42 lines
849 B
Nix
42 lines
849 B
Nix
{ config, pkgs, lib, ... }:
|
|
let
|
|
port = 51820;
|
|
name = "wg0";
|
|
peers = [
|
|
{
|
|
PublicKey = "XI0/k2j20CVSfevwjkmo4IddVoA2VY2fN6feauXYEXU=";
|
|
AllowedIPs = [ "10.100.0.2" ];
|
|
} # radish
|
|
];
|
|
address = [ "10.100.0.1/24" ];
|
|
in
|
|
{
|
|
networking.firewall.allowedUDPPorts = [ port ];
|
|
networking.useNetworkd = true;
|
|
|
|
systemd.network = {
|
|
enable = true;
|
|
netdevs.${name} = {
|
|
netdevConfig = {
|
|
Kind = "wireguard";
|
|
Name = "${name}";
|
|
MTUBytes = "1300";
|
|
};
|
|
wireguardConfig = {
|
|
PrivateKeyFile = "/var/secrets/wireguard-privkey";
|
|
ListenPort = port;
|
|
};
|
|
wireguardPeers = peers;
|
|
};
|
|
|
|
networks.${name} = {
|
|
matchConfig.Name = name;
|
|
inherit address;
|
|
networkConfig = {
|
|
IPMasquerade = "ipv4";
|
|
IPForward = true;
|
|
};
|
|
};
|
|
};
|
|
}
|