From f39aa5037b0191cb1ff50d98ed416fd6b27031b5 Mon Sep 17 00:00:00 2001 From: clerie Date: Tue, 15 Dec 2020 18:13:56 +0100 Subject: [PATCH] Wireguard between nonat and porter --- hosts/nonat/configuration.nix | 16 ++++++++++++++++ hosts/porter/configuration.nix | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/hosts/nonat/configuration.nix b/hosts/nonat/configuration.nix index aba0d9b..01e13ba 100644 --- a/hosts/nonat/configuration.nix +++ b/hosts/nonat/configuration.nix @@ -38,5 +38,21 @@ ]; }; + networking.wireguard.enable = true; + networking.wireguard.interfaces = { + wg-porter = { + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "porter.net.clerie.de:51337"; + publicKey = "TzQV60SvPZuJ9yTzvyGwejyXw1SlKkilS4UUvrQcyGk="; + } ]; + listenPort = 51337; + allowedIPsAsRoutes = false; + privateKeyFile = "/var/src/secrets/wireguard/wg-porter"; + } // (import ../../lib/link-local-wireguard.nix {}).llIPv6 "fe80::1337:2" "fe80::1337:1" "wg-porter"; + }; + + networking.firewall.allowedUDPPorts = [ 51337 ]; + system.stateVersion = "21.03"; } diff --git a/hosts/porter/configuration.nix b/hosts/porter/configuration.nix index bd96cd1..364844c 100644 --- a/hosts/porter/configuration.nix +++ b/hosts/porter/configuration.nix @@ -20,5 +20,21 @@ networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; }; networking.nameservers = [ "213.133.98.98" "213.133.99.99" "213.133.100.100" ]; + networking.wireguard.enable = true; + networking.wireguard.interfaces = { + wg-nonat = { + peers = [ { + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "nonat.net.clerie.de:51337"; + publicKey = "Z5HltUKBSOzePqZCJjSsJPZ3UxGjFR4a5Vxmm+ePNRk="; + } ]; + listenPort = 51337; + allowedIPsAsRoutes = false; + privateKeyFile = "/var/src/secrets/wireguard/wg-nonat"; + } // (import ../../lib/link-local-wireguard.nix {}).llIPv6 "fe80::1337:1" "fe80::1337:2" "wg-nonat"; + }; + + networking.firewall.allowedUDPPorts = [ 51337 ]; + system.stateVersion = "21.03"; }