rico*: enable wireguard

2024-06-30 17:54:04 +05:30 · 2024-06-30 17:54:04 +05:30 · f78ec1bc61
commit f78ec1bc61
parent feeb2dba32
6 changed files with 93 additions and 0 deletions
--- a/hosts/rico0/network.nix
+++ b/hosts/rico0/network.nix
@ -1,4 +1,5 @@
 { lib, ... }: {
  imports = [ ./wireguard.nix ];
  networking = {
    nameservers = [
      "2620:fe::fe#dns.quad9.net"
--- a/hosts/rico0/wireguard.nix
+++ b/hosts/rico0/wireguard.nix
@ -0,0 +1,30 @@
 { config, ... }: {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  networking.wireguard = {
    enable = true;
    interfaces = {
      wg0 = {
        ips = [
          "10.10.10.10/24"
          "fd7c:585c:c4ae::10/64"
        ];
        listenPort = 51822;
        privateKeyFile = "/persist/secrets/wireguard/private.key";
        generatePrivateKeyFile = true;
        peers = [
          {
            name = "Proxy";
            endpoint = "165.232.180.97:51821";
            publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
            presharedKeyFile = config.sops.secrets."wireguard/psk/rico0".path;
            persistentKeepalive = 20;
            allowedIPs = [
              "10.10.10.0/24"
              "fd7c:585c:c4ae::0/64"
            ];
          }
        ];
      };
    };
  };
 }
--- a/hosts/rico1/network.nix
+++ b/hosts/rico1/network.nix
@ -1,4 +1,5 @@
 { lib, ... }: {
  imports = [ ./wireguard.nix ];
  networking = {
    nameservers = [
      "2620:fe::fe#dns.quad9.net"
--- a/hosts/rico1/wireguard.nix
+++ b/hosts/rico1/wireguard.nix
@ -0,0 +1,30 @@
 { config, ... }: {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  networking.wireguard = {
    enable = true;
    interfaces = {
      wg0 = {
        ips = [
          "10.10.10.11/24"
          "fd7c:585c:c4ae::11/64"
        ];
        listenPort = 51822;
        privateKeyFile = "/persist/secrets/wireguard/private.key";
        generatePrivateKeyFile = true;
        peers = [
          {
            name = "Proxy";
            endpoint = "165.232.180.97:51821";
            publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
            presharedKeyFile = config.sops.secrets."wireguard/psk/rico1".path;
            persistentKeepalive = 20;
            allowedIPs = [
              "10.10.10.0/24"
              "fd7c:585c:c4ae::0/64"
            ];
          }
        ];
      };
    };
  };
 }
--- a/hosts/rico2/network.nix
+++ b/hosts/rico2/network.nix
@ -1,4 +1,5 @@
 { lib, ... }: {
  imports = [ ./wireguard.nix ];
  networking = {
    nameservers = [
      "2620:fe::fe#dns.quad9.net"
--- a/hosts/rico2/wireguard.nix
+++ b/hosts/rico2/wireguard.nix
@ -0,0 +1,30 @@
 { config, ... }: {
  networking.firewall.trustedInterfaces = [ "wg0" ];
  networking.wireguard = {
    enable = true;
    interfaces = {
      wg0 = {
        ips = [
          "10.10.10.12/24"
          "fd7c:585c:c4ae::12/64"
        ];
        listenPort = 51822;
        privateKeyFile = "/persist/secrets/wireguard/private.key";
        generatePrivateKeyFile = true;
        peers = [
          {
            name = "Proxy";
            endpoint = "165.232.180.97:51821";
            publicKey = "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=";
            presharedKeyFile = config.sops.secrets."wireguard/psk/rico2".path;
            persistentKeepalive = 20;
            allowedIPs = [
              "10.10.10.0/24"
              "fd7c:585c:c4ae::0/64"
            ];
          }
        ];
      };
    };
  };
 }