jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wireguard vps

Browse Source
This commit is contained in:
Danilo Reyes 2025-09-07 18:40:14 -06:00
parent 825d8fe72d
commit 16e556f113
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/server/configuration.nix
View File

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -6,6 +6,7 @@
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix; my = import ./toggles.nix;
sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
networking = networking =
let let
ports = [ ports = [
@ -20,6 +21,18 @@
allowedTCPPorts = ports; allowedTCPPorts = ports;
allowedUDPPorts = ports; allowedUDPPorts = ports;
}; };
wireguard.interfaces.wg0 = {
ips = [ "10.77.0.2/32" ];
privateKeyFile = config.sops.secrets."vps/home/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "51.222.141.104:51820";
allowedIPs = [ "10.77.0.1/32" ];
persistentKeepalive = 25;
}
];
};
}; };
nix = nix =
let let

2
hosts/server/toggles.nix
View File

@ -26,7 +26,7 @@ in
services = enableList mkEnabled [ services = enableList mkEnabled [
"network" "network"
"nvidia" "nvidia"
"wireguard" # "wireguard"
]; ];
dev = enableList mkEnabled [ dev = enableList mkEnabled [
"nix" "nix"