Add wireguard

author: Alex Auvolat <alex@adnab.me> 2021-11-16 17:39:23 +0100
committer: Alex Auvolat <alex@adnab.me> 2021-11-16 17:39:23 +0100
commit: 016e6d434c5a7eead436c0a53378e6f51d22ce61 (patch)
tree: d2d5773b395f93c940f81428399673657d38dcce /configuration.nix
parent: 8637b4729ac3248eb15910a3145d8ef760f59e2f (diff)
download: nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.tar.gz
nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.zip
1 files changed, 47 insertions, 1 deletions
diff --git a/configuration.nix b/configuration.nix
index 5192986..151116e 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -35,13 +35,57 @@ in
   networking.useDHCP = false;
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
-  # Route internet traffic via USB modem (=phone) on other computer
+  # Networking configuration (static IPs for each node is defined in node/*.nix)
+
   networking.nameservers = [ "9.9.9.9" ];
   networking.defaultGateway = {
     address = "192.168.1.254";
     interface = "eno1";
   };
 
+  # Wireguard VPN configuration
+  networking.wireguard.interfaces.wg0 = {
+    privateKeyFile = "/root/wireguard-keys/private";
+    peers = [
+      { # Hammerhead
+        publicKey = "b5hF+GSTgg3oM6wnjL7jRbfyf1jtsWdVptPPbAh3Qic=";
+        allowedIPs = [ "10.42.0.1/32" ];
+        endpoint = "5.135.179.11:51349";
+        persistentKeepalive = 10;
+      }
+      { # Spoutnik
+        publicKey = "fO8qZOZmnug84cA8nvfjl5MUqyWljP0BAz/4tHRZyEg=";
+        allowedIPs = [ "10.42.0.2/32" ];
+        endpoint = "77.141.67.109:42136";
+        persistentKeepalive = 10;
+      }
+      { # Shiki
+        publicKey = "QUiUNMk70TEQ75Ut7Uqikr5uGVSXmx8EGNkGM6tANlg=";
+        allowedIPs = [ "10.42.0.206/32" ];
+        endpoint = "37.187.118.206:51820";
+        persistentKeepalive = 10;
+      }
+      { # Carcajou
+        publicKey = "qxrtfn2zRVnN52Y5NYumyU3/FcRMnh3kJ2C37JfrczA=";
+        allowedIPs = [ "10.42.0.21/32" ];
+        endpoint = "91.160.50.156:33721";
+        persistentKeepalive = 10;
+      }
+      { # Carcajou
+        publicKey = "7Nm7pMmyS7Nts1MB+loyD8u84ODxHPTkDu+uqQR6yDk=";
+        allowedIPs = [ "10.42.0.22/32" ];
+        endpoint = "91.160.50.156:33722";
+        persistentKeepalive = 10;
+      }
+      { # Caribou
+        publicKey = "g6ZED/wPn5MPfytJKwPI19808CXtEad0IJUkEAAzwyY=";
+        allowedIPs = [ "10.42.0.23/32" ];
+        endpoint = "91.160.50.156:33723";
+        persistentKeepalive = 10;
+      }
+    ];
+  };
+
   # Set your time zone.
   time.timeZone = "Europe/Paris";
 
@@ -117,6 +161,7 @@ in
     htop
     links
     git
+    docker-compose
   ];
 
   programs.vim.defaultEditor = true;
@@ -220,6 +265,7 @@ in
   networking.firewall.allowedUDPPorts = [
     4648                    # Nomad
     8301 8302               # Consul
+    node_config.networking.wireguard.interfaces.wg0.listenPort
   ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
author	Alex Auvolat <alex@adnab.me>	2021-11-16 17:39:23 +0100
committer	Alex Auvolat <alex@adnab.me>	2021-11-16 17:39:23 +0100
commit	016e6d434c5a7eead436c0a53378e6f51d22ce61 (patch)
tree	d2d5773b395f93c940f81428399673657d38dcce /configuration.nix
parent	8637b4729ac3248eb15910a3145d8ef760f59e2f (diff)
download	nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.tar.gz nixcfg-016e6d434c5a7eead436c0a53378e6f51d22ce61.zip