70 lines
1.6 KiB
Nix
70 lines
1.6 KiB
Nix
{ config, pkgs, extraInfo, ... }:
|
|
{
|
|
networking.firewall.allowedUDPPorts = [
|
|
51821
|
|
];
|
|
|
|
/* Wireguard */
|
|
networking.wireguard.interfaces.wg0 = {
|
|
ips = [ "10.100.0.6/8" ];
|
|
|
|
listenPort = 51820;
|
|
privateKeyFile = config.sops.secrets.wg0_private.path;
|
|
|
|
peers = [
|
|
# Rock Pro 64
|
|
{
|
|
publicKey = "XVmG3/rNsCqc8KCmOx3+UUn9DJOnJ40Uxid5JGdChR4=";
|
|
endpoint = "${extraInfo.wireguard.rockProEndpoint}:51820";
|
|
allowedIPs = [ "10.100.0.1" ];
|
|
persistentKeepalive = 25;
|
|
}
|
|
|
|
# london
|
|
{
|
|
publicKey = "AvW61c9iSO0NiMrXpPsdeWigTO3JTCadqY5Wq5xLPH8=";
|
|
allowedIPs = [ "10.100.0.4" ];
|
|
}
|
|
|
|
# fuyuki
|
|
{
|
|
publicKey = "maCF41/gOh5p0BBgOh0x9S/ourGSM7qrFfEgmB+XGHY=";
|
|
allowedIPs = [ "10.100.0.3" ];
|
|
}
|
|
|
|
# Mobile
|
|
{
|
|
publicKey = "JoW+Iwysip46WWKJINneXWWG2YszzKEKlI3dW4SIjg0=";
|
|
allowedIPs = [ "10.100.0.5" ];
|
|
}
|
|
];
|
|
};
|
|
|
|
networking.wireguard.interfaces.wg1 = {
|
|
ips = [ extraInfo.wireguard.VPNAddress ];
|
|
listenPort = 51821;
|
|
privateKeyFile = config.sops.secrets.wg1_private.path;
|
|
interfaceNamespace = "wg1ns";
|
|
|
|
preSetup = ''
|
|
ip netns add wg1ns
|
|
ip netns exec wg1ns ip addr add 127.0.0.1/8 dev lo
|
|
ip netns exec wg1ns ip link set lo up
|
|
'';
|
|
|
|
|
|
postShutdown = ''
|
|
ip netns del wg1ns
|
|
'';
|
|
|
|
peers = [
|
|
{
|
|
publicKey = extraInfo.wireguard.VPNPublicKey;
|
|
endpoint = extraInfo.wireguard.VPNEndpoint;
|
|
allowedIPs = [ "0.0.0.0/0" ];
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
}
|