Rework some wireguard stuff
This commit is contained in:
parent
57fcd83770
commit
97e837ac5f
|
@ -10,7 +10,7 @@
|
|||
../../../modules/system/devices/boot/systemd
|
||||
../../../modules/system/devices/networking
|
||||
../../../modules/system/devices/networking/firewall/pc
|
||||
#../../../modules/system/devices/networking/wireguard/pc
|
||||
../../../modules/system/devices/networking/wireguard/pc
|
||||
../../../modules/system/programs/git
|
||||
../../../modules/system/programs/security
|
||||
../../../modules/system/services/common
|
||||
|
@ -21,4 +21,5 @@
|
|||
];
|
||||
|
||||
networking.hostName = "bomberman";
|
||||
systemd.network.networks.wg0.address = [ "10.100.0.19/24" ];
|
||||
}
|
||||
|
|
|
@ -1,22 +1,32 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
"${config.ips.wgInt}" = {
|
||||
# Define IP of client in per device config
|
||||
listenPort = 51820;
|
||||
privateKey = config.secrets.wgClientPriv;
|
||||
peers = [
|
||||
{ # 0.0.0.0 makes wg act like a traditional VPN
|
||||
publicKey = config.secrets.wgServerPub;
|
||||
allowedIPs = [ "0.0.0.0/0" ];
|
||||
endpoint = "sv.${config.secrets.jimDomain}:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
netdevs = {
|
||||
"10-wg0" = {
|
||||
netdevConfig = {
|
||||
Kind = "wireguard";
|
||||
Name = "wg0";
|
||||
MTUBytes = 1300;
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = pkgs.writeText "privkey" config.secrets.wgClientPriv;
|
||||
ListenPort = 9918;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
PublicKey = config.secrets.wgServerPub;
|
||||
AllowedIPs = [ "0.0.0.0/0" ];
|
||||
Endpoint = "sv.${config.secrets.jimDomain}:51820";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
networks.wg0 = {
|
||||
matchConfig.Name = "wg0";
|
||||
address = [ "10.100.0.19/24" ];
|
||||
dns = [ "1.1.1.1" ];
|
||||
gateway = [ "${config.ips.wgSpan}.1" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -21,10 +21,6 @@
|
|||
publicKey = config.secrets.wgPixel9Pub;
|
||||
allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
|
||||
}
|
||||
{ # Oracle VM
|
||||
publicKey = config.secrets.wgOraclePub;
|
||||
allowedIPs = [ "${config.ips.wgSpan}.3/32" ];
|
||||
}
|
||||
{ # General Nix
|
||||
publicKey = config.secrets.wgClientPub;
|
||||
allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
|
||||
|
|
Loading…
Reference in a new issue