Allow all IPs for wireguard interface without routing them
ci / deploy (push) Blocked by required conditions Details
ci / test (push) Has been cancelled Details

This commit is contained in:
Ciapa 2024-02-04 20:12:00 +01:00
parent cb2ac4c8da
commit 855d3ada0a
2 changed files with 40 additions and 19 deletions

View File

@ -1,4 +1,4 @@
{ ... }: { config, pkgs, lib, ... }:
{ {
networking.useDHCP = false; networking.useDHCP = false;
networking.bridges = { networking.bridges = {
@ -27,20 +27,41 @@
enableIPv6 = true; enableIPv6 = true;
}; };
networking.wireguard.interfaces = { boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
wg0 = { systemd.network = {
ips = [ "10.175.197.82/32" "fd7d:76ee:e68f:a993:f6b2:9dab:ddd3:a02/128" ]; enable = true;
privateKeyFile = "/run/secrets/services/wireguard/airvpn.private"; netdevs = {
"10-wg0" = {
peers = [ netdevConfig = {
{ Kind = "wireguard";
publicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk="; Name = "wg0";
presharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk"; MTUBytes = "1300";
allowedIPs = [ "10.128.0.1" ]; };
endpoint = "134.19.179.213:1637"; wireguardConfig = {
persistentKeepalive = 25; PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
} ListenPort = 9918;
]; };
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
AllowedIPs = ["10.128.0.1/32"];
Endpoint = "134.19.179.213:1637";
};
}
];
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.175.197.82/32" ];
DHCP = "no";
dns = [ "10.128.0.1" ];
gateway = [ "10.128.0.1" ];
networkConfig = {
IPv6AcceptRA = false;
};
}; };
}; };
} }

View File

@ -11,14 +11,14 @@
# Wireguard # Wireguard
sops.secrets."services/wireguard/airvpn.private" = { sops.secrets."services/wireguard/airvpn.private" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
sops.secrets."services/wireguard/airvpn.psk" = { sops.secrets."services/wireguard/airvpn.psk" = {
mode = "0400"; mode = "0400";
owner = config.users.users.root.name; owner = config.users.users.systemd-network.name;
group = config.users.users.root.group; group = config.users.users.systemd-network.group;
sopsFile = ./secrets/wireguard.yaml; sopsFile = ./secrets/wireguard.yaml;
}; };
} }