mirror of
https://github.com/starr-dusT/dotfiles.git
synced 2025-02-18 10:47:31 -08:00
remove wireguard client in-favor of conf files
This commit is contained in:
parent
bc4fb7354f
commit
767bddb90c
@ -62,13 +62,6 @@
|
|||||||
backup.enable = true;
|
backup.enable = true;
|
||||||
ssh.enable = true;
|
ssh.enable = true;
|
||||||
terminal.enable = true;
|
terminal.enable = true;
|
||||||
wireguard-client = {
|
|
||||||
enable = true;
|
|
||||||
host = "kestrel";
|
|
||||||
address = [ "192.168.3.3/24" ];
|
|
||||||
publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
|
|
||||||
endpoint = "66.218.43.87";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -8,7 +8,7 @@
|
|||||||
|
|
||||||
# Set networking options
|
# Set networking options
|
||||||
networking.hostName = "osprey";
|
networking.hostName = "osprey";
|
||||||
networking.firewall.checkReversePath = "loose";
|
networking.firewall.checkReversePath = false;
|
||||||
networking.firewall.enable = false;
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
# Enable docker
|
# Enable docker
|
||||||
@ -49,13 +49,6 @@
|
|||||||
system = {
|
system = {
|
||||||
ssh.enable = true;
|
ssh.enable = true;
|
||||||
terminal.enable = true;
|
terminal.enable = true;
|
||||||
wireguard-client = {
|
|
||||||
enable = true;
|
|
||||||
host = "osprey";
|
|
||||||
address = [ "192.168.3.5/24" ];
|
|
||||||
publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
|
|
||||||
endpoint = "66.218.43.87";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./backup.nix ./ssh.nix ./terminal.nix ./wireguard-client.nix ];
|
imports = [ ./backup.nix ./ssh.nix ./terminal.nix ];
|
||||||
}
|
}
|
||||||
|
|||||||
@ -1,44 +0,0 @@
|
|||||||
{ config, lib, pkgs, user, ... }:
|
|
||||||
|
|
||||||
let cfg = config.modules.system.wireguard-client;
|
|
||||||
|
|
||||||
in {
|
|
||||||
options.modules.system.wireguard-client = with lib; {
|
|
||||||
enable = lib.mkEnableOption "wireguard-client";
|
|
||||||
host = lib.mkOption { type = with types; str; };
|
|
||||||
address = lib.mkOption { type = with types; listOf str; };
|
|
||||||
publicKey = lib.mkOption { type = with types; str; };
|
|
||||||
endpoint = lib.mkOption { type = with types; str; };
|
|
||||||
autostart = lib.mkOption {
|
|
||||||
type = with types; bool;
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
# Create qr code for phones with:
|
|
||||||
# qrencode -t ansiutf8 < myfile_here
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
qrencode # Command-line utility for generating QR codes from text or data.
|
|
||||||
];
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [ 51820 ];
|
|
||||||
};
|
|
||||||
# deploy needed secrets
|
|
||||||
age.secrets."wireguard/${cfg.host}".file = ../../secrets/wireguard/${cfg.host}.age;
|
|
||||||
networking.wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
address = cfg.address;
|
|
||||||
listenPort = 51820;
|
|
||||||
privateKeyFile = "/run/agenix/wireguard/${cfg.host}";
|
|
||||||
autostart = cfg.autostart;
|
|
||||||
peers = [{
|
|
||||||
publicKey = cfg.publicKey;
|
|
||||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
|
||||||
endpoint = "${cfg.endpoint}:51820";
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@ -8,4 +8,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
|
|||||||
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
||||||
AllowedIPs = 0.0.0.0/0, ::/0
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
# ip and port of the peer
|
# ip and port of the peer
|
||||||
Endpoint = 66.218.43.87:51820
|
Endpoint = 1.2.3.4:51820
|
||||||
|
|||||||
@ -8,4 +8,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
|
|||||||
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
||||||
AllowedIPs = 0.0.0.0/0, ::/0
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
# ip and port of the peer
|
# ip and port of the peer
|
||||||
Endpoint = 66.218.43.87:51820
|
Endpoint = 1.2.3.4:51820
|
||||||
|
|||||||
@ -7,4 +7,4 @@ PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
|
|||||||
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
||||||
AllowedIPs = 0.0.0.0/0, ::/0
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
# ip and port of the peer
|
# ip and port of the peer
|
||||||
Endpoint = 66.218.43.87:51820
|
Endpoint = 1.2.3.4:51820
|
||||||
|
|||||||
10
resources/wireguard/osprey.conf
Normal file
10
resources/wireguard/osprey.conf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
[Interface]
|
||||||
|
# your own IP on the wireguard network
|
||||||
|
Address = 192.168.3.5/24
|
||||||
|
PrivateKey = <replace with secret>
|
||||||
|
[Peer]
|
||||||
|
PublicKey = bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=
|
||||||
|
# restrict this to the wireguard subnet if you don't want to route everything to the tunnel
|
||||||
|
AllowedIPs = 0.0.0.0/0, ::/0
|
||||||
|
# ip and port of the peer
|
||||||
|
Endpoint = 1.2.3.4:51820
|
||||||
Loading…
x
Reference in New Issue
Block a user