lab-infra/machines/router02/wireguard.nix

{ config, ... }:
{
  config.age-secrets.autoMatch = [ "systemd-network" ];
  networking.firewall.trustedInterfaces = [ "wg0" ];
  systemd.network = {
    networks = {
      "50-wg-mgmt" = {
        name = "wg-mgmt";
        address = [
          "fdaa::1/64"
        ];
        routes = [
          {
            Destination = "fdaa::/64";
            Scope = "link";
          }
        ];
      };
    };
    netdevs = {
      "50-wg-mgmt" = {
        netdevConfig = {
          Name = "wg-mgmt";
          Kind = "wireguard";
        };
        wireguardConfig = {
          ListenPort = 1194;
          PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;
        };

        wireguardPeers = [
          {
            AllowedIPs = [
              "fdaa::2/64"
            ];
            PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
          }
        ];
      };
    };
  };
  networking.firewall.allowedUDPPorts = [ 1194 ];
}
feat: experimental routers infra for dn42 2024-12-05 09:57:42 +01:00			`{ config, ... }:`
			`{`
			`config.age-secrets.autoMatch = [ "systemd-network" ];`
			`networking.firewall.trustedInterfaces = [ "wg0" ];`
			`systemd.network = {`
			`networks = {`
			`"50-wg-mgmt" = {`
			`name = "wg-mgmt";`
			`address = [`
			`"fdaa::1/64"`
			`];`
			`routes = [`
			`{`
			`Destination = "fdaa::/64";`
			`Scope = "link";`
			`}`
			`];`
			`};`
			`};`
			`netdevs = {`
			`"50-wg-mgmt" = {`
			`netdevConfig = {`
			`Name = "wg-mgmt";`
			`Kind = "wireguard";`
			`};`
			`wireguardConfig = {`
			`ListenPort = 1194;`
			`PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;`
			`};`

			`wireguardPeers = [`
			`{`
			`AllowedIPs = [`
			`"fdaa::2/64"`
			`];`
			`PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";`
			`}`
			`];`
			`};`
			`};`
			`};`
			`networking.firewall.allowedUDPPorts = [ 1194 ];`
			`}`