hosts/tkaronto/modules/wireguard.nix at terra · ptr.pet/ark

ptr.pet / ark

nix machine / user configurations

ark / hosts / tkaronto / modules / wireguard.nix

at terra 890 B view raw

 1{ config, ... }:
 2{
 3  systemd.network.enable = true;
 4  systemd.network.netdevs."wg0" = {
 5    enable = true;
 6    netdevConfig = {
 7      Name = "wg0";
 8      Kind = "wireguard";
 9    };
10    wireguardConfig = {
11      PrivateKeyFile = config.age.secrets.wgTkarontoKey.path;
12    };
13    wireguardPeers = [
14      {
15        wireguardPeerConfig = {
16          PublicKey = builtins.readFile ./wgWolumondeKey.pub;
17          AllowedIPs = [ "10.99.0.1/32" ];
18          Endpoint = "${builtins.readFile ./wgWolumondeIp}:51820";
19          PersistentKeepalive = 25;
20        };
21      }
22    ];
23  };
24  systemd.network.networks."wg0" = {
25    matchConfig.Name = "wg0";
26    networkConfig.Address = "10.99.0.2/24";
27    # routes = [
28    #   {
29    #     routeConfig = {
30    #       Gateway = "10.99.0.1";
31    #       Destination = "10.99.0.0/24";
32    #       GatewayOnLink = true;
33    #     };
34    #   }
35    # ];
36  };
37}