Add wireguard configuration for Horus

This commit is contained in:
Erwin Boskma 2022-12-23 09:20:53 +01:00
parent 6fac18a40a
commit 3058e51478
Signed by: erwin
SSH key fingerprint: SHA256:CyeNoWXd3kjX2Nwu6pDxxdS7OqmPVOy0NavA/KU/ntU
2 changed files with 35 additions and 3 deletions

View file

@ -1,5 +1,5 @@
{ nixos-hardware, ... }:
{ pkgs, ... }:
{ pkgs, config, ... }:
{
imports = [
nixos-hardware.nixosModules.common-cpu-amd
@ -123,6 +123,9 @@
4101
4102
20048
# WireGuard
51820
];
allowedTCPPortRanges = [
@ -136,6 +139,33 @@
];
# };
};
wireguard.interfaces = {
wghorus = {
ips = [ "10.10.4.2/24" ];
listenPort = 51820;
privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
postSetup = ''
${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1
${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu
'';
postShutdown = ''
${pkgs.systemd}/bin/resolvectl dns wghorus ""
${pkgs.systemd}/bin/resolvectl domain wghorus ""
'';
peers = [
{
publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ];
endpoint = "212.45.34.195:51820";
persistentKeepalive = 25;
}
];
};
};
};
systemd.network = {
@ -196,6 +226,7 @@
livebook-password = {
owner = "erwin";
};
wireguard-horus-privkey = { };
};
# This value determines the NixOS release from which the default

View file

@ -3,6 +3,7 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t
livebook_cookie: ENC[AES256_GCM,data:ZB7u8BWNn7x2O00YTALYTwNi/obq8nH3mI01Bd8UxPg=,iv:JVpPJaB6O7oRjYqYuEueT812U0Bn8mUCOLDwpAU5yTs=,tag:GIkodjTt9mRLQZ0UAtJszg==,type:str]
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -27,8 +28,8 @@ sops:
T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj
KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-12-08T22:54:16Z"
mac: ENC[AES256_GCM,data:jnNNYQmv1iAoybGSQ/0BohA3AVNuptSDPWwyCSSOY9UKtIHDORhP6Qs9fUCsyuOnGjwZvvvxQRdhw8aB0WW17R+Ekv0d/15ErCLdjJfV81rSd3KmgyDOSdtTK1CoXRRyeM9LvVPb+hBKH7AvDTtpg74EJGnppWWE3br61nwdrrM=,iv:ok3m49f6ZvGh2khX34hXsliSnWoeR0CtfWyCW6+pQlA=,tag:a07WUaaJK6mgsROilBIXLA==,type:str]
lastmodified: "2022-12-20T13:49:30Z"
mac: ENC[AES256_GCM,data:rg46RoKf6RnOblrpkbdHVKFCm+gapgEhQxvfPU6XavHtTgrXLbdBaIqckrrAtkLf9MIHoOYipoIA2GmJ4ST9OMhE9q11fqNufXGn9Iae/6QgAqSLHNrPEoBvMExB6T8lLBt7OhuHcMcIZRQzqUOfQWw0BHO0vLDAWHUN7zxPY64=,iv:Zf2/PCEqgXrPhQY/jaJy6SE3gyc7i8dG2KViyWe4SiM=,tag:f+pibCxjdhrOVkPhPiFxow==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3