From 14a99bccc48e4f650036f58b93417f1ea356e486 Mon Sep 17 00:00:00 2001 From: caem Date: Sun, 25 Jun 2023 17:10:38 +0200 Subject: [PATCH] Add wireguard configuration --- .gitignore | 2 ++ packages/wireguard/package.nix | 30 ++++++++++++++++++++++++++++++ systems/homeserver.nix | 1 + 3 files changed, 33 insertions(+) create mode 100644 packages/wireguard/package.nix diff --git a/.gitignore b/.gitignore index dfc1fa4..cdb74b0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ nixos/result pw .stfolder +privkey +privpsk diff --git a/packages/wireguard/package.nix b/packages/wireguard/package.nix new file mode 100644 index 0000000..0845c90 --- /dev/null +++ b/packages/wireguard/package.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: + +{ + networking.wg-quick.interfaces = { + wg0 = { + address = [ "10.174.110.32/32" ]; + dns = [ "10.128.0.1" ]; + mtu = 1320; + privateKeyFile = "/nix/config/packages/wireguard/privkey"; + + # Route local traffic through local network + preUp = '' + ${pkgs.unixtools.route}/bin/route add -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1 + ''; + postDown = '' + ${pkgs.unixtools.route}/bin/route del -net 192.168.2.0 netmask 255.255.255.0 metric 0 dev eno1 + ''; + + peers = [{ + publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; + presharedKeyFile = "/nix/config/packages/wireguard/privpsk"; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "nl.vpn.airdns.org:1637"; + persistentKeepalive = 15; + }]; + }; + }; + + networking.firewall.allowedUDPPorts = [ 1637 ]; +} diff --git a/systems/homeserver.nix b/systems/homeserver.nix index 561fa03..9cf42d8 100644 --- a/systems/homeserver.nix +++ b/systems/homeserver.nix @@ -9,6 +9,7 @@ ../packages/vim/package.nix ../packages/nginx/homeserver.nix ../packages/syncthing/homeserver.nix + ../packages/wireguard/package.nix ]; boot = {