From aae94c69add3b8331cc5840de5c02ad800d9657f Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sat, 6 Jul 2024 00:29:42 +0530 Subject: [PATCH] layne: test wireguard module --- hosts/layne/wireguard.nix | 35 ++++++++++------------------------- hosts/shared/wireguard.nix | 10 ++++++++++ 2 files changed, 20 insertions(+), 25 deletions(-) create mode 100644 hosts/shared/wireguard.nix diff --git a/hosts/layne/wireguard.nix b/hosts/layne/wireguard.nix index 5e45d9a..1f8debf 100644 --- a/hosts/layne/wireguard.nix +++ b/hosts/layne/wireguard.nix @@ -1,4 +1,6 @@ { config, ... }: { + imports = [ ../shared/wireguard.nix ]; + sops.secrets = { "wireguard/layne/pk" = { mode = "400"; @@ -12,31 +14,14 @@ }; }; - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.wireguard = { + nodeconfig.wireguard = { enable = true; - interfaces = { - wg0 = { - ips = [ - "10.10.10.14/24" - "fd7c:585c:c4ae::14/64" - ]; - listenPort = 51834; - privateKeyFile = config.sops.secrets."wireguard/layne/pk".path; - peers = [ - { - name = "Proxy"; - endpoint = "165.232.180.97:51821"; - publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; - presharedKeyFile = config.sops.secrets."wireguard/layne/psk".path; - persistentKeepalive = 20; - allowedIPs = [ - "10.10.10.0/24" - "fd7c:585c:c4ae::0/64" - ]; - } - ]; - }; - }; + listen-port = 51834; + pk-file = config.sops.secrets."wireguard/layne/pk".path; + psk-file = config.sops.secrets."wireguard/layne/psk".path; + node-ips = [ + "10.10.10.14/24" + "fd7c:585c:c4ae::14/64" + ]; }; } diff --git a/hosts/shared/wireguard.nix b/hosts/shared/wireguard.nix new file mode 100644 index 0000000..6142560 --- /dev/null +++ b/hosts/shared/wireguard.nix @@ -0,0 +1,10 @@ +_: { + nodeconfig.wireguard = { + endpoint = "165.232.180.97:51821"; + endpoint-publickey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4="; + allowed-ips = [ + "10.10.10.0/24" + "fd7c:585c:c4ae::0/64" + ]; + }; +}