||
|
||||
nixpkgs.config.packageOverrides = super: {
|
||||
steam = super.steam.override {
|
||||
withPrimus = true;
|
||||
extraPkgs = p: with p; [
|
||||
glxinfo
|
||||
nettools
|
||||
bumblebee
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
32
lass/1systems/morpheus/physical.nix
Normal file
32
lass/1systems/morpheus/physical.nix
Normal file
@ -0,0 +1,32 @@
|
||||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
<nixpkgs/nixos/modules/installer/scan/not-detected.nix>
|
||||
./config.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
networking.hostId = "60ce7e88";
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.kernelParams = [ "acpi_osi=!" ''acpi_osi="Windows 2009"'' ];
|
||||
|
||||
hardware.bumblebee.enable = true;
|
||||
hardware.bumblebee.group = "video";
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "rpool/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/DF3B-4528";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
nix.maxJobs = lib.mkDefault 8;
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||
}
|
@ -297,37 +297,25 @@ with import <stockholm/lib>;
|
||||
};
|
||||
}
|
||||
{
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport 51820"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
imports = [
|
||||
<stockholm/lass/2configs/wirelum.nix>
|
||||
];
|
||||
#krebs.iptables.tables.nat.PREROUTING.rules = [
|
||||
# { v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
#];
|
||||
krebs.iptables.tables.filter.FORWARD.rules = [
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.244.1.0/24 -d 10.243.0.0/16"; target = "ACCEPT"; }
|
||||
{ v6 = false; precedence = 1000; predicate = "-s 10.243.0.0/16 -d 10.244.1.0/24"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.nat.POSTROUTING.rules = [
|
||||
{ v6 = false; predicate = "-s 10.244.1.0/24 ! -d 10.244.1.0/24"; target = "MASQUERADE"; }
|
||||
];
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.244.1.1/24" ];
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wireguard.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = [
|
||||
{
|
||||
# lass-android
|
||||
allowedIPs = [ "10.244.1.2/32" ];
|
||||
publicKey = "zVunBVOxsMETlnHkgjfH71HaZjjNUOeYNveAVv5z3jw=";
|
||||
}
|
||||
];
|
||||
};
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
resolveLocalQueries = false;
|
||||
|
||||
extraConfig= ''
|
||||
listen-address=10.244.1.1
|
||||
except-interface=lo
|
||||
interface=wg0
|
||||
'';
|
||||
|
@ -19,7 +19,11 @@ with import <stockholm/lib>;
|
||||
users.groups.download.members = [ "transmission" ];
|
||||
users.users.transmission.group = mkForce "download";
|
||||
|
||||
systemd.services.transmission.serviceConfig.bindsTo = [ "openvpn-nordvpn.service" ];
|
||||
systemd.services.transmission.bindsTo = [ "openvpn-nordvpn.service" ];
|
||||
systemd.services.transmission.after = [ "openvpn-nordvpn.service" ];
|
||||
systemd.services.transmission.postStart = ''
|
||||
chmod 775 /var/download/finished
|
||||
'';
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
@ -52,6 +56,9 @@ with import <stockholm/lib>;
|
||||
autoindex on;
|
||||
'';
|
||||
};
|
||||
locations."/dl".extraConfig = ''
|
||||
return 301 /;
|
||||
'';
|
||||
locations."/" = {
|
||||
root = "/var/download/finished";
|
||||
extraConfig = ''
|
||||
|
@ -97,9 +97,9 @@ in {
|
||||
enable = true;
|
||||
layout = "us";
|
||||
display = mkForce 0;
|
||||
xkbModel = "evdev";
|
||||
xkbVariant = "altgr-intl";
|
||||
xkbOptions = "caps:backspace";
|
||||
xkbOptions = "caps:escape";
|
||||
libinput.enable = true;
|
||||
displayManager.lightdm.enable = true;
|
||||
windowManager.default = "xmonad";
|
||||
windowManager.session = [{
|
||||
|
