Add wireguard configuration for Horus
This commit is contained in:
parent
6fac18a40a
commit
3058e51478
2 changed files with 35 additions and 3 deletions
|
@ -1,5 +1,5 @@
|
|||
{ nixos-hardware, ... }:
|
||||
{ pkgs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
|
@ -123,6 +123,9 @@
|
|||
4101
|
||||
4102
|
||||
20048
|
||||
|
||||
# WireGuard
|
||||
51820
|
||||
];
|
||||
|
||||
allowedTCPPortRanges = [
|
||||
|
@ -136,6 +139,33 @@
|
|||
];
|
||||
# };
|
||||
};
|
||||
|
||||
wireguard.interfaces = {
|
||||
wghorus = {
|
||||
ips = [ "10.10.4.2/24" ];
|
||||
listenPort = 51820;
|
||||
|
||||
privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
|
||||
|
||||
postSetup = ''
|
||||
${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1
|
||||
${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu
|
||||
'';
|
||||
postShutdown = ''
|
||||
${pkgs.systemd}/bin/resolvectl dns wghorus ""
|
||||
${pkgs.systemd}/bin/resolvectl domain wghorus ""
|
||||
'';
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
|
||||
allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ];
|
||||
endpoint = "212.45.34.195:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
|
@ -196,6 +226,7 @@
|
|||
livebook-password = {
|
||||
owner = "erwin";
|
||||
};
|
||||
wireguard-horus-privkey = { };
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
|
|
|
@ -3,6 +3,7 @@ gh_token: ENC[AES256_GCM,data:7DBVEdZLReJQsyUoO9fITtHhE0UFcHr7XWod5XiaQ5iiwcI01t
|
|||
livebook_cookie: ENC[AES256_GCM,data:ZB7u8BWNn7x2O00YTALYTwNi/obq8nH3mI01Bd8UxPg=,iv:JVpPJaB6O7oRjYqYuEueT812U0Bn8mUCOLDwpAU5yTs=,tag:GIkodjTt9mRLQZ0UAtJszg==,type:str]
|
||||
livebook-password: ENC[AES256_GCM,data:FaMIr0GxLTvAzrYt7blGbJuGDbr+lDiIMnvY2c/r,iv:SKKKYYRYLGtRGgaHs7zAnH8n0HZiGaoAlLAptUPaa/c=,tag:vgBGhmXH/QpTbKjbrQEhKw==,type:str]
|
||||
renovate_env: ENC[AES256_GCM,data:mzeS0FXsycD4hWMzRMgeEgTY+x2QtYtxmhcFCJcjwlD/q577kprHaU8otr1sOu9mwNud7K8kJGk=,iv:MMhr6CPsyvmP7+dKJUwt9cjnATm9JKZ/KbG4Dkj7hJ0=,tag:ubLmcW/CtT/uPiyswvr93w==,type:str]
|
||||
wireguard-horus-privkey: ENC[AES256_GCM,data:JVhdbvNqfdPWFCg24F56Hmu1Tf/EA6BOqa1uPuu8C/FrJhNaGi4S+KYOook=,iv:z8cq4C5vu/QqJ3UZdL1zEH22Ht3rKSbdHgAQbRSk8Kk=,tag:AVBvV8wJqw5jgDRiES89eQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -27,8 +28,8 @@ sops:
|
|||
T2d0VmRoQ1J1d05weFF6ZnZteVd6SWMKRcASrez/JICMurAuQJaW3GIS7lXPUOoj
|
||||
KLYA7ComIU00hewiugZGSrcvmnJ5fuEMERx9yk+6NrxsBGoExaddag==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-12-08T22:54:16Z"
|
||||
mac: ENC[AES256_GCM,data:jnNNYQmv1iAoybGSQ/0BohA3AVNuptSDPWwyCSSOY9UKtIHDORhP6Qs9fUCsyuOnGjwZvvvxQRdhw8aB0WW17R+Ekv0d/15ErCLdjJfV81rSd3KmgyDOSdtTK1CoXRRyeM9LvVPb+hBKH7AvDTtpg74EJGnppWWE3br61nwdrrM=,iv:ok3m49f6ZvGh2khX34hXsliSnWoeR0CtfWyCW6+pQlA=,tag:a07WUaaJK6mgsROilBIXLA==,type:str]
|
||||
lastmodified: "2022-12-20T13:49:30Z"
|
||||
mac: ENC[AES256_GCM,data:rg46RoKf6RnOblrpkbdHVKFCm+gapgEhQxvfPU6XavHtTgrXLbdBaIqckrrAtkLf9MIHoOYipoIA2GmJ4ST9OMhE9q11fqNufXGn9Iae/6QgAqSLHNrPEoBvMExB6T8lLBt7OhuHcMcIZRQzqUOfQWw0BHO0vLDAWHUN7zxPY64=,iv:Zf2/PCEqgXrPhQY/jaJy6SE3gyc7i8dG2KViyWe4SiM=,tag:f+pibCxjdhrOVkPhPiFxow==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in a new issue