From e481d7b2962e1e5dbe9a4ca10bfef91ba6c266f5 Mon Sep 17 00:00:00 2001 From: Adrian Kummerlaender Date: Sat, 22 Jun 2019 23:44:40 +0200 Subject: Add basic wireguard setup --- host/software/server/wireguard.nix | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 host/software/server/wireguard.nix (limited to 'host/software') diff --git a/host/software/server/wireguard.nix b/host/software/server/wireguard.nix new file mode 100644 index 0000000..3b48315 --- /dev/null +++ b/host/software/server/wireguard.nix @@ -0,0 +1,26 @@ +{ + networking.firewall = { + allowedUDPPorts = [ 54321 ]; + }; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.100.0.1/24" ]; + + listenPort = 54321; + + privateKeyFile = "/etc/wireguard/private"; + + peers = [ + { # obelix + publicKey = "RrsNZKZ17Ol1WHxZesLnenGKnqxiQlE0T8xFP6/5mBE="; + allowedIPs = [ "10.100.0.2/32" ]; + } + { # majestix + publicKey = "Tkoaewh9HB5rIuJVrFgClRF4x7prOtIlSJjiTYCpxis="; + allowedIPs = [ "10.100.0.3/32" ]; + } + ]; + }; + }; +} -- cgit v1.2.3