From 0e4f3cce469e90f684c3053963fe83e859b2f57b Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Tue, 4 Apr 2023 21:30:56 +0200
Subject: [PATCH] hosts/astatine: add event management vpn

---
 hosts/astatine/configuration.nix | 38 +++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/hosts/astatine/configuration.nix b/hosts/astatine/configuration.nix
index 48320a6..198a9ec 100644
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -22,9 +22,45 @@
     terminal_output serial
   ";
 
-
   networking.hostName = "astatine";
 
+  networking.firewall.enable = false;
+
+  networking.iproute2.enable = true;
+  networking.iproute2.rttablesExtraConfig = ''
+    200 wg-clerie
+  '';
+
+  petabyte.policyrouting = {
+    enable = true;
+    rules6 = [
+      { rule = "from 2a01:4f8:c0c:15f1::8108/128 lookup wg-clerie"; prio = 20000; }
+      { rule = "from 2a01:4f8:c0c:15f1::8108/128 unreachable"; prio = 20001; }
+    ];
+    rules4 = [
+      { rule = "from 10.20.30.108/32 lookup wg-clerie"; prio = 20000; }
+      { rule = "from 10.20.30.108/32 unreachable"; prio = 20001; }
+    ];
+  };
+
+
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces = {
+    wg-clerie = {
+      ips = [ "2a01:4f8:c0c:15f1::8108/128" "10.20.30.108/32" ];
+      table = "wg-clerie";
+      peers = [
+        {
+          endpoint = "vpn.clerie.de:51820";
+          persistentKeepalive = 25;
+          allowedIPs = [ "0.0.0.0/0" "::/0" "10.20.30.0/24" "2a01:4f8:c0c:15f1::/113" ];
+          publicKey = "2p1Jqs3bkXbXHFWE6vp1yxHIFoUaZQEARS2nJzbkuBA=";
+        }
+      ];
+      privateKeyFile = "/var/src/secrets/wireguard/wg-clerie";
+    };
+  };
+
   clerie.monitoring = {
     # enable = true;
     id = "%MONITORING_ID%";