simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

wireguard/home: Expose subnet

Browse source
This commit is contained in:
Simon Bruder 2023-05-06 10:55:04 +02:00
parent 63a2a7e0ed
commit 89bc09dcce
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
modules/wireguard/home.nix
View file

@ -2,6 +2,7 @@
let let
serverHostName = "vueko"; serverHostName = "vueko";
serverPort = 51820; serverPort = 51820;
subnet = "10.80.0.0/24";
peers = { peers = {
hitagi = { hitagi = {
address = "10.80.0.5"; address = "10.80.0.5";
@ -41,6 +42,11 @@ in
visible = false; visible = false;
readOnly = true; readOnly = true;
}; };
subnet = lib.mkOption {
type = lib.types.str;
visible = false;
readOnly = true;
};
}; };
}; };
@ -50,7 +56,10 @@ in
sopsFile = ./../../machines + "/${config.networking.hostName}/secrets.yaml"; sopsFile = ./../../machines + "/${config.networking.hostName}/secrets.yaml";
}; };
sbruder.wireguard.home.address = peers."${config.networking.hostName}".address; sbruder.wireguard.home = {
address = peers."${config.networking.hostName}".address;
inherit subnet;
};
systemd.network = { systemd.network = {
enable = true; enable = true;
@ -83,7 +92,7 @@ in
{ {
wireguardPeerConfig = { wireguardPeerConfig = {
PublicKey = peers."${serverHostName}".publicKey; PublicKey = peers."${serverHostName}".publicKey;
AllowedIPs = [ "10.80.0.0/24" ]; AllowedIPs = [ subnet ];
#Endpoint = "${serverHostName}.sbruder.de:${toString serverPort}"; # not possible because sadly not all devices have IPv6 connectivity #Endpoint = "${serverHostName}.sbruder.de:${toString serverPort}"; # not possible because sadly not all devices have IPv6 connectivity
Endpoint = "168.119.176.53:${toString serverPort}"; Endpoint = "168.119.176.53:${toString serverPort}";
PersistentKeepalive = 25; PersistentKeepalive = 25;