From e481d7b2962e1e5dbe9a4ca10bfef91ba6c266f5 Mon Sep 17 00:00:00 2001
From: Adrian Kummerlaender
Date: Sat, 22 Jun 2019 23:44:40 +0200
Subject: Add basic wireguard setup

---
 host/automatix.nix                 |  1 +
 host/software/server/wireguard.nix | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 host/software/server/wireguard.nix

diff --git a/host/automatix.nix b/host/automatix.nix
index 9967430..d95f12e 100644
--- a/host/automatix.nix
+++ b/host/automatix.nix
@@ -7,6 +7,7 @@
     ./software/server/git.nix
     ./software/server/mail.nix
     ./software/server/website.nix
+    ./software/server/wireguard.nix
   ];
 
   boot.loader.grub = {
diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix
new file mode 100644
index 0000000..3b48315
--- /dev/null
+++ b/host/software/server/wireguard.nix
@@ -0,0 +1,26 @@
+{
+  networking.firewall = {
+    allowedUDPPorts = [ 54321 ];
+  };
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.1/24" ];
+
+      listenPort = 54321;
+
+      privateKeyFile = "/etc/wireguard/private";
+
+      peers = [
+        { # obelix
+          publicKey = "RrsNZKZ17Ol1WHxZesLnenGKnqxiQlE0T8xFP6/5mBE=";
+          allowedIPs = [ "10.100.0.2/32" ];
+        }
+        { # majestix
+          publicKey = "Tkoaewh9HB5rIuJVrFgClRF4x7prOtIlSJjiTYCpxis=";
+          allowedIPs = [ "10.100.0.3/32" ];
+        }
+      ];
+    };
+  };
+}
-- 
cgit v1.2.3