29 lines
862 B
Nix
29 lines
862 B
Nix
# Module for setting up the shared part of my home wireguard network.
|
|
# Every machine using this still has to set the `ips` for the `wg-home`
|
|
# interface and place the private key in their secrets directory as
|
|
# `wg-home_private_key`
|
|
#
|
|
# Example:
|
|
#
|
|
# networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
|
|
{ config, ... }:
|
|
|
|
{
|
|
networking.wireguard = {
|
|
enable = true;
|
|
interfaces = {
|
|
wg-home = {
|
|
privateKeyFile = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key);
|
|
peers = [
|
|
{
|
|
allowedIPs = [ "10.80.0.0/24" ];
|
|
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
|
|
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|