49 lines
1.8 KiB
Nix
49 lines
1.8 KiB
Nix
{ config, pkgs, ...}:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard
|
|
wireguard-tools
|
|
];
|
|
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
|
|
networking = {
|
|
firewall.allowedUDPPorts = [ 51820 52820];
|
|
firewall.trustedInterfaces = [ "wg0" "server"];
|
|
|
|
wireguard.enable = true;
|
|
wireguard.interfaces = {
|
|
wg0 = {
|
|
ips = [ "fd33:ab07:f877:23::1/64"];
|
|
listenPort = 52820;
|
|
privateKeyFile = "/run/keys/wg-arion_priv";
|
|
allowedIPsAsRoutes = false;
|
|
postSetup = ''
|
|
ip route add 2001:67c:12a0:8003::0/64 via fd33:ab07:f877:23:300::1 dev wg0
|
|
'';
|
|
peers = [{
|
|
publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
|
|
allowedIPs = [ "2001:67c:12a0:8003::0/64" "fd33:ab07:f877:23:300::1/72" ];
|
|
endpoint = "usg.net.entr0py.de:52820";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
server = {
|
|
ips = [ "fd33:ab07:f877:2342::1/64"];
|
|
listenPort = 51820;
|
|
privateKeyFile = "/run/keys/wg-arion_priv";
|
|
allowedIPsAsRoutes = true;
|
|
postSetup = ''
|
|
ip route add 2001:67c:12a0:264:200::0/72 via fd33:ab07:f877:2342:200::1 dev server
|
|
'';
|
|
peers = [{
|
|
publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo=";
|
|
allowedIPs = [ "2001:67c:12a0:264:200::0/72" "fd33:ab07:f877:2342:200::1/72" ];
|
|
endpoint = "scotty-router:52820";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
} |