Add wireguard config
This commit is contained in:
parent
59e3fef8e2
commit
e67dd88e03
Binary file not shown.
BIN
common/secret/wireguard-psk
Normal file
BIN
common/secret/wireguard-psk
Normal file
Binary file not shown.
|
@ -3,7 +3,8 @@
|
|||
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
|
||||
|
||||
let
|
||||
inherit (config.m-0.private) me;
|
||||
inherit (config.m-0.private) me wireguard;
|
||||
inherit (config.m-0) hosts;
|
||||
in {
|
||||
|
||||
imports = [
|
||||
|
@ -16,6 +17,20 @@ imports = [
|
|||
|
||||
networking = {
|
||||
hostName = "apollo";
|
||||
wireguard.interfaces = {
|
||||
wireguard = {
|
||||
ips = [ "${hosts.apollo}/128" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/apollo/secret/wireguard-private";
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = [ "::/0" ];
|
||||
endpoint = "hera.m-0.eu:${wireguard.port}";
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
m-0 = {
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
# You need pw-files for every configured user in ./secret/pw-useralias for login to work.
|
||||
|
||||
let
|
||||
me = config.m-0.private.me;
|
||||
inherit (config.m-0.private) me wireguard;
|
||||
inherit (config.m-0) hosts;
|
||||
unstable-pkgs = import <unstable> {};
|
||||
in {
|
||||
|
||||
|
@ -31,6 +32,20 @@ networking = {
|
|||
ipv6.addresses = [{ address = config.m-0.hosts.hera-intern; prefixLength = 112; }];
|
||||
};
|
||||
nameservers = [ "213.136.95.10" "2a02:c207::1:53" "2a02:c207::2:53" ];
|
||||
wireguard.interfaces = {
|
||||
wireguard = {
|
||||
ips = [ "${hosts.hera}/128" ];
|
||||
privateKeyFile = "/etc/nixos/hosts/hera/secret/wireguard-private";
|
||||
listenPort = wireguard.port;
|
||||
peers = [
|
||||
{
|
||||
publicKey = wireguard.pub.apollo;
|
||||
allowedIPs = [ "${hosts.apollo}::/120" ];
|
||||
presharedKeyFile = "/etc/nixos/common/secret/wireguard-psk";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
|
|
Loading…
Reference in a new issue