diff options
| author | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
|---|---|---|
| committer | jeschli <jeschli@gmail.com> | 2018-09-25 19:56:06 +0200 |
| commit | 8834d1a9ff6eddfc36e3ad07b7f93805b3212b3f (patch) | |
| tree | 9ce300976ec88d90e5c5c9030111d890dcf5683e /makefu/2configs/wireguard/server.nix | |
| parent | f922d5947acc3151619ec06962197a800d3138eb (diff) | |
| parent | a374a452112ba962ab90e45b6b0f27b3a1330e4f (diff) | |
Merge remote-tracking branch 'origin/master'
Diffstat (limited to 'makefu/2configs/wireguard/server.nix')
| -rw-r--r-- | makefu/2configs/wireguard/server.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/makefu/2configs/wireguard/server.nix b/makefu/2configs/wireguard/server.nix new file mode 100644 index 000000000..e38fa05cb --- /dev/null +++ b/makefu/2configs/wireguard/server.nix @@ -0,0 +1,52 @@ +{ config, ... }: +let + ext-if = config.makefu.server.primary-itf; +in { # wireguard server + + # opkg install wireguard luci-proto-wireguard + + # TODO: networking.nat + + # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + # conf.all.proxy_arp =1 + networking.firewall = { + allowedUDPPorts = [ 51820 ]; + extraCommands = '' + iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE + ''; + }; + + networking.wireguard.interfaces.wg0 = { + ips = [ "10.244.0.1/24" ]; + listenPort = 51820; + privateKeyFile = (toString <secrets>) + "/wireguard.key"; + allowedIPsAsRoutes = true; + peers = [ + { + # x + allowedIPs = [ "10.244.0.2/32" ]; + publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g="; + } + { + # vbob + allowedIPs = [ "10.244.0.3/32" ]; + publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw="; + } + { + # x-test + allowedIPs = [ "10.244.0.4/32" ]; + publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY="; + } + { + # work-router + allowedIPs = [ "10.244.0.5/32" ]; + publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw="; + } + { + # workr + allowedIPs = [ "10.244.0.6/32" ]; + publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA="; + } + ]; + }; +} |