From b26e45e8d0f8e300e45d2acdc76bda3c17b97e14 Mon Sep 17 00:00:00 2001 From: Erwin Boskma Date: Fri, 6 Jan 2023 01:10:17 +0100 Subject: [PATCH] Switch to wg-quick for WireGuard --- machines/loki/configuration.nix | 39 ++++++++++++++++++++++++++++----- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/machines/loki/configuration.nix b/machines/loki/configuration.nix index 1d9daad..5af8df3 100644 --- a/machines/loki/configuration.nix +++ b/machines/loki/configuration.nix @@ -140,19 +140,19 @@ # }; }; - wireguard.interfaces = { + wg-quick.interfaces = { wghorus = { - ips = [ "10.10.4.2/24" ]; + address = [ "10.10.4.2/24" ]; + autostart = false; + dns = [ "192.168.4.1" ]; listenPort = 51820; privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; - postSetup = '' - ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1 + postUp = '' ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu ''; - postShutdown = '' - ${pkgs.systemd}/bin/resolvectl dns wghorus "" + postDown = '' ${pkgs.systemd}/bin/resolvectl domain wghorus "" ''; @@ -166,6 +166,33 @@ ]; }; }; + + # wireguard.interfaces = { + # wghorus = { + # ips = [ "10.10.4.2/24" ]; + # listenPort = 51820; + + # privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path; + + # postSetup = '' + # ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1 + # ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu + # ''; + # postShutdown = '' + # ${pkgs.systemd}/bin/resolvectl dns wghorus "" + # ${pkgs.systemd}/bin/resolvectl domain wghorus "" + # ''; + + # peers = [ + # { + # publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c="; + # allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ]; + # endpoint = "212.45.34.195:51820"; + # persistentKeepalive = 25; + # } + # ]; + # }; + # }; }; systemd.network = {