common/network/pia-wireguard.nix

@@ -11,7 +11,6 @@
 # TODO implement this module such that the wireguard VPN doesn't have to live in a container
 # TODO don't add forward rules if the PIA port is the same as cfg.forwardedPort
 # TODO verify signatures of PIA responses
-# TODO `RuntimeMaxSec = "30d";` for pia-vpn-wireguard-init isn't allowed per the systemd logs. Find alternative.
 
 with builtins;
 with lib;
@@ -144,14 +143,14 @@ in
     systemd.services.pia-vpn-wireguard-init = {
       description = "Creates PIA VPN Wireguard Interface";
 
-      wants = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       before = [ containerServiceName ];
       requiredBy = [ containerServiceName ];
       partOf = [ containerServiceName ];
       wantedBy = [ "multi-user.target" ];
 
-      path = with pkgs; [ wireguard-tools jq curl iproute iputils ];
+      path = with pkgs; [ wireguard-tools jq curl iproute ];
 
       serviceConfig = {
         Type = "oneshot";
@@ -163,11 +162,6 @@ in
       };
 
       script = ''
-        echo Waiting for internet...
-        while ! ping -c 1 -W 1 1.1.1.1; do
-            sleep 1
-        done
-
         # Prepare to connect by generating wg secrets and auth'ing with PIA since the container
         # cannot do without internet to start with. NAT'ing the host's internet would address this
         # issue but is not ideal because then leaking network outside of the VPN is more likely.
@@ -220,7 +214,7 @@ in
     vpn-container.config.systemd.services.pia-vpn-wireguard = {
       description = "Initializes the PIA VPN WireGuard Tunnel";
 
-      wants = [ "network-online.target" ];
+      requires = [ "network-online.target" ];
       after = [ "network.target" "network-online.target" ];
       wantedBy = [ "multi-user.target" ];
 

machines/storage/s0/hardware-configuration.nix

@@ -39,6 +39,12 @@
       fsType = "zfs";
       options = [ "zfsutil" "X-mount.mkdir" ];
     };
+  fileSystems."/home" =
+    {
+      device = "rpool/nixos/home";
+      fsType = "zfs";
+      options = [ "zfsutil" "X-mount.mkdir" ];
+    };
   fileSystems."/var/lib" =
     {
       device = "rpool/nixos/var/lib";
@@ -51,6 +57,13 @@
       fsType = "zfs";
       options = [ "zfsutil" "X-mount.mkdir" ];
     };
+
+  fileSystems."/data" =
+    {
+      device = "rpool/nixos/data";
+      fsType = "zfs";
+      options = [ "zfsutil" "X-mount.mkdir" ];
+    };
   fileSystems."/boot" =
     {
       device = "/dev/disk/by-uuid/4FB4-738E";
@@ -59,7 +72,6 @@
   swapDevices = [ ];
 
   networking.interfaces.eth0.useDHCP = true;
-  networking.interfaces.eth1.useDHCP = true;
 
   powerManagement.cpuFreqGovernor = "powersave";
 }