57 lines
1.7 KiB
Nix
57 lines
1.7 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
port = 51820;
|
|
interface = config.my.interfaces.${config.networking.hostName};
|
|
in
|
|
{
|
|
options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration";
|
|
config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
|
|
sops.secrets."vps/server/private".sopsFile = ../../secrets/wireguard.yaml;
|
|
networking = {
|
|
firewall.allowedUDPPorts = [ port ];
|
|
nat = {
|
|
enable = true;
|
|
externalInterface = interface;
|
|
internalInterfaces = [ "wg0" ];
|
|
};
|
|
wireguard.interfaces.wg0 = {
|
|
ips = [
|
|
"${config.my.ips.wg-vps}/24"
|
|
"10.8.0.1/24"
|
|
"10.9.0.1/24"
|
|
];
|
|
listenPort = port;
|
|
postSetup = "";
|
|
postShutdown = "";
|
|
privateKeyFile = config.sops.secrets."vps/server/private".path;
|
|
peers = [
|
|
{
|
|
publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
|
|
allowedIPs = [ "${config.my.ips.wg-server}/32" ];
|
|
}
|
|
{
|
|
publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho=";
|
|
allowedIPs = [ "${config.my.ips.wg-friend1}/32" ];
|
|
}
|
|
{
|
|
publicKey = "R1CTx5+CXivMI6ZEmRYsyFUFILhe6Qnub0iEIRvvrEY=";
|
|
allowedIPs = [ "${config.my.ips.wg-friend2}/32" ];
|
|
}
|
|
{
|
|
publicKey = "ecPNSacD6yVwpnLBs171z0xkw9M1DXKh/Kn70cIBcwA=";
|
|
allowedIPs = [ "${config.my.ips.wg-friend3}/32" ];
|
|
}
|
|
{
|
|
publicKey = "yg+2miZCrx89znFaUlU/le/7UIPgEAMY74fZfEwz8g4=";
|
|
allowedIPs = [ "${config.my.ips.wg-friend4}/32" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|