enable wireguard

2024-03-31 22:28:56 +05:30 · 2024-03-31 22:28:56 +05:30 · e3a66faf21
commit e3a66faf21
parent a2867486cd
2 changed files with 34 additions and 0 deletions
--- a/hosts/skipper/network.nix
+++ b/hosts/skipper/network.nix
@ -1,4 +1,8 @@
 { lib, ... }: {
+  imports = [
+    ./wireguard.nix
+  ];
+
  networking = {
    firewall = {
      allowedTCPPorts = [
--- a/hosts/skipper/wireguard.nix
+++ b/hosts/skipper/wireguard.nix
@ -0,0 +1,30 @@
+{ secrets, ... }:
+let
+  wireguard_server = (secrets.wireguard_server // {
+    persistentKeepalive = 20;
+    allowedIPs = [
+      "10.10.10.0/24"
+      "fd7c:585c:c4ae::0/64"
+    ];
+  });
+in
+{
+  networking.firewall.trustedInterfaces = [ "wg0" ];
+  networking.wireguard = {
+    enable = true;
+    interfaces = {
+      wg0 = {
+        ips = [
+          "10.10.10.2/24"
+          "fd7c:585c:c4ae::2/64"
+        ];
+        listenPort = 51822;
+        privateKeyFile = "/etc/wireguard/private.key";
+        generatePrivateKeyFile = true;
+        peers = [
+          wireguard_server
+        ];
+      };
+    };
+  };
+}