66 lines
2 KiB
Nix
66 lines
2 KiB
Nix
{
|
|
self,
|
|
config,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
age.secrets.home_controller_wireguard.file = "${self}/secrets/chonk_wireguard_key.age";
|
|
|
|
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
|
|
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
|
|
|
|
# Enable WireGuard
|
|
networking.wireguard.interfaces = {
|
|
wg1 = {
|
|
# Determines the IP address and subnet of the client's end of the tunnel interface.
|
|
ips = ["10.0.1.6"];
|
|
listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
|
|
|
# Path to the private key file.
|
|
#
|
|
# Note: The private key can also be included inline via the privateKey option,
|
|
# but this makes the private key world-readable; thus, using privateKeyFile is
|
|
# recommended.
|
|
privateKeyFile = "/run/agenix/home_controller_wireguard";
|
|
|
|
peers = [
|
|
# For a client configuration, one peer entry for the server will suffice.
|
|
|
|
{
|
|
# giggles
|
|
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
|
|
allowedIPs = ["10.0.1.11/32"];
|
|
|
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|
persistentKeepalive = 25;
|
|
}
|
|
{
|
|
# cox
|
|
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
|
|
allowedIPs = ["10.0.1.12/32"];
|
|
|
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|
persistentKeepalive = 25;
|
|
}
|
|
{
|
|
# companion
|
|
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
|
|
allowedIPs = ["10.0.1.13/32"];
|
|
|
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|
persistentKeepalive = 25;
|
|
}
|
|
|
|
{
|
|
# hsha
|
|
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
|
|
allowedIPs = ["10.0.1.254/32"];
|
|
|
|
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
}
|