45 lines
1 KiB
Nix
45 lines
1 KiB
Nix
{ config, hosts, ... }:
|
|
let
|
|
inherit (config.networking) hostName;
|
|
|
|
vpnNet = "10.100.0.0/24";
|
|
in
|
|
{
|
|
age.secrets.wireguard-key-storm = {
|
|
file = ../../../../secrets + "/wireguard-key-storm-${hostName}.age";
|
|
mode = "0400";
|
|
};
|
|
|
|
networking = {
|
|
firewall = {
|
|
allowedUDPPorts = [ 43 ];
|
|
};
|
|
|
|
nat.internalIPs = [
|
|
vpnNet
|
|
];
|
|
|
|
wireguard = {
|
|
enable = true;
|
|
interfaces.wgstorm = {
|
|
ips = [ "10.100.0.1/24" ];
|
|
listenPort = 43;
|
|
privateKeyFile = config.age.secrets.wireguard-key-storm.path;
|
|
peers = [
|
|
{
|
|
publicKey = "1JzRMYmCDT9wqPT81u7VRF0KntThTGOsnSmYd0jovhQ=";
|
|
allowedIPs = [ "10.100.0.4/32" ];
|
|
}
|
|
{
|
|
publicKey = "7Bx5Agg2fHio2G3+ksI3osWkXBg5nP1bi06LjPafYG8=";
|
|
allowedIPs = [ "10.100.0.13/32" ];
|
|
}
|
|
{
|
|
publicKey = "GMVlOpvtIAmopM8W2bC6CzaK41/p3qLgq+/IgAjT8HY=";
|
|
allowedIPs = [ "10.100.0.7/32" ];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|