2023-05-08 23:09:44 +03:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: {
|
|
|
|
|
environment.systemPackages = [pkgs.wireguard-tools];
|
|
|
|
|
|
|
|
|
|
systemd.network.enable = true;
|
|
|
|
|
systemd.network.netdevs."wg0" = {
|
|
|
|
|
enable = true;
|
|
|
|
|
netdevConfig = {
|
|
|
|
|
Name = "wg0";
|
|
|
|
|
Kind = "wireguard";
|
|
|
|
|
};
|
|
|
|
|
wireguardConfig = {
|
|
|
|
|
ListenPort = 51820;
|
|
|
|
|
PrivateKeyFile = config.age.secrets.wgWolumondeKey.path;
|
|
|
|
|
};
|
|
|
|
|
wireguardPeers = [
|
|
|
|
|
{
|
|
|
|
|
wireguardPeerConfig = {
|
|
|
|
|
PublicKey = builtins.readFile ./wgTkarontoKey.pub;
|
|
|
|
|
AllowedIPs = ["10.99.0.2/32"];
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-05-05 01:54:16 +03:00
|
|
|
};
|
2023-05-08 23:09:44 +03:00
|
|
|
systemd.network.networks."wg0" = {
|
|
|
|
|
matchConfig.Name = "wg0";
|
|
|
|
|
networkConfig.Address = "10.99.0.1/24";
|
|
|
|
|
# routes = [
|
|
|
|
|
# {
|
|
|
|
|
# routeConfig = {
|
|
|
|
|
# Gateway = "10.99.0.1";
|
|
|
|
|
# Destination = "10.99.0.0/24";
|
|
|
|
|
# };
|
|
|
|
|
# }
|
|
|
|
|
# ];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
boot.kernel.sysctl = {
|
|
|
|
|
"net.ipv4.ip_forward" = 1;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedUDPPorts = [51820];
|
|
|
|
|
}
|
