initial commit

2024-07-01 22:19:14 +03:00
commit cca6abb196
14 changed files with 987 additions and 0 deletions
--- a/wireguard.nix
+++ b/wireguard.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, lib, ...  }: 
+let
+  port = 51820;
+  name = "wg0";
+  peers = [
+    {
+      PublicKey = "XI0/k2j20CVSfevwjkmo4IddVoA2VY2fN6feauXYEXU=";
+      AllowedIPs = [ "10.100.0.2" ];
+    } # radish
+  ];
+  address = [ "10.100.0.1/24" ];
+in
+{
+  networking.firewall.allowedUDPPorts = [ port ];
+  networking.useNetworkd = true;
+
+  systemd.network = {
+    enable = true;
+    netdevs.${name} = {
+      netdevConfig = {
+        Kind = "wireguard";
+        Name = "${name}";
+        MTUBytes = "1300";
+      };
+      wireguardConfig = {
+        PrivateKeyFile = "/var/secrets/wireguard-privkey";
+        ListenPort = port;
+      };
+      wireguardPeers = peers;
+    };
+
+    networks.${name} = {
+      matchConfig.Name = name;
+      inherit address;
+      networkConfig = {
+        IPMasquerade = "ipv4";
+        IPForward = true;
+      };
+    };
+  };
+}