diff --git a/machines/kat-probook/default.nix b/machines/kat-probook/default.nix index afa4117..54e2395 100644 --- a/machines/kat-probook/default.nix +++ b/machines/kat-probook/default.nix @@ -4,6 +4,7 @@ pkgs, mods, sources, + nodes, ... }: @@ -13,6 +14,17 @@ # ./router.nix ]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + fileSystems."/tmp" = { + fsType = "tmpfs"; + device = "tmpfs"; + options = [ + "nosuid" + "nodev" + "relatime" + "size=12G" + ]; + }; boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; @@ -27,7 +39,43 @@ ]; }; }; - systemd.network.wait-online.anyInterface = true; + kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4="; + systemd.network = { + wait-online.anyInterface = true; + networks."50-wg0" = { + name = "wg0"; + address = [ + "10.10.10.13/24" + "10.42.1.1/16" + ]; + }; + netdevs."50-wg0" = { + netdevConfig = { + Name = "wg0"; + Kind = "wireguard"; + }; + wireguardConfig.PrivateKeyFile = "/wg/private.key"; + + wireguardPeers = [ + { + AllowedIPs = [ + "10.10.10.0/24" + ]; + PublicKey = "CzUK0RPHsoG9N1NisOG0u7xwyGhTZnjhl7Cus3X76Es="; + Endpoint = "129.199.129.76:1194"; + PersistentKeepalive = 25; + } + { + AllowedIPs = [ + "10.42.0.0/16" + ]; + PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey; + Endpoint = "watcher.katvayor.net:1194"; + PersistentKeepalive = 25; + } + ]; + }; + }; nixpkgs.config.allowUnfree = true; diff --git a/machines/kat-watcher/default.nix b/machines/kat-watcher/default.nix index c6fc932..277f3f8 100644 --- a/machines/kat-watcher/default.nix +++ b/machines/kat-watcher/default.nix @@ -77,6 +77,12 @@ ]; PublicKey = nodes.kat-manah.config.kat.wireguardPubKey; } + { + AllowedIPs = [ + "10.42.1.1/32" + ]; + PublicKey = nodes.kat-probook.config.kat.wireguardPubKey; + } ]; }; };