wireguard/home: Expose subnet

This commit is contained in:
Simon Bruder 2023-05-06 10:55:04 +02:00
parent 63a2a7e0ed
commit 89bc09dcce
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -2,6 +2,7 @@
let
serverHostName = "vueko";
serverPort = 51820;
subnet = "10.80.0.0/24";
peers = {
hitagi = {
address = "10.80.0.5";
@ -41,6 +42,11 @@ in
visible = false;
readOnly = true;
};
subnet = lib.mkOption {
type = lib.types.str;
visible = false;
readOnly = true;
};
};
};
@ -50,7 +56,10 @@ in
sopsFile = ./../../machines + "/${config.networking.hostName}/secrets.yaml";
};
sbruder.wireguard.home.address = peers."${config.networking.hostName}".address;
sbruder.wireguard.home = {
address = peers."${config.networking.hostName}".address;
inherit subnet;
};
systemd.network = {
enable = true;
@ -83,7 +92,7 @@ in
{
wireguardPeerConfig = {
PublicKey = peers."${serverHostName}".publicKey;
AllowedIPs = [ "10.80.0.0/24" ];
AllowedIPs = [ subnet ];
#Endpoint = "${serverHostName}.sbruder.de:${toString serverPort}"; # not possible because sadly not all devices have IPv6 connectivity
Endpoint = "168.119.176.53:${toString serverPort}";
PersistentKeepalive = 25;