remove wireguard client in-favor of conf files

2025-02-13 08:17:31 -08:00 · 2024-10-21 11:26:09 -07:00 · 2024-10-21 11:26:09 -07:00 · 767bddb90c
commit 767bddb90c
parent bc4fb7354f
8 changed files with 15 additions and 63 deletions
--- a/provision/hosts/kestrel/configuration.nix
+++ b/provision/hosts/kestrel/configuration.nix
@ -62,13 +62,6 @@
      backup.enable = true;
      ssh.enable = true;
      terminal.enable = true;
-      wireguard-client = {
-        enable = true;
-        host = "kestrel";
-        address = [ "192.168.3.3/24" ];
-        publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
-        endpoint = "66.218.43.87";
-      };
    };
  };
 }
--- a/provision/hosts/osprey/configuration.nix
+++ b/provision/hosts/osprey/configuration.nix
@ -8,7 +8,7 @@

  # Set networking options
  networking.hostName = "osprey"; 
-  networking.firewall.checkReversePath = "loose";
+  networking.firewall.checkReversePath = false;
  networking.firewall.enable = false;

  # Enable docker 
@ -49,13 +49,6 @@
    system = {
      ssh.enable = true;
      terminal.enable = true;
-      wireguard-client = {
-        enable = true;
-        host = "osprey";
-        address = [ "192.168.3.5/24" ];
-        publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
-        endpoint = "66.218.43.87";
-      };
    };
  };
 }
--- a/provision/modules/system/default.nix
+++ b/provision/modules/system/default.nix
@ -1,4 +1,4 @@
 { ... }:
 {
-  imports = [ ./backup.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ];
+  imports = [ ./backup.nix ./ssh.nix ./terminal.nix ];
 }
--- a/provision/modules/system/wireguard-client.nix
+++ b/provision/modules/system/wireguard-client.nix
@ -1,44 +0,0 @@
-{ config, lib, pkgs, user, ... }:
-
-let cfg = config.modules.system.wireguard-client;
-
-in {
-  options.modules.system.wireguard-client = with lib; {
-    enable = lib.mkEnableOption "wireguard-client";
-    host = lib.mkOption { type = with types; str; };
-    address = lib.mkOption { type = with types; listOf str; };
-    publicKey = lib.mkOption { type = with types; str; };
-    endpoint = lib.mkOption { type = with types; str; };
-    autostart = lib.mkOption {
-      type = with types; bool;
-      default = false;
-    };
-  };
-
-  config = lib.mkIf cfg.enable {
-    # Create qr code for phones with:
-    # qrencode -t ansiutf8 < myfile_here
-    environment.systemPackages = with pkgs; [ 
-      qrencode # Command-line utility for generating QR codes from text or data.
-    ];
-    networking.firewall = {
-      allowedUDPPorts = [ 51820 ];
-    };
-    # deploy needed secrets
-    age.secrets."wireguard/${cfg.host}".file = ../../secrets/wireguard/${cfg.host}.age;
-    networking.wg-quick.interfaces = {
-      wg0 = {
-        address = cfg.address;
-        listenPort = 51820; 
-        privateKeyFile = "/run/agenix/wireguard/${cfg.host}";
-        autostart = cfg.autostart;
-        peers = [{
-            publicKey = cfg.publicKey;
-            allowedIPs = [ "0.0.0.0/0" "::/0" ];
-            endpoint = "${cfg.endpoint}:51820"; 
-            persistentKeepalive = 25;
-        }];
-      };
-    };
-  };
-}
--- a/resources/wireguard/adjudicator.conf
+++ b/resources/wireguard/adjudicator.conf
@ -8,4 +8,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
 # restrict this to the wireguard subnet if you don't want to route everything to the tunnel
 AllowedIPs = 0.0.0.0/0, ::/0
 # ip and port of the peer
-Endpoint = 66.218.43.87:51820
+Endpoint = 1.2.3.4:51820
--- a/resources/wireguard/bulwark.conf
+++ b/resources/wireguard/bulwark.conf
@ -8,4 +8,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
 # restrict this to the wireguard subnet if you don't want to route everything to the tunnel
 AllowedIPs = 0.0.0.0/0, ::/0
 # ip and port of the peer
-Endpoint = 66.218.43.87:51820
+Endpoint = 1.2.3.4:51820
--- a/resources/wireguard/kestrel.conf
+++ b/resources/wireguard/kestrel.conf
@ -7,4 +7,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
 # restrict this to the wireguard subnet if you don't want to route everything to the tunnel
 AllowedIPs = 0.0.0.0/0, ::/0
 # ip and port of the peer
-Endpoint = 66.218.43.87:51820
+Endpoint = 1.2.3.4:51820
--- a/resources/wireguard/osprey.conf
+++ b/resources/wireguard/osprey.conf
@ -0,0 +1,10 @@
+[Interface]
+# your own IP on the wireguard network
+Address = 192.168.3.5/24
+PrivateKey = <replace with secret>
+[Peer]
+PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
+# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
+AllowedIPs = 0.0.0.0/0, ::/0
+# ip and port of the peer
+Endpoint = 1.2.3.4:51820