From 9fb2873fa13ae073c7a3eb5f79afcfd8803aeba9 Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Sat, 7 Oct 2023 10:14:12 -0700 Subject: [PATCH] don't autostart wireguard client on boot --- provision/nixos/hosts/kestrel/wireguard-client.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/provision/nixos/hosts/kestrel/wireguard-client.nix b/provision/nixos/hosts/kestrel/wireguard-client.nix index 0c23b6e8..a966d2fb 100644 --- a/provision/nixos/hosts/kestrel/wireguard-client.nix +++ b/provision/nixos/hosts/kestrel/wireguard-client.nix @@ -4,11 +4,11 @@ allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport }; # Enable WireGuard - networking.wireguard.interfaces = { + networking.wg-quick.interfaces = { # "wg0" is the network interface name. You can name the interface arbitrarily. wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "192.168.2.3/32" ]; + address = [ "192.168.2.3/32" ]; listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) # Path to the private key file. @@ -18,6 +18,10 @@ # recommended. privateKeyFile = "/home/${user}/.wireguard/kestrel"; + # Don't autostart peer + # Start with systemctl start wg-quick-wg0 + autostart = false; + peers = [ # For a client configuration, one peer entry for the server will suffice. @@ -31,7 +35,7 @@ #allowedIPs = [ "10.100.0.1" "91.108.12.0/22" ]; # Set this to the server IP and port. - endpoint = "192.168.1.175:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + endpoint = "66.218.43.87:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25;