Update more Wireguard
This commit is contained in:
parent
3df764b525
commit
981c065928
3 changed files with 44 additions and 45 deletions
|
|
@ -15,14 +15,6 @@
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "midas";
|
hostName = "midas";
|
||||||
hostId = "38ba3f57";
|
hostId = "38ba3f57";
|
||||||
vlans.internal = {
|
|
||||||
id=100;
|
|
||||||
interface="enp0s31f6";
|
|
||||||
};
|
|
||||||
interfaces.internal.ipv4.addresses = [{
|
|
||||||
address = "11.0.0.1";
|
|
||||||
prefixLength = 8;
|
|
||||||
}];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
system = {
|
system = {
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,14 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.services.wireguard.client.enable {
|
networking.wg-quick.interfaces.wgc = lib.mkIf config.services.wireguard.client.enable {
|
||||||
networking = {
|
|
||||||
firewall.trustedInterfaces = [ "wgc" ];
|
|
||||||
wg-quick.interfaces.wgc = {
|
|
||||||
privateKey = config.secrets.wg.clientKey;
|
privateKey = config.secrets.wg.clientKey;
|
||||||
peers = [
|
peers = [
|
||||||
{ # Kitty server
|
{ # Home server
|
||||||
publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
|
publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
|
||||||
allowedIPs = [ "10.100.0.0/24" ];
|
allowedIPs = [ "11.0.0.0/8" ];
|
||||||
endpoint = "sv.nixfox.ca:51820";
|
endpoint = "sv.nixfox.ca:51820";
|
||||||
persistentKeepalive = 25;
|
persistentKeepalive = 25;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,29 +1,41 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
{
|
{
|
||||||
config = lib.mkIf config.services.wireguard.server.enable {
|
config = lib.mkIf config.services.wireguard.server.enable {
|
||||||
networking = {
|
systemd.network = {
|
||||||
firewall.allowedUDPPorts = [ 51820 ];
|
netdevs = {
|
||||||
|
"50-wg0" = {
|
||||||
nat = {
|
netdevConfig = {
|
||||||
enable = true;
|
Kind = "wireguard";
|
||||||
internalInterfaces = [ "wgs" ];
|
Name = "wg0";
|
||||||
|
MTUBytes = "1300";
|
||||||
};
|
};
|
||||||
|
wireguardConfig = {
|
||||||
wireguard.interfaces.wgs = {
|
PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey;
|
||||||
ips = [ "10.100.0.1/24" ];
|
ListenPort = 51820;
|
||||||
listenPort = 51820;
|
RouteTable = "main";
|
||||||
privateKey = config.secrets.wg.serverKey;
|
};
|
||||||
peers = [
|
wireguardPeers = [
|
||||||
{ # NixOS Config Key
|
{ # NixOS Config Key
|
||||||
publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
|
PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
|
||||||
allowedIPs = [ "10.100.0.16/28" ];
|
AllowedIPs = [ "11.0.0.0/8" ];
|
||||||
}
|
}
|
||||||
{ # Pixel 9
|
{ # Pixel 9
|
||||||
publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
|
PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
|
||||||
allowedIPs = [ "10.100.0.2/32" ];
|
AllowedIPs = [ "11.1.0.1/32" ];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
networks.wg0 = {
|
||||||
|
matchConfig.Name = "wg0";
|
||||||
|
address = [ "11.0.0.1/8" ];
|
||||||
|
networkConfig = {
|
||||||
|
IPMasquerade = "ipv4";
|
||||||
|
IPv4Forwarding = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue