42 lines
1 KiB
Nix
42 lines
1 KiB
Nix
|
{ config
|
||
|
, lib
|
||
|
, pkgs
|
||
|
, ...
|
||
|
}:
|
||
|
|
||
|
with lib;
|
||
|
let
|
||
|
cfg = config.my.services.wireguard;
|
||
|
in
|
||
|
{
|
||
|
options.my.services.wireguard.enable = mkEnableOption "wireguard";
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
age.secrets = {
|
||
|
wireguard-private-key.file = ../../secrets/wireguard-private-key.age;
|
||
|
wireguard-preshared-key.file = ../../secrets/wireguard-preshared-key.age;
|
||
|
};
|
||
|
networking.firewall = {
|
||
|
allowedUDPPorts = [ 51820 ];
|
||
|
};
|
||
|
networking.wg-quick.interfaces = {
|
||
|
wg0 = {
|
||
|
autostart = false;
|
||
|
address = [ "10.8.0.3/24" ];
|
||
|
listenPort = 51820;
|
||
|
privateKeyFile = "/run/agenix/wireguard-private-key";
|
||
|
peers = [
|
||
|
{
|
||
|
publicKey = "bT/U8ko3i//vH8LNn2R56JkGMg+0GLFrZSF81BBax08=";
|
||
|
presharedKeyFile = "/run/agenix/wireguard-preshared-key";
|
||
|
# Forward all the traffic via VPN.
|
||
|
allowedIPs = [ "0.0.0.0/0" ];
|
||
|
endpoint = "wg.moritzboeh.me:51820";
|
||
|
persistentKeepalive = 25;
|
||
|
}
|
||
|
];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|