foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-25 06:19:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

hosts/ni: change Wireguard setup to wg-quick

Browse Source
This commit is contained in:
Gabriel Arazas 2023-02-05 16:27:49 +08:00
parent 86afc41f28
commit d12f1ea15f
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
1 changed files with 17 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
hosts/ni/default.nix
View File

@ -195,57 +195,24 @@ in
# Setting up Wireguard as a VPN tunnel. Since this is a laptop that meant to # Setting up Wireguard as a VPN tunnel. Since this is a laptop that meant to
# be used anywhere, we're configuring Wireguard here as a "client". # be used anywhere, we're configuring Wireguard here as a "client".
# #
# We're also setting up this configuration as a forwarder # We're using wg-quick here as this host is using network managers that can
systemd.network = { # differ between workflows (i.e., GNOME and KDE Plasma using NetworkManager,
netdevs."99-${wireguardIFName}" = { # something else using systemd-networkd).
netdevConfig = { networking.wg-quick.interfaces.wireguard0 = {
Description = "Plover - internal"; privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
Name = wireguardIFName;
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
ListenPort = wireguardPort;
};
wireguardPeers = [
# Plover server peer. This is the main "server" of the network.
{
wireguardPeerConfig = {
PublicKey = lib.readFile ../plover/files/wireguard/wireguard-public-key-plover;
PresharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path;
AllowedIPs = lib.concatStringsSep "," wireguardAllowedIPs;
Endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}";
};
}
];
};
networks."99-${wireguardIFName}" = {
matchConfig.Name = wireguardIFName;
address = with wireguardPeers.desktop; [ address = with wireguardPeers.desktop; [
"${IPv4}/32" "${IPv4}/32"
"${IPv6}/128" "${IPv6}/128"
]; ];
# Otherwise, it will autostart every bootup when I need it only at few peers = [
# hours at a time.
linkConfig.ActivationPolicy = "manual";
routes = [
{ {
routeConfig = { publicKey = lib.readFile ../plover/files/wireguard/wireguard-public-key-plover;
Gateway = wireguardPeers.server.IPv4; presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path;
Destination = let allowedIPs = wireguardAllowedIPs;
ip = lib.strings.splitString "." wireguardPeers.server.IPv4; endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}";
properRange = lib.lists.take 3 ip ++ [ "0" ];
ip' = lib.concatStringsSep "." properRange;
in "${ip'}/16";
GatewayOnLink = true;
};
} }
]; ];
}; };
};
} }