non-netbird wireguard for watcher-manah link

domain-proxies.nix

@@ -4,7 +4,7 @@
       host = "kat-watcher";
       hypervisors."manah.katvayor.net" = {
         host = "kat-manah";
-        ip = "100.102.49.84";
+        ip = "10.42.0.1";
         port-forward = [ 9000 9500 ];
         vms = {
           "degette.katvayor.net" = {

kat/default.nix

@@ -11,6 +11,9 @@ with lib;
     ./root.nix
   ];
   options.kat = {
+    wireguardPubKey = mkOption {
+      type = types.str;
+    };
     path = mkOption {
       readOnly = true;
       type = types.path;
@@ -33,7 +36,11 @@ with lib;
       };
     };
     boot.tmp.useTmpfs = true;
-    networking.nftables.enable = true;
+    networking = {
+      useNetworkd = true;
+      nftables.enable = true;
+    };
+    systemd.network.enable = true;
     nix = {
       nixPath = [
         "nixpkgs=${builtins.storePath pkgs.path}"

machines/kat-manah/default.nix

@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  nodes,
   ...
 }:
 
@@ -16,6 +17,50 @@
   boot.supportedFilesystems = [ "bcachefs" ];
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
+  kat.wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
+  systemd.network = {
+    enable = true;
+    networks = {
+      "50-wg0" = {
+        name = "wg0";
+        addresses = [
+          {
+            Address = "10.42.0.1/16";
+            AddPrefixRoute = false;
+          }
+        ];
+        routes = [
+          {
+            Destination = "10.42.0.0/16";
+            Source = "10.42.0.1";
+          }
+        ];
+      };
+    };
+    netdevs = {
+      "50-wg0" = {
+        netdevConfig = {
+          Name = "wg0";
+          Kind = "wireguard";
+        };
+        wireguardConfig = {
+          PrivateKeyFile = "/etc/wg/private.key";
+        };
+
+        wireguardPeers = [
+          {
+            Endpoint = "watcher.katvayor.net:1194";
+            AllowedIPs = [
+              "10.42.0.2/32"
+            ];
+            PersistentKeepalive = 20;
+            PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
+          }
+        ];
+      };
+    };
+  };
+
   time.timeZone = "Europe/Paris";
 
   i18n.defaultLocale = "en_US.UTF-8";
@@ -73,7 +118,11 @@
   };
 
   networking.firewall = {
-    allowedTCPPorts = [ 9000 9500 53 ];
+    allowedTCPPorts = [
+      9000
+      9500
+      53
+    ];
     allowedUDPPorts = [ 67 ];
   };
   system.stateVersion = "23.11";

machines/kat-watcher/default.nix

@@ -2,9 +2,9 @@
   config,
   lib,
   pkgs,
+  nodes,
   ...
 }:
-
 {
   imports = [
     ./hardware-configuration.nix
@@ -27,9 +27,11 @@
     useNetworkd = true;
     useDHCP = false;
   };
+  kat.wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
   systemd.network = {
     enable = true;
-    networks."10-ens3" = {
+    networks = {
+      "10-ens3" = {
         name = "ens3";
         address = [
           "51.83.69.54/32"
@@ -46,6 +48,43 @@
         ];
         dns = [ "213.186.33.99" ];
       };
+      "50-wg0" = {
+        name = "wg0";
+        addresses = [
+          {
+            Address = "10.42.0.2/16";
+            AddPrefixRoute = false;
+          }
+        ];
+        routes = [
+          {
+            Destination = "10.42.0.0/16";
+            Source = "10.42.0.2";
+          }
+        ];
+      };
+    };
+    netdevs = {
+      "50-wg0" = {
+        netdevConfig = {
+          Name = "wg0";
+          Kind = "wireguard";
+        };
+        wireguardConfig = {
+          ListenPort = 1194;
+          PrivateKeyFile = "/etc/wg/private.key";
+        };
+
+        wireguardPeers = [
+          {
+              AllowedIPs = [
+                "10.42.0.1/32"
+              ];
+              PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
+          }
+        ];
+      };
+    };
   };
 
   i18n.defaultLocale = "en_US.UTF-8";
@@ -89,7 +128,10 @@
   services.netbird.enable = true;
   networking = {
     nftables.enable = true;
-    firewall.allowedTCPPorts = [ 22 ];
+    firewall = {
+      allowedTCPPorts = [ 22 ];
+      allowedUDPPorts = [ 1194 ];
+    };
   };
 
   system.stateVersion = "23.11";