nixfiles/hosts/pion/wireguard.nix
2021-04-12 14:03:26 +02:00

59 lines
2.2 KiB
Nix

{ config, pkgs, ...}:
{
environment.systemPackages = with pkgs; [
wireguard
wireguard-tools
];
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
networking = {
firewall.allowedUDPPorts = [ 51820 52820 53820];
firewall.trustedInterfaces = [ "wg0" "server"];
wireguard.enable = true;
wireguard.interfaces = {
wg0 = {
ips = [ "fd33:ab07:f877:23::1/64"];
listenPort = 52820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = false;
postSetup = ''
ip route add 2a03:4000:20:18e::/64 via fd33:ab07:f877:23:300::1 dev wg0
'';
peers = [{
publicKey = "bgWFMIasw+IHfr/1drJWEHBcsCZ3fqoB4djiZ9BDUCM=";
allowedIPs = [ "2a03:4000:20:18e::/64" "fd33:ab07:f877:23:300::1/72" ];
persistentKeepalive = 25;
}];
};
/*server = {
ips = [ "fd33:ab07:f877:2342::1/64"];
listenPort = 51820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = true;
postSetup = ''
ip route add 2a03:4000:45:5f3:200::0/72 via fd33:ab07:f877:2342:200::1 dev server
'';
peers = [{
publicKey = "PQW2/P7wozf8pmpWxCDofT7AwqkPjc5kq8qQigZoUjo=";
allowedIPs = [ "2a03:4000:45:5f3:200::0/72" "fd33:ab07:f877:2342:200::1/72" ];
endpoint = "scotty-router:52820";
persistentKeepalive = 25;
}];
};*/
vpn = {
ips = [ "fd33:ab07:f877:2342::3/64"];
listenPort = 53820;
privateKeyFile = "/run/keys/wg-pion_priv";
allowedIPsAsRoutes = true;
peers = [{
publicKey = "7mmKxFeI/TYDqy4pLDkZyq32viNfon1zODFdOdbnhyM=";
allowedIPs = [ "2a03:4000:45:5f3:500::3/128" ];
persistentKeepalive = 25;
}];
};
};
};
}