hosts/backup-4,hosts/palladium: Setup direct VPN tunnel for backups

2025-04-15 20:55:56 +02:00
parent 47921ea988
commit e9210d4ada
6 changed files with 88 additions and 5 deletions
--- a/hosts/backup-4/wg-b-palladium.nix
+++ b/hosts/backup-4/wg-b-palladium.nix
@@ -0,0 +1,40 @@
+{ config, ... }:
+
+{
+
+  sops = {
+    secrets.wg-b-palladium = {
+      owner = "systemd-network";
+      group = "systemd-network";
+    };
+  };
+
+  systemd.network.netdevs."10-wg-b-palladium" = {
+    netdevConfig = {
+      Kind = "wireguard";
+      Name = "wg-b-palladium";
+    };
+    wireguardConfig = {
+      PrivateKeyFile = config.sops.secrets.wg-b-palladium.path;
+      ListenPort = 51844;
+    };
+    wireguardPeers = [
+      {
+        PublicKey = "YMTOhRAKWfFX1UVBoROPvgcQxTSN4tny35brAocdnwo=";
+        AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ];
+        PersistentKeepalive = 25;
+      }
+    ];
+  };
+
+  systemd.network.networks."10-wg-b-palladium" = {
+    matchConfig.Name = "wg-b-palladium";
+    address = [
+      "fd90:37fd:ddec:d921::1/64"
+    ];
+    linkConfig.RequiredForOnline = "no";
+  };
+
+  networking.firewall.allowedUDPPorts = [ 51844 ];
+
+}