c/infra
1
Fork 0
Code Issues Releases Activity

[fugitive] Add wireguard interface

Browse Source
This commit is contained in:
ctsk
2023-09-28 20:38:04 +02:00
parent 1935ac96f3
commit fc14adf077
1 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
lib/systems/fugitive/default.nix
View File

@@ -6,6 +6,14 @@ let
ssh = [ 2322 2323 2324 ]; ssh = [ 2322 2323 2324 ];
gitea = 10010; gitea = 10010;
headscale = 10020; headscale = 10020;
wg0 = 51820;
};
pubkeys = {
labyrinth = {
wg = "fGP6Iebdk31dDtreRmvrur+9IzRL56v3N/sw1ILGPSk=";
nix = "labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0=";
};
}; };
in in
@@ -41,6 +49,22 @@ in
networking.firewall = { networking.firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [ ports.wg0 ];
};
networking.wireguard.enable = true;
networking.wireguard.interfaces = {
wg0 = {
ips = ["10.11.12.1/24" ];
listenPort = ports.wg0;
privateKeyFile = "/srv/wireguard/wg0.private";
generatePrivateKeyFile = true;
peers = [{
publicKey = pubkeys.labyrinth.wg;
allowedIPs = [ "10.11.12.2/32" ];
}];
};
}; };
security = { security = {
@@ -58,9 +82,7 @@ in
nix.settings = { nix.settings = {
trusted-users = [ "@wheel" ]; trusted-users = [ "@wheel" ];
trusted-public-keys = [ trusted-public-keys = [ pubkeys.labyrinth.nix ];
"labyrinth-1:GCR2h5k9WFvome2mrFRBtiWw7sAn+pYZwXRwAj9W0b0="
];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [