foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-07 12:19:07 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

hosts/ni: update personal VPN config

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-19 12:28:33 +08:00
parent 23e00d0472
commit 57d897ac82
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/ni/default.nix
View File

@ -223,6 +223,12 @@ in
}; };
}; };
services.resolved.domains = [
"~plover.foodogsquared.one"
"~0.27.172.in-addr.arpa"
"~0.28.172.in-addr.arpa"
];
system.stateVersion = "23.05"; # Yes! I read the comment! system.stateVersion = "23.05"; # Yes! I read the comment!
# Setting up Wireguard as a VPN tunnel. Since this is a laptop that meant to # Setting up Wireguard as a VPN tunnel. Since this is a laptop that meant to
@ -236,18 +242,20 @@ in
domains = [ domains = [
"~plover.foodogsquared.one" "~plover.foodogsquared.one"
"~0.27.172.in-addr.arpa" "~0.27.172.in-addr.arpa"
"~0.28.172.in-addr.arpa"
]; ];
in in
{ {
privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path; privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
listenPort = wireguardPort; listenPort = wireguardPort;
dns = with wireguardPeers.server; [ IPv4 IPv6 ]; dns = with interfaces.internal; [ IPv4.address IPv6.address ];
postUp = postUp =
let let
resolvectl = "${lib.getBin pkgs.systemd}/bin/resolvectl"; resolvectl = "${lib.getBin pkgs.systemd}/bin/resolvectl";
in in
'' ''
${resolvectl} domain %i ${lib.concatStringsSep " " domains} ${resolvectl} domain ${wireguardIFName} ${lib.concatStringsSep " " domains}
${resolvectl} dnssec ${wireguardIFName} no
''; '';
address = with wireguardPeers.desktop; [ address = with wireguardPeers.desktop; [