ciapa
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow all IPs for wireguard interface without routing them
ci / test (push) Failing after 50s Details
ci / deploy (push) Has been skipped Details

This commit is contained in:
Ciapa 2024-02-04 20:12:00 +01:00
parent cb2ac4c8da
commit 07509dca93
2 changed files with 40 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
hosts/phoenix.lewd.wtf/networking.nix
View File

@ -1,4 +1,4 @@
{ ... }: { config, ... }:
{ {
networking.useDHCP = false; networking.useDHCP = false;
networking.bridges = { networking.bridges = {
@ -27,20 +27,41 @@
enableIPv6 = true; enableIPv6 = true;
}; };
networking.wireguard.interfaces = { boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
wg0 = { systemd.network = {
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ]; enable = true;
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private"; netdevs = {
"10-wg0" = {
peers = [ netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
ListenPort = 9918;
};
wireguardPeers = [
{ {
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; wireguardPeerConfig = {
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk"; PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
allowedIPs = [ "10.128.0.1" ]; PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
endpoint = "134.19.179.213:1637"; AllowedIPs = ["10.128.0.1/32"];
persistentKeepalive = 25; Endpoint = "134.19.179.213:1637";
};
} }
]; ];
}; };
}; };
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.175.197.82/32" ];
DHCP = "no";
dns = [ "10.128.0.1" ];
gateway = [ "10.128.0.1" ];
networkConfig = {
IPv6AcceptRA = false;
};
};
};
} }

8
hosts/phoenix.lewd.wtf/secrets.nix
View File

@ -11,14 +11,14 @@
# Wireguard # Wireguard
sops.secrets."services/wireguard/airvpn.private" = { sops.secrets."services/wireguard/airvpn.private" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
sops.secrets."services/wireguard/airvpn.psk" = { sops.secrets."services/wireguard/airvpn.psk" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
} }