68 lines
1.5 KiB
Nix
68 lines
1.5 KiB
Nix
|
{ config, pkgs, extraInfo, ... }:
|
||
|
{
|
||
|
networking.firewall.allowedUDPPorts = [
|
||
|
51821
|
||
|
];
|
||
|
|
||
|
/* Wireguard */
|
||
|
networking.wireguard.interfaces.wg0 = {
|
||
|
ips = [ "10.100.0.6/24" ];
|
||
|
|
||
|
listenPort = 51820;
|
||
|
privateKeyFile = config.sops.secrets.wg0_private.path;
|
||
|
|
||
|
peers = [
|
||
|
# Rock Pro 64
|
||
|
{
|
||
|
publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
|
||
|
endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
|
||
|
allowedIPs = [ "10.100.0.1" ];
|
||
|
persistentKeepalive = 25;
|
||
|
}
|
||
|
|
||
|
# london
|
||
|
{
|
||
|
publicKey = "AvW61c9iSO0NiMrXpPsdeWigTO3JTCadqY5Wq5xLPH8=";
|
||
|
allowedIPs = [ "10.100.0.4" ];
|
||
|
}
|
||
|
|
||
|
# fuyuki
|
||
|
{
|
||
|
publicKey = "maCF41/gOh5p0BBgOh0x9S/ourGSM7qrFfEgmB+XGHY=";
|
||
|
allowedIPs = [ "10.100.0.3" ];
|
||
|
}
|
||
|
|
||
|
# Mobile
|
||
|
{
|
||
|
publicKey = "JoW+Iwysip46WWKJINneXWWG2YszzKEKlI3dW4SIjg0=";
|
||
|
allowedIPs = [ "10.100.0.5" ];
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
|
||
|
networking.wireguard.interfaces.wg1 = {
|
||
|
ips = [ "10.100.1.1" ];
|
||
|
listenPort = 51821;
|
||
|
privateKeyFile = config.sops.secrets.wg1_private.path;
|
||
|
interfaceNamespace = "wg1ns";
|
||
|
|
||
|
preSetup = ''
|
||
|
ip netns add wg1ns
|
||
|
'';
|
||
|
|
||
|
|
||
|
postShutdown = ''
|
||
|
ip netns del wg1ns
|
||
|
'';
|
||
|
|
||
|
peers = [
|
||
|
{
|
||
|
publicKey = "T0BlFaNi01Cu7sZkoJH4CtKLagTgoK1NZ6Qdt0pL7kQ=";
|
||
|
endpoint = "${extraInfo.wireguard.VPSEndpoint}:51821";
|
||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||
|
persistentKeepalive = 25;
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
}
|