mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mlaga97-nix/systems/fortress/wireguard.nix
Lauren Lagarde 72d51d403a Major refactor of fortress config
2025-08-03 18:10:24 -05:00

63 lines
1.9 KiB
Nix
Raw Blame History

{ ... }: {
sops.secrets = {
"dotspace/fortress/keys/wireguard/private.key" = {
mode = "0640";
group = "systemd-network";
sopsFile = ./secrets.yaml;
};
"dotspace/fortress/keys/wireguard/lauren-phone.psk" = {
mode = "0640";
group = "systemd-network";
sopsFile = ./secrets.yaml;
};
"dotspace/fortress/keys/wireguard/ashley-phone.psk" = {
mode = "0640";
group = "systemd-network";
sopsFile = ./secrets.yaml;
};
"dotspace/fortress/keys/wireguard/lauren-laptop.psk" = {
mode = "0640";
group = "systemd-network";
sopsFile = ./secrets.yaml;
};
};
systemd.network.networks."90-wg.fortress" = {
matchConfig.Name = "wg.fortress";
address = [ "10.13.13.1/24" ];
networkConfig = {
IPMasquerade = "ipv4";
IPv4Forwarding = true;
};
};
systemd.network.netdevs."50-wg.fortress" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg.fortress";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/run/secrets/dotspace/fortress/keys/wireguard/private.key";
ListenPort = 51820; # TODO: This should've been 51280
RouteTable = "main";
};
wireguardPeers = [
{
PresharedKeyFile = "/run/secrets/dotspace/fortress/keys/wireguard/lauren-phone.psk";
PublicKey = "fDauNyRJSNlmPGm9KHprF2qCwPbgCmEyZsXSQvZ2mRE=";
AllowedIPs = [ "10.13.13.3/32" ];
}
{
PresharedKeyFile = "/run/secrets/dotspace/fortress/keys/wireguard/ashley-phone.psk";
PublicKey = "AtmZMqvQgsRVq44kYdjOkC8ACmrw8MbDhyPSvtEbmlc=";
AllowedIPs = [ "10.13.13.4/32" ];
}
{
PresharedKeyFile = "/run/secrets/dotspace/fortress/keys/wireguard/lauren-laptop.psk";
PublicKey = "prhDYwUWhEc5X+zWHrqw79MFFvEN/qAAAZPq7vndhRE=";
AllowedIPs = [ "10.13.13.5/32" ];
}
];
};
}
Reference in a new issue View git blame Copy permalink