{ config, pkgs, extraInfo, ... }: { networking.firewall.allowedUDPPorts = [ 51821 ]; /* Wireguard */ networking.wireguard.interfaces.wg0 = { ips = [ "10.100.0.6/24" ]; listenPort = 51820; privateKeyFile = config.sops.secrets.wg0_private.path; peers = [ # Rock Pro 64 { publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4="; endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820"; allowedIPs = [ "10.100.0.1" ]; persistentKeepalive = 25; } # london { publicKey = "AvW61c9iSO0NiMrXpPsdeWigTO3JTCadqY5Wq5xLPH8="; allowedIPs = [ "10.100.0.4" ]; } # fuyuki { publicKey = "maCF41/gOh5p0BBgOh0x9S/ourGSM7qrFfEgmB+XGHY="; allowedIPs = [ "10.100.0.3" ]; } # Mobile { publicKey = "JoW+Iwysip46WWKJINneXWWG2YszzKEKlI3dW4SIjg0="; allowedIPs = [ "10.100.0.5" ]; } ]; }; networking.wireguard.interfaces.wg1 = { ips = [ "10.100.1.1" ]; listenPort = 51821; privateKeyFile = config.sops.secrets.wg1_private.path; interfaceNamespace = "wg1ns"; preSetup = '' ip netns add wg1ns ''; postShutdown = '' ip netns del wg1ns ''; peers = [ { publicKey = "T0BlFaNi01Cu7sZkoJH4CtKLagTgoK1NZ6Qdt0pL7kQ="; endpoint = "${extraInfo.wireguard.VPSEndpoint}:51821"; allowedIPs = [ "0.0.0.0/0" ]; persistentKeepalive = 25; } ]; }; }