@ -10,6 +10,7 @@ with import <stockholm/lib>;
|
||||
./zsh.nix
|
||||
./htop.nix
|
||||
./security-workarounds.nix
|
||||
./wirelum.nix
|
||||
{
|
||||
users.extraUsers =
|
||||
mapAttrs (_: h: { hashedPassword = h; })
|
||||
|
@ -94,6 +94,7 @@ with import <stockholm/lib>;
|
||||
{ from = "osmocom@lassul.us"; to = lass.mail; }
|
||||
{ from = "lesswrong@lassul.us"; to = lass.mail; }
|
||||
{ from = "nordvpn@lassul.us"; to = lass.mail; }
|
||||
{ from = "csv-direct@lassul.us"; to = lass.mail; }
|
||||
];
|
||||
system-aliases = [
|
||||
{ from = "mailer-daemon"; to = "postmaster"; }
|
||||
|
@ -57,6 +57,7 @@ let
|
||||
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
dolphinEmu
|
||||
doom1
|
||||
doom2
|
||||
vdoom1
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ ... }:
|
||||
{ lib, ... }:
|
||||
{
|
||||
hardware.trackpoint = {
|
||||
enable = true;
|
||||
@ -7,6 +7,7 @@
|
||||
emulateWheel = true;
|
||||
};
|
||||
|
||||
services.xserver.libinput.enable = lib.mkForce false;
|
||||
services.xserver.synaptics = {
|
||||
enable = true;
|
||||
horizEdgeScroll = false;
|
||||
|
44
lass/2configs/wirelum.nix
Normal file
44
lass/2configs/wirelum.nix
Normal file
@ -0,0 +1,44 @@
|
||||
with import <stockholm/lib>;
|
||||
{ config, pkgs, ... }: let
|
||||
|
||||
self = config.krebs.build.host.nets.wirelum;
|
||||
isRouter = !isNull self.via;
|
||||
|
||||
in mkIf (hasAttr "wirelum" config.krebs.build.host.nets) {
|
||||
#hack for modprobe inside containers
|
||||
systemd.services."wireguard-wirelum".path = mkIf config.boot.isContainer (mkBefore [
|
||||
(pkgs.writeDashBin "modprobe" ":")
|
||||
]);
|
||||
|
||||
boot.kernel.sysctl = mkIf isRouter {
|
||||
"net.ipv6.conf.all.forwarding" = 1;
|
||||
};
|
||||
krebs.iptables.tables.filter.INPUT.rules = [
|
||||
{ predicate = "-p udp --dport ${toString self.wireguard.port}"; target = "ACCEPT"; }
|
||||
];
|
||||
krebs.iptables.tables.filter.FORWARD.rules = mkIf isRouter [
|
||||
{ precedence = 1000; predicate = "-i wirelum -o wirelum"; target = "ACCEPT"; }
|
||||
];
|
||||
|
||||
networking.wireguard.interfaces.wirelum = {
|
||||
ips =
|
||||
(optional (!isNull self.ip4) self.ip4.addr) ++
|
||||
(optional (!isNull self.ip6) self.ip6.addr);
|
||||
listenPort = 51820;
|
||||
privateKeyFile = (toString <secrets>) + "/wirelum.key";
|
||||
allowedIPsAsRoutes = true;
|
||||
peers = mapAttrsToList
|
||||
(_: host: {
|
||||
allowedIPs = if isRouter then
|
||||
(optional (!isNull host.nets.wirelum.ip4) host.nets.wirelum.ip4.addr) ++
|
||||
(optional (!isNull host.nets.wirelum.ip6) host.nets.wirelum.ip6.addr)
|
||||
else
|
||||
host.nets.wirelum.wireguard.subnets
|
||||
;
|
||||
endpoint = mkIf (!isNull host.nets.wirelum.via) (host.nets.wirelum.via.ip4.addr + ":${toString host.nets.wirelum.wireguard.port}");
|
||||
persistentKeepalive = mkIf (!isNull host.nets.wirelum.via) 61;
|
||||
publicKey = host.nets.wirelum.wireguard.pubkey;
|
||||
})
|
||||
(filterAttrs (_: h: hasAttr "wirelum" h.nets) config.krebs.hosts);
|
||||
};
|
||||
}
|
92
lib/krebs/genipv6.nix
Normal file
92
lib/krebs/genipv6.nix
Normal file
@ -0,0 +1,92 @@
|
||||
lib:
|
||||
with lib;
|
||||
let {
|
||||
body = netname: subnetname: suffix: rec {
|
||||
address = let
|
||||
suffix' =
|
||||
if hasEmptyGroup (parseAddress suffix)
|
||||
then suffix
|
||||
else joinAddress "::" suffix;
|
||||
in
|
||||
checkAddress addressLength (joinAddress subnetPrefix suffix');
|
||||
addressCIDR = "${address}/${toString addressLength}";
|
||||
addressLength = 128;
|
||||
|
||||
inherit netname;
|
||||
netCIDR = "${netAddress}/${toString netPrefixLength}";
|
||||
netAddress = joinAddress netPrefix "::";
|
||||
netHash = toString {
