feat(wg-agb02): connecting to wireguard

This commit is contained in:
catvayor 2024-10-12 15:16:18 +02:00
parent 891b02e96d
commit af71fc1063
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
8 changed files with 79 additions and 2 deletions

View file

@ -3,6 +3,8 @@
{ {
imports = [ imports = [
"${modulesPath}/installer/sd-card/sd-image-aarch64.nix" "${modulesPath}/installer/sd-card/sd-image-aarch64.nix"
./secrets
./networking.nix
./users.nix ./users.nix
]; ];
sdImage.compressImage = false; sdImage.compressImage = false;

View file

@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}: {
systemd.network = {
enable = true;
networks = {
"50-wg0" = {
name = "wg0";
address = [
"10.10.10.6/24"
];
};
};
netdevs = {
"50-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig.PrivateKeyFile = config.age.secrets."wg".path;
wireguardPeers = [
{
AllowedIPs = [
"10.10.10.0/24"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-org.pub);
Endpoint = "129.199.129.76:1194";
PersistentKeepalive = 5;
}
];
};
};
};
networking = {
nameservers = [
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
};
}

View file

@ -0,0 +1,11 @@
{
pkgs,
config,
lib,
...
}: {
age.secrets."wg" = {
file = ./wg.age;
owner = "systemd-network";
};
}

View file

@ -0,0 +1,8 @@
let
lib = (import <nixpkgs> {}).lib;
readPubkeys = user:
builtins.filter (k: k != "") (lib.splitString "\n"
(builtins.readFile (../../../pubkeys + "/${user}.keys")));
in {
"wg.age".publicKeys = (readPubkeys "catvayor") ++ (readPubkeys "sinavir") ++ (readPubkeys "agb02");
}

Binary file not shown.

View file

@ -51,11 +51,18 @@
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub); PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
} }
{ {
# bakham (AGB) # agb01
AllowedIPs = [ AllowedIPs = [
"10.10.10.5/32" "10.10.10.5/32"
]; ];
PublicKey = "JpUHFiavhlQfiHfOdUffQP3HLLeStttheACCaqlXAF8="; PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
}
{
# agb02
AllowedIPs = [
"10.10.10.6/32"
];
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
} }
{ {
# soyouzpanda # soyouzpanda

1
pubkeys/agb02.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM9857OPKpc9JfsoXSFXjV5gFIU60vWLRkMncYrgDyj3 root@agb02

1
wg-keys/agb02.pub Normal file
View file

@ -0,0 +1 @@
CGdgPLO9HbrOawLJFl8YENbf55ECZSVQp5JBlRjokCA=