From 2a2f801c7a71ebb9d3faffeb9ce4501004b1dafd Mon Sep 17 00:00:00 2001 From: madmin Date: Tue, 27 Aug 2024 10:33:26 +0200 Subject: [PATCH] feat(systems/optional):add wireguard config --- systems/common/optional/networking/wg.nix | 62 +++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 systems/common/optional/networking/wg.nix diff --git a/systems/common/optional/networking/wg.nix b/systems/common/optional/networking/wg.nix new file mode 100644 index 0000000..8e78c58 --- /dev/null +++ b/systems/common/optional/networking/wg.nix @@ -0,0 +1,62 @@ +{ + config, + pkgs, + lib, + ... +}: { + boot.extraModulePackages = [config.boot.kernelPackages.wireguard]; + systemd.network = { + enable = true; + netdevs = { + "10-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + MTUBytes = "1300"; + }; + # See also man systemd.netdev (also contains info on the permissions of the key files) + wireguardConfig = { + # Don't use a file from the Nix store as these are world readable. Must be readable by the systemd.network user + PrivateKeyFile = "/run/keys/wireguard-privkey"; + ListenPort = 9918; + }; + wireguardPeers = [ + # configuration since nixos-unstable/nixos-24.11 + { + PublicKey = "Vhv/4oTMt5YYHFm3PpNC/3po1/kmjo2p8Jnk2O5zAFk="; + AllowedIPs = ["fc00::1/64" "10.100.0.1"]; + Endpoint = "138.199.7.251:51820"; # SET TO SERVER IP, port 51820 usually iwth wg + } + # configuration for nixos 24.05 + #{ + # wireguardPeerConfig = { + # PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; + # AllowedIPs = ["fc00::1/64" "10.100.0.1"]; + # Endpoint = "{set this to the server ip}:51820"; + # }; + #} + ]; + }; + }; + networks.wg0 = { + # See also man systemd.network + matchConfig.Name = "wg0"; + # IP addresses the client interface will have + address = [ + "fe80::3/64" + "fc00::3/120" + "10.100.0.2/24" + ]; + DHCP = "no"; + dns = ["fc00::53"]; + ntp = ["fc00::123"]; + gateway = [ + "fc00::1" + "10.100.0.1" + ]; + networkConfig = { + IPv6AcceptRA = false; + }; + }; + }; +}