From 2766c9dbbfcde4adb8a6a211710e340daa75e520 Mon Sep 17 00:00:00 2001
From: sinavir <sinavir@sinavir.fr>
Date: Sun, 3 Mar 2024 12:16:09 +0100
Subject: [PATCH] org: vpn

---
 machines/hackens-org/secrets/default.nix |  1 +
 machines/hackens-org/wireguard.nix       | 27 ++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/machines/hackens-org/secrets/default.nix b/machines/hackens-org/secrets/default.nix
index 38f8036..f2beef2 100644
--- a/machines/hackens-org/secrets/default.nix
+++ b/machines/hackens-org/secrets/default.nix
@@ -9,5 +9,6 @@
   };
   age.secrets."wg-key" = {
     file = ./wg-key.age;
+    owner = "systemd-network";
   };
 }
diff --git a/machines/hackens-org/wireguard.nix b/machines/hackens-org/wireguard.nix
index 81bfd7e..1d7af40 100644
--- a/machines/hackens-org/wireguard.nix
+++ b/machines/hackens-org/wireguard.nix
@@ -18,6 +18,9 @@
             Scope = "link";
           };
         }];
+        networkConfig = {
+          IPForward = true;
+        };
       };
     };
     netdevs = {
@@ -32,6 +35,30 @@
         };
 
         wireguardPeers = [
+          { #bakham (AGB)
+            wireguardPeerConfig = {
+              AllowedIPs = [
+                "10.10.10.5/32"
+              ];
+              PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8=";
+            };
+          }
+          { #soyouzpanda
+            wireguardPeerConfig = {
+              AllowedIPs = [
+                "10.10.10.11/32"
+              ];
+              PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
+            };
+          }
+          { #sinavir
+            wireguardPeerConfig = {
+              AllowedIPs = [
+                "10.10.10.12/32"
+              ];
+              PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
+            };
+          }
         ];
       };
     };