|
||||
retiolum = 0;
|
||||
wirelum = 1;
|
||||
}.${netname};
|
||||
netPrefix = "42:${netHash}";
|
||||
netPrefixLength = {
|
||||
retiolum = 32;
|
||||
wirelum = 32;
|
||||
}.${netname};
|
||||
|
||||
inherit subnetname;
|
||||
subnetCIDR = "${subnetAddress}/${toString subnetPrefixLength}";
|
||||
subnetAddress = joinAddress subnetPrefix "::";
|
||||
subnetHash = hash subnetname;
|
||||
subnetPrefix = joinAddress netPrefix subnetHash;
|
||||
subnetPrefixLength = netPrefixLength + 16;
|
||||
|
||||
inherit suffix;
|
||||
suffixLength = addressLength - subnetPrefixLength;
|
||||
};
|
||||
|
||||
hash = s: head (match "0*(.*)" (substring 0 4 (hashString "sha256" s)));
|
||||
|
||||
dropLast = n: xs: reverseList (drop n (reverseList xs));
|
||||
takeLast = n: xs: reverseList (take n (reverseList xs));
|
||||
|
||||
hasEmptyPrefix = xs: take 2 xs == ["" ""];
|
||||
hasEmptySuffix = xs: takeLast 2 xs == ["" ""];
|
||||
hasEmptyInfix = xs: any (x: x == "") (trimEmpty 2 xs);
|
||||
|
||||
hasEmptyGroup = xs:
|
||||
any (p: p xs) [hasEmptyPrefix hasEmptyInfix hasEmptySuffix];
|
||||
|
||||
ltrimEmpty = n: xs: if hasEmptyPrefix xs then drop n xs else xs;
|
||||
rtrimEmpty = n: xs: if hasEmptySuffix xs then dropLast n xs else xs;
|
||||
trimEmpty = n: xs: rtrimEmpty n (ltrimEmpty n xs);
|
||||
|
||||
parseAddress = splitString ":";
|
||||
formatAddress = concatStringsSep ":";
|
||||
|
||||
check = s: c: if !c then throw "${s}" else true;
|
||||
|
||||
checkAddress = maxaddrlen: addr: let
|
||||
parsedaddr = parseAddress addr;
|
||||
normalizedaddr = trimEmpty 1 parsedaddr;
|
||||
in
|
||||
assert (check "address malformed; lone leading colon: ${addr}" (
|
||||
head parsedaddr == "" -> tail (take 2 parsedaddr) == ""
|
||||
));
|
||||
assert (check "address malformed; lone trailing colon ${addr}" (
|
||||
last parsedaddr == "" -> head (takeLast 2 parsedaddr) == ""
|
||||
));
|
||||
assert (check "address malformed; too many successive colons: ${addr}" (
|
||||
length (filter (x: x == "") normalizedaddr) > 1 -> addr == [""]
|
||||
));
|
||||
assert (check "address malformed: ${addr}" (
|
||||
all (test "[0-9a-f]{0,4}") parsedaddr
|
||||
));
|
||||
assert (check "address is too long: ${addr}" (
|
||||
length normalizedaddr * 16 <= maxaddrlen
|
||||
));
|
||||
addr;
|
||||
|
||||
joinAddress = prefix: suffix: let
|
||||
parsedPrefix = parseAddress prefix;
|
||||
parsedSuffix = parseAddress suffix;
|
||||
normalizePrefix = rtrimEmpty 2 parsedPrefix;
|
||||
normalizeSuffix = ltrimEmpty 2 parsedSuffix;
|
||||
delimiter =
|
||||
optional (length (normalizePrefix ++ normalizeSuffix) < 8 &&
|
||||
(hasEmptySuffix parsedPrefix || hasEmptyPrefix parsedSuffix))
|
||||
"";
|
||||
in
|
||||
formatAddress (normalizePrefix ++ delimiter ++ normalizeSuffix);
|
||||
}
|
@ -192,6 +192,28 @@ rec {
|
||||
}));
|
||||
default = null;
|
||||
};
|
||||
wireguard = mkOption {
|
||||
type = nullOr (submodule ({ config, ... }: {
|
||||
options = {
|
||||
port = mkOption {
|
||||
type = int;
|
||||
description = "tinc port to use to connect to host";
|
||||
default = 51820;
|
||||
};
|
||||
pubkey = mkOption {
|
||||
type = wireguard-pubkey;
|
||||
};
|
||||
subnets = mkOption {
|
||||
type = listOf cidr;
|
||||
description = ''
|
||||
wireguard subnets,
|
||||
this defines how routing behaves for hosts that can't reach each other.
|
||||
'';
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
}));
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
@ -548,4 +570,6 @@ rec {
|
||||
check = filename.check;
|
||||
merge = mergeOneOption;
|
||||
};
|
||||
|
||||
wireguard-pubkey = str;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user