Commit 4c47418a1377
Changed files (2)
machine
service
machine/shikoku.nix
@@ -13,6 +13,7 @@
../profiles/dockerization.nix
../profiles/gaming.nix
../profiles/wireguard.nix
+ ../service/wireguard.client.nix
../location/home.nix
];
@@ -35,6 +36,13 @@
};
hardware.bluetooth.enable = true;
-
networking.firewall.allowedTCPPorts = [ 7946 9000 ];
+
+ services.wireguard = with import ../assets/wireguard.nix; {
+ enable = true;
+ ips = [ "${ips.shikoku}/24" ];
+ endpoint = main.endpointIP;
+ endpointPort = main.listenPort;
+ endpointPublicKey = kerkouane.publicKey;
+ };
}
service/wireguard.client.nix
@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.services.wireguard;
+in
+{
+ options = {
+ services.wireguard = {
+ enable = mkOption {
+ type = types.bool;
+ default = false;
+ description = ''
+ Whether to enable a reverse SSH proxy.
+ '';
+ };
+ ips = mkOption {
+ type = with types; listOf str;
+ description = ''
+ The client IPs
+ '';
+ };
+ allowedIPs = mkOption {
+ default = [ "10.100.0.0/24" ];
+ type = with types; listOf str;
+ description = ''
+ The peer (server) allowedIPs
+ '';
+ };
+ endpoint = mkOption {
+ type = with types; str;
+ description = ''
+ The endpoint IP to target
+ '';
+ };
+ endpointPort = mkOption {
+ default = 51820;
+ type = with types; int;
+ description = ''
+ The endpoint Port to target
+ '';
+ };
+ endpointPublicKey = mkOption {
+ type = with types; str;
+ description = ''
+ The peer (server) public key
+ '';
+ };
+ };
+ };
+ config = mkIf cfg.enable {
+ networking.wireguard.interfaces = {
+ wg0 = {
+ ips = cfg.ips;
+ privateKeyFile = "/etc/nixos/wireguard.private.key";
+ peers = [
+ {
+ publicKey = cfg.endpointPublicKey;
+ allowedIPs = cfg.allowedIPs;
+ endpoint = "${cfg.endpoint}:${toString cfg.endpointPort}";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ };
+ };
+}