diff options
author | Alex Auvolat <alex@adnab.me> | 2021-11-16 17:39:23 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-11-16 17:39:23 +0100 |
commit | 016e6d434c5a7eead436c0a53378e6f51d22ce61 (patch) | |
tree | d2d5773b395f93c940f81428399673657d38dcce /configuration.nix | |
parent | 8637b4729ac3248eb15910a3145d8ef760f59e2f (diff) | |
download | nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.tar.gz nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.zip |
Add wireguard
Diffstat (limited to 'configuration.nix')
-rw-r--r-- | configuration.nix | 48 |
1 files changed, 47 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix index 5192986..151116e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -35,13 +35,57 @@ in networking.useDHCP = false; # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # Route internet traffic via USB modem (=phone) on other computer + # Networking configuration (static IPs for each node is defined in node/*.nix) + networking.nameservers = [ "9.9.9.9" ]; networking.defaultGateway = { address = "192.168.1.254"; interface = "eno1"; }; + # Wireguard VPN configuration + networking.wireguard.interfaces.wg0 = { + privateKeyFile = "/root/wireguard-keys/private"; + peers = [ + { # Hammerhead + publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic="; + allowedIPs = [ "10.42.0.1/32" ]; + endpoint = "5.135.179.11:51349"; + persistentKeepalive = 10; + } + { # Spoutnik + publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg="; + allowedIPs = [ "10.42.0.2/32" ]; + endpoint = "77.141.67.109:42136"; + persistentKeepalive = 10; + } + { # Shiki + publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg="; + allowedIPs = [ "10.42.0.206/32" ]; + endpoint = "37.187.118.206:51820"; + persistentKeepalive = 10; + } + { # Carcajou + publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA="; + allowedIPs = [ "10.42.0.21/32" ]; + endpoint = "91.160.50.156:33721"; + persistentKeepalive = 10; + } + { # Carcajou + publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk="; + allowedIPs = [ "10.42.0.22/32" ]; + endpoint = "91.160.50.156:33722"; + persistentKeepalive = 10; + } + { # Caribou + publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY="; + allowedIPs = [ "10.42.0.23/32" ]; + endpoint = "91.160.50.156:33723"; + persistentKeepalive = 10; + } + ]; + }; + # Set your time zone. time.timeZone = "Europe/Paris"; @@ -117,6 +161,7 @@ in htop links git + docker-compose ]; programs.vim.defaultEditor = true; @@ -220,6 +265,7 @@ in networking.firewall.allowedUDPPorts = [ 4648 # Nomad 8301 8302 # Consul + node_config.networking.wireguard.interfaces.wg0.listenPort ]; # Or disable the firewall altogether. # networking.firewall.enable = false; |