citadel

My dotfiles, scripts and nix configs
git clone git://jb55.com/citadel
Log | Files | Refs | README | LICENSE
commit 00c67f541776200a5fc6976b7787685a71758344
parent abd74b659d1d9b7902867513d2e803bfb22b239b
Author: William Casarin <jb55@jb55.com>
Date:   Thu, 22 Apr 2021 11:20:58 -0700

charon wireguard

Signed-off-by: William Casarin <jb55@jb55.com>

Diffstat:

Mnix-config/machines/charon/networking/default.nix | 42+++++++++++++++++++++++++++++++++++++++++-


1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/nix-config/machines/charon/networking/default.nix b/nix-config/machines/charon/networking/default.nix
@@ -5,15 +5,55 @@ let
   '';
   ports = {
     git = 9418;
+    gemini = 1965;
+    wireguard = 51820;
   };
 in
 {
   services.openssh.gatewayPorts = "yes";
-  networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git ];
+
+  networking.firewall.allowedTCPPorts = with ports; [ 22 443 80 70 12566 12788 5222 5269 3415 git gemini ];
+  networking.firewall.allowedUDPPorts = with ports; [ wireguard ];
+
   networking.domain = "jb55.com";
   networking.search = [ "jb55.com" ];
   networking.extraHosts = ''
     127.0.0.1 jb55.com
     ::1 jb55.com
   '';
+
+
+  networking.wireguard.interfaces = {
+    # "wg0" is the network interface name. You can name the interface arbitrarily.
+    wg0 = {
+      # Determines the IP address and subnet of the client's end of the tunnel interface.
+      ips = [ "10.100.0.7/28" ];
+
+      listenPort = ports.wireguard;
+
+      # Path to the private key file.
+      #
+      # Note: The private key can also be included inline via the privateKey option,
+      # but this makes the private key world-readable; thus, using privateKeyFile is
+      # recommended.
+      privateKeyFile = "/home/jb55/.wg/private";
+
+      peers = [
+        # For a client configuration, one peer entry for the server will suffice.
+        { publicKey = "TbGgpOqD6teLon0ksZKS8zvvjHtkOGKNWPpHZxhVFWA=";
+          allowedIPs = [ "10.100.0.1/32" ];
+          endpoint = "24.84.152.187:53";
+        }
+        { publicKey = "wcoun9+1GX4awQF2Yd0WbsQ6RKHE9SsOsYv3qR7mbB0="; # quiver
+          allowedIPs = [ "10.100.0.2/32" ];
+        }
+	{ publicKey = "vIh3IQgP92OhHaC9XBiJVDLlrs3GVcR6hlXaapjTiA0="; # phone
+          allowedIPs = [ "10.100.0.3/32" ];
+        }
+        { publicKey = "Dp8Df75X8Kh9gd33e+CWyyhOvT4mT0X9ToPwBUEBU1k="; # mac
+          allowedIPs = [ "10.100.0.4/32" ];
+        }
+      ];
+    };
+  };
 }