Update more Wireguard

2025-04-16 21:17:32 -04:00 · 2025-04-16 21:17:32 -04:00 · 981c065928
commit 981c065928
parent 3df764b525
3 changed files with 44 additions and 45 deletions
--- a/hosts/midas/default.nix
+++ b/hosts/midas/default.nix
@ -15,14 +15,6 @@
  networking = {
    hostName = "midas";
    hostId = "38ba3f57";
    vlans.internal = {
      id=100;
      interface="enp0s31f6";
    };
    interfaces.internal.ipv4.addresses = [{
      address = "11.0.0.1";
      prefixLength = 8;
    }];
  };
  system = {
--- a/modules/system/services/server/wireguard/client/default.nix
+++ b/modules/system/services/server/wireguard/client/default.nix
@ -1,19 +1,14 @@
 { config, lib, ... }:
 {
-  config = lib.mkIf config.services.wireguard.client.enable {
+  networking.wg-quick.interfaces.wgc = lib.mkIf config.services.wireguard.client.enable {
-    networking = {
+    privateKey = config.secrets.wg.clientKey;
-      firewall.trustedInterfaces = [ "wgc" ];
+    peers = [
-      wg-quick.interfaces.wgc = {
+      { # Home server
-        privateKey = config.secrets.wg.clientKey;
+        publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
-        peers = [
+        allowedIPs = [ "11.0.0.0/8" ];
-          { # Kitty server
+        endpoint = "sv.nixfox.ca:51820";
-            publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
+        persistentKeepalive = 25;
-            allowedIPs = [ "10.100.0.0/24" ];
+      }
-            endpoint = "sv.nixfox.ca:51820";
+    ];
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
 }
--- a/modules/system/services/server/wireguard/server/default.nix
+++ b/modules/system/services/server/wireguard/server/default.nix
@ -1,29 +1,41 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 {
  config = lib.mkIf config.services.wireguard.server.enable {
-    networking = {
+    systemd.network = {
-      firewall.allowedUDPPorts = [ 51820 ];
+      netdevs = {
-
+        "50-wg0" = {
-      nat = {
+          netdevConfig = {
-        enable = true;
+            Kind = "wireguard";
-        internalInterfaces = [ "wgs" ];
+            Name = "wg0";
            MTUBytes = "1300";
          };
          wireguardConfig = {
            PrivateKeyFile = pkgs.writeText "wgserversecret" config.secrets.wg.serverKey;
            ListenPort = 51820;
            RouteTable = "main";
          };
          wireguardPeers = [
            { # NixOS Config Key
              PublicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
              AllowedIPs = [ "11.0.0.0/8" ];
            }
            { # Pixel 9
              PublicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
              AllowedIPs = [ "11.1.0.1/32" ];
            }
          ];
        };
      };
-
+      networks.wg0 = {
-      wireguard.interfaces.wgs = {
+        matchConfig.Name = "wg0";
-        ips = [ "10.100.0.1/24" ];
+        address = [ "11.0.0.1/8" ];
-        listenPort = 51820;
+        networkConfig = {
-        privateKey = config.secrets.wg.serverKey;
+          IPMasquerade = "ipv4";
-        peers = [
+          IPv4Forwarding = true;
-          { # NixOS Config Key
+        };
            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
            allowedIPs = [ "10.100.0.16/28" ];
          }
          { # Pixel 9
            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
            allowedIPs = [ "10.100.0.2/32" ];
          }
        ];
      };
    };
    networking.firewall.allowedUDPPorts = [ 51820 ];
  };
 }