feat(systems/optional):add wireguard config
This commit is contained in:
parent
2bac451b2a
commit
2a2f801c7a
|
@ -0,0 +1,62 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
boot.extraModulePackages = [config.boot.kernelPackages.wireguard];
|
||||||
|
systemd.network = {
|
||||||
|
enable = true;
|
||||||
|
netdevs = {
|
||||||
|
"10-wg0" = {
|
||||||
|
netdevConfig = {
|
||||||
|
Kind = "wireguard";
|
||||||
|
Name = "wg0";
|
||||||
|
MTUBytes = "1300";
|
||||||
|
};
|
||||||
|
# See also man systemd.netdev (also contains info on the permissions of the key files)
|
||||||
|
wireguardConfig = {
|
||||||
|
# Don't use a file from the Nix store as these are world readable. Must be readable by the systemd.network user
|
||||||
|
PrivateKeyFile = "/run/keys/wireguard-privkey";
|
||||||
|
ListenPort = 9918;
|
||||||
|
};
|
||||||
|
wireguardPeers = [
|
||||||
|
# configuration since nixos-unstable/nixos-24.11
|
||||||
|
{
|
||||||
|
PublicKey = "Vhv/4oTMt5YYHFm3PpNC/3po1/kmjo2p8Jnk2O5zAFk=";
|
||||||
|
AllowedIPs = ["fc00::1/64" "10.100.0.1"];
|
||||||
|
Endpoint = "138.199.7.251:51820"; # SET TO SERVER IP, port 51820 usually iwth wg
|
||||||
|
}
|
||||||
|
# configuration for nixos 24.05
|
||||||
|
#{
|
||||||
|
# wireguardPeerConfig = {
|
||||||
|
# PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";
|
||||||
|
# AllowedIPs = ["fc00::1/64" "10.100.0.1"];
|
||||||
|
# Endpoint = "{set this to the server ip}:51820";
|
||||||
|
# };
|
||||||
|
#}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networks.wg0 = {
|
||||||
|
# See also man systemd.network
|
||||||
|
matchConfig.Name = "wg0";
|
||||||
|
# IP addresses the client interface will have
|
||||||
|
address = [
|
||||||
|
"fe80::3/64"
|
||||||
|
"fc00::3/120"
|
||||||
|
"10.100.0.2/24"
|
||||||
|
];
|
||||||
|
DHCP = "no";
|
||||||
|
dns = ["fc00::53"];
|
||||||
|
ntp = ["fc00::123"];
|
||||||
|
gateway = [
|
||||||
|
"fc00::1"
|
||||||
|
"10.100.0.1"
|
||||||
|
];
|
||||||
|
networkConfig = {
|
||||||
|
IPv6AcceptRA = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue