ciapa
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow all IPs for wireguard interface without routing them
ci / test (push) Successful in 1m10s Details
ci / deploy (push) Failing after 4m53s Details

This commit is contained in:
Ciapa 2024-02-04 20:12:00 +01:00
parent cb2ac4c8da
commit 016799ced7
2 changed files with 39 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
hosts/phoenix.lewd.wtf/networking.nix
View File

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
networking.useDHCP = false; networking.useDHCP = false;
networking.bridges = { networking.bridges = {
@ -27,20 +27,40 @@
enableIPv6 = true; enableIPv6 = true;
}; };
networking.wireguard.interfaces = { systemd.network = {
wg0 = { enable = true;
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ]; netdevs = {
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private"; "10-wg0" = {
netdevConfig = {
peers = [ Kind = "wireguard";
{ Name = "wg0";
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; MTUBytes = "1300";
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk"; };
allowedIPs = [ "10.128.0.1" ]; wireguardConfig = {
endpoint = "134.19.179.213:1637"; PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
persistentKeepalive = 25; ListenPort = 9918;
} };
]; wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
AllowedIPs = ["10.128.0.1/32"];
Endpoint = "134.19.179.213:1637";
};
}
];
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.175.197.82/32" ];
DHCP = "no";
dns = [ "10.128.0.1" ];
gateway = [ "10.128.0.1" ];
networkConfig = {
IPv6AcceptRA = false;
};
}; };
}; };
} }

8
hosts/phoenix.lewd.wtf/secrets.nix
View File

@ -11,14 +11,14 @@
# Wireguard # Wireguard
sops.secrets."services/wireguard/airvpn.private" = { sops.secrets."services/wireguard/airvpn.private" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
sops.secrets."services/wireguard/airvpn.psk" = { sops.secrets."services/wireguard/airvpn.psk" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
} }