94 lines
2.1 KiB
Nix
94 lines
2.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
networking.firewall.trustedInterfaces = [ "wg0" ];
|
|
systemd.network = {
|
|
enable = true;
|
|
networks = {
|
|
"50-wg0" = {
|
|
name = "wg0";
|
|
address = [
|
|
"10.10.10.1/24"
|
|
];
|
|
networkConfig = {
|
|
IPv4Forwarding = true;
|
|
};
|
|
routes = [
|
|
{
|
|
Destination = "10.10.10.0/24";
|
|
Scope = "link";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
netdevs = {
|
|
"50-wg0" = {
|
|
netdevConfig = {
|
|
Name = "wg0";
|
|
Kind = "wireguard";
|
|
};
|
|
wireguardConfig = {
|
|
ListenPort = 1194;
|
|
PrivateKeyFile = config.age.secrets."wg-key".path;
|
|
};
|
|
|
|
wireguardPeers = [
|
|
{
|
|
# hackens-desktop
|
|
AllowedIPs = [
|
|
"10.10.10.3/32"
|
|
];
|
|
PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
|
|
}
|
|
{
|
|
# hackens-milieu
|
|
AllowedIPs = [
|
|
"10.10.10.4/32"
|
|
];
|
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/hackens-milieu.pub);
|
|
}
|
|
{
|
|
# agb01
|
|
AllowedIPs = [
|
|
"10.10.10.5/32"
|
|
];
|
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb01.pub);
|
|
}
|
|
{
|
|
# agb02
|
|
AllowedIPs = [
|
|
"10.10.10.6/32"
|
|
];
|
|
PublicKey = lib.trim (builtins.readFile ../../wg-keys/agb02.pub);
|
|
}
|
|
{
|
|
# soyouzpanda
|
|
AllowedIPs = [
|
|
"10.10.10.11/32"
|
|
];
|
|
PublicKey = "/xjWqkiyHY93wqo/Apj5SHP8UaXF4mKQRVwylKC2wy8=";
|
|
}
|
|
{
|
|
# sinavir
|
|
AllowedIPs = [
|
|
"10.10.10.12/32"
|
|
];
|
|
PublicKey = "kmc3PexCMKm1Tg8WUDbHaOkcWLl8KUh52CtrDOODf0M=";
|
|
}
|
|
{
|
|
# catvayor
|
|
AllowedIPs = [
|
|
"10.10.10.13/32"
|
|
];
|
|
PublicKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedUDPPorts = [ 1194 ];
|
|
}
|