hackens-org-configurations/machines/hackens-org/wireguard.nix

94 lines
2.1 KiB
Nix
Raw Normal View History

2024-01-12 18:07:38 +01:00
{
config,
lib,
pkgs,
...
2024-09-24 12:33:51 +02:00
}:
{
2024-01-12 18:07:38 +01:00
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.1/24"
];
2024-10-10 01:23:50 +02:00
networkConfig = {
IPv4Forwarding = true;
};
2024-09-24 12:33:51 +02:00
routes = [
{
2024-01-12 18:07:38 +01:00
Destination = "10.10.10.0/24";
Scope = "link";
2024-09-24 12:33:51 +02:00
}
];
2024-01-12 18:07:38 +01:00
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = config.age.secrets."wg-key".path;
};
wireguardPeers = [
2024-09-24 12:33:51 +02:00
{
# hackens-desktop
AllowedIPs = [
"10.10.10.3/32"
];
PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
2024-04-01 15:53:31 +02:00
}
{
# hackens-milieu
AllowedIPs = [
"10.10.10.4/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
}
2024-09-24 12:33:51 +02:00
{
# agb01
2024-09-24 12:33:51 +02:00
AllowedIPs = [
"10.10.10.5/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
}
{
# agb02
AllowedIPs = [
"10.10.10.6/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
2024-03-03 12:16:09 +01:00
}
2024-09-24 12:33:51 +02:00
{
# soyouzpanda
AllowedIPs = [
"10.10.10.11/32"
];
PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
2024-03-03 12:16:09 +01:00
}
2024-09-24 12:33:51 +02:00
{
# sinavir
AllowedIPs = [
"10.10.10.12/32"
];
PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
2024-03-03 12:16:09 +01:00
}
2024-10-10 20:44:54 +02:00
{
# catvayor
AllowedIPs = [
"10.10.10.13/32"
];
PublicKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
}
2024-01-12 18:07:38 +01:00
];
};
};
};
networking.firewall.allowedUDPPorts = [ 1194 ];
}