os/hosts/chonk/wireguard.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

67 lines
1.6 KiB
Nix
Raw Normal View History

2023-02-25 13:45:21 +00:00
{
2023-11-11 00:06:36 +00:00
flake,
2023-02-25 13:45:21 +00:00
config,
pkgs,
...
}: {
2023-11-11 00:06:36 +00:00
age.secrets.home_controller_wireguard.file = "${flake.self}/secrets/chonk_wireguard_key.age";
2023-02-25 13:45:21 +00:00
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
# Enable WireGuard
networking.wireguard.interfaces = {
wg0 = {
2023-02-25 13:45:21 +00:00
ips = ["10.0.1.6"];
listenPort = 51899;
2023-02-25 13:45:21 +00:00
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# router
publicKey = "xqifcPfCgLNQ1M3w6zfoWVMkkz2lO5GZ/LlOECnPQFc=";
allowedIPs = ["10.0.1.1/32"];
persistentKeepalive = 25;
}
2023-02-25 13:45:21 +00:00
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = ["10.0.1.11/32"];
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = ["10.0.1.12/32"];
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = ["10.0.1.13/32"];
persistentKeepalive = 25;
}
2023-03-07 15:48:46 +00:00
{
# norman
publicKey = "FRNg+bJWPn4vAA2Fw8PXYsTpxdEKdVE+b7eTtl8ORxM=";
allowedIPs = ["10.0.1.121/32"];
2023-02-25 13:45:21 +00:00
2023-03-07 15:48:46 +00:00
persistentKeepalive = 25;
}
2023-02-25 13:45:21 +00:00
{
# hsha
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
allowedIPs = ["10.0.1.254/32"];
persistentKeepalive = 25;
}
];
};
};
}