commit bf55a3f9cee18faf3941f93cd5425317e9b6443e
parent a501e1e573ef4ae6f61e57a4c6e1e427ec8397ff
Author: Leah (ctucx) <git@ctu.cx>
Date: Mon, 16 Jan 2023 12:53:45 +0100
parent a501e1e573ef4ae6f61e57a4c6e1e427ec8397ff
Author: Leah (ctucx) <git@ctu.cx>
Date: Mon, 16 Jan 2023 12:53:45 +0100
machines/wanderduene: add wireguard-tunnel to router
3 files changed, 31 insertions(+), 0 deletions(-)
diff --git a/machines/wanderduene/configuration.nix b/machines/wanderduene/configuration.nix @@ -9,6 +9,8 @@ ../../configurations/linux/services/dns.nix ]; + age.secrets.wireguard-privkey.file = ../../secrets/wanderduene/wireguard-privkey.age; + dns.zones."ctu.cx".subdomains."${config.networking.hostName}" = (pkgs.dns.lib.combinators.host "46.38.253.139" "2a03:4000:1:45d::1"); boot = { @@ -57,7 +59,34 @@ }]; }; + wireguard = { + enable = true; + + interfaces.wg-mikrotik = { + listenPort = 51820; + privateKeyFile = config.age.secrets.wireguard-privkey.path; + generatePrivateKeyFile = true; + postSetup = "ip link set dev wg-mikrotik mtu 1500"; + ips = [ "172.16.0.1/12" ]; + + peers = [ + { + persistentKeepalive = 10; + allowedIPs = [ "172.16.0.0/12" "195.39.246.32/28" "10.0.0.0/8" ]; + publicKey = "nvyhYuWJl/dKyV/2+bDrUisvL3mi38PsNzfdIDDwSjY="; + } + ]; + }; + }; + firewall.enable = true; + firewall.allowedTCPPorts = [ 5201 ]; + firewall.allowedUDPPorts = [ 5201 51820 ]; + }; + + services.iperf3 = { + enable = true; + bind = "172.16.0.1"; }; system.stateVersion = "21.11";
diff --git a/secrets/secrets.nix b/secrets/secrets.nix @@ -77,4 +77,6 @@ in { "trabbi/mail/password-mail-zug.network.age".publicKeys = [ leah trabbi ]; "trabbi/mail/password-hi-f2k1.de.age".publicKeys = [ leah trabbi ]; + "wanderduene/wireguard-privkey.age".publicKeys = [ leah wanderduene ]; + }