Allow all IPs for wireguard interface without routing them
This commit is contained in:
parent
cb2ac4c8da
commit
016799ced7
|
@ -1,4 +1,4 @@
|
||||||
{ ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.bridges = {
|
networking.bridges = {
|
||||||
|
@ -27,20 +27,40 @@
|
||||||
enableIPv6 = true;
|
enableIPv6 = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
systemd.network = {
|
||||||
wg0 = {
|
enable = true;
|
||||||
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ];
|
netdevs = {
|
||||||
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
"10-wg0" = {
|
||||||
|
netdevConfig = {
|
||||||
peers = [
|
Kind = "wireguard";
|
||||||
{
|
Name = "wg0";
|
||||||
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
MTUBytes = "1300";
|
||||||
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
};
|
||||||
allowedIPs = [ "10.128.0.1" ];
|
wireguardConfig = {
|
||||||
endpoint = "134.19.179.213:1637";
|
PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
|
||||||
persistentKeepalive = 25;
|
ListenPort = 9918;
|
||||||
}
|
};
|
||||||
];
|
wireguardPeers = [
|
||||||
|
{
|
||||||
|
wireguardPeerConfig = {
|
||||||
|
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
|
||||||
|
PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
|
||||||
|
AllowedIPs = ["10.128.0.1/32"];
|
||||||
|
Endpoint = "134.19.179.213:1637";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networks.wg0 = {
|
||||||
|
matchConfig.Name = "wg0";
|
||||||
|
address = [ "10.175.197.82/32" ];
|
||||||
|
DHCP = "no";
|
||||||
|
dns = [ "10.128.0.1" ];
|
||||||
|
gateway = [ "10.128.0.1" ];
|
||||||
|
networkConfig = {
|
||||||
|
IPv6AcceptRA = false;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,14 +11,14 @@
|
||||||
# Wireguard
|
# Wireguard
|
||||||
sops.secrets."services/wireguard/airvpn.private" = {
|
sops.secrets."services/wireguard/airvpn.private" = {
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
owner = config.users.users.root.name;
|
owner = config.users.users.systemd-network.name;
|
||||||
group = config.users.users.root.group;
|
group = config.users.users.systemd-network.group;
|
||||||
sopsFile = ./secrets/wireguard.yaml;
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
};
|
};
|
||||||
sops.secrets."services/wireguard/airvpn.psk" = {
|
sops.secrets."services/wireguard/airvpn.psk" = {
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
owner = config.users.users.root.name;
|
owner = config.users.users.systemd-network.name;
|
||||||
group = config.users.users.root.group;
|
group = config.users.users.systemd-network.group;
|
||||||
sopsFile = ./secrets/wireguard.yaml;
|
sopsFile = ./secrets/wireguard.yaml;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue