jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

setup wireguard

Browse source
This commit is contained in:
♥ Minnie ♥ 2023-11-19 22:38:12 +00:00
parent d98b8499eb
commit 646c3c0efb
3 changed files with 56 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

44
nixos/viridian/configuration.nix
View file

@ -35,6 +35,13 @@
./hardware-configuration.nix
];
age.secrets.wireguard = {
# Private key for wireguard
file = inputs.self + /secrets/wireguard.age;
owner = "root";
group = "root";
};
nixpkgs = {
# You can add overlays here
overlays = [
@ -117,6 +124,13 @@
hostName = "viridian";
domain = "kanto.dev";
networkmanager.enable = true;
# Required for wireguard
nat = {
enable = true;
externalInterface = "wlp2s0";
internalInterfaces = [ "wg0" ];
};
# Setup our firewall
firewall = {
enable = true;
allowedTCPPorts = [
@ -130,8 +144,38 @@
80 # traefik (HTTP)
443 # traefik (HTTPS)
32372 # qbittorrent
51820 # Wireguard
];
};
wireguard.interfaces = {
wg0 = {
# IP address and subnet of the server's end of the tunnel interface
ips = [ "10.100.0.1/24" ];
listenPort = 51820;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o wlp2s0 -j MASQUERADE
'';
# This undoes the above command
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o wlp2s0 -j MASQUERADE
'';
# Path to the private key file.
privateKeyFile = config.age.secrets.wireguard.path;
peers = [
{ # Pixel 6 Pro
publicKey = "VaXMnFAXdbJCllNY5sIjPp9AcSM7ap2oA0tU9SIMK3E=";
# List of IPs assigned to this peer within the tunnel subnet.
allowedIPs = [ "10.100.0.2/32" ];
}
{ # Samsung S23 Ultra
publicKey = "dL91i7+VDWfeLCOr53JlzQ32WJ3lRJGqdecoqUpEnlQ=";
allowedIPs = [ "10.100.0.3/32" ];
}
];
};
};
};
# Setup environment