Add basic wireguard setup

1 files changed, 26 insertions, 0 deletions

diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
new file mode 100644
index 0000000..3b48315
--- /dev/null
+++ b/host/software/server/wireguard.nix
@@ -0,0 +1,26 @@
+{
+  networking.firewall = {
+    allowedUDPPorts = [ 54321 ];
+  };
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.1/24" ];
+
+      listenPort = 54321;
+
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        { # obelix
+          publicKey = "RrsNZKZ17Ol1WHxZesLnenGKnqxiQlE0T8xFP6/5mBE=";
+          allowedIPs = [ "10.100.0.2/32" ];
+        }
+        { # majestix
+          publicKey = "Tkoaewh9HB5rIuJVrFgClRF4x7prOtIlSJjiTYCpxis=";
+          allowedIPs = [ "10.100.0.3/32" ];
+        }
+      ];
+    };
+  };
+}