commit 00c67f541776200a5fc6976b7787685a71758344 parent abd74b659d1d9b7902867513d2e803bfb22b239b Author: William Casarin <jb55@jb55.com> Date: Thu, 22 Apr 2021 11:20:58 -0700 charon wireguard Signed-off-by: William Casarin <jb55@jb55.com> Diffstat:
M | nix-config/machines/charon/networking/default.nix | | | 42 | +++++++++++++++++++++++++++++++++++++++++- |
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/nix-config/machines/charon/networking/default.nix b/nix-config/machines/charon/networking/default.nix @@ -5,15 +5,55 @@ let ''; ports = { git = 9418; + gemini = 1965; + wireguard = 51820; }; in { services.openssh.gatewayPorts = "yes"; - networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git ]; + + networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git gemini ]; + networking.firewall.allowedUDPPorts = with ports; [ wireguard ]; + networking.domain = "jb55.com"; networking.search = [ "jb55.com" ]; networking.extraHosts = '' 127.0.0.1 jb55.com ::1 jb55.com ''; + + + networking.wireguard.interfaces = { + # "wg0" is the network interface name. You can name the interface arbitrarily. + wg0 = { + # Determines the IP address and subnet of the client's end of the tunnel interface. + ips = [ "10.100.0.7/28" ]; + + listenPort = ports.wireguard; + + # Path to the private key file. + # + # Note: The private key can also be included inline via the privateKey option, + # but this makes the private key world-readable; thus, using privateKeyFile is + # recommended. + privateKeyFile = "/home/jb55/.wg/private"; + + peers = [ + # For a client configuration, one peer entry for the server will suffice. + { publicKey = "TbGgpOqD6teLon0ksZKS8zvvjHtkOGKNWPpHZxhVFWA="; + allowedIPs = [ "10.100.0.1/32" ]; + endpoint = "24.84.152.187:53"; + } + { publicKey = "wcoun9+1GX4awQF2Yd0WbsQ6RKHE9SsOsYv3qR7mbB0="; # quiver + allowedIPs = [ "10.100.0.2/32" ]; + } + { publicKey = "vIh3IQgP92OhHaC9XBiJVDLlrs3GVcR6hlXaapjTiA0="; # phone + allowedIPs = [ "10.100.0.3/32" ]; + } + { publicKey = "Dp8Df75X8Kh9gd33e+CWyyhOvT4mT0X9ToPwBUEBU1k="; # mac + allowedIPs = [ "10.100.0.4/32" ]; + } + ]; + }; + }; }