infrastructure/hosts/phoenix.lewd.wtf/networking.nix

68 lines
1.5 KiB
Nix

{ ... }:
{
networking.useDHCP = false;
networking.bridges = {
"br0" = {
interfaces = [
"eno2"
"enp23s0"
];
};
};
networking.interfaces.br0.ipv4.addresses = [
{
address = "192.168.0.42";
prefixLength = 22;
}
];
networking.defaultGateway = "192.168.0.1";
networking.nameservers = [ "192.168.0.1" ];
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "wg0";
enableIPv6 = true;
};
boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
systemd.network = {
enable = true;
netdevs = {
"10-wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/run/secrets/services/wireguard/airvpn.private";
ListenPort = 9918;
};
wireguardPeers = [
{
wireguardPeerConfig = {
PublicKey = "PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=";
PresharedKeyFile = "/run/secrets/services/wireguard/airvpn.psk";
AllowedIPs = ["10.128.0.1/32"];
Endpoint = "134.19.179.213:1637";
};
}
];
};
};
networks.wg0 = {
matchConfig.Name = "wg0";
address = [ "10.175.197.82/32" ];
DHCP = "no";
dns = [ "10.128.0.1" ];
gateway = [ "10.128.0.1" ];
networkConfig = {
IPv6AcceptRA = false;
};
};
};
}