41 lines
855 B
Nix
41 lines
855 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
|
|
sops = {
|
|
secrets.wg-b-palladium = {
|
|
owner = "systemd-network";
|
|
group = "systemd-network";
|
|
};
|
|
};
|
|
|
|
systemd.network.netdevs."10-wg-b-palladium" = {
|
|
netdevConfig = {
|
|
Kind = "wireguard";
|
|
Name = "wg-b-palladium";
|
|
};
|
|
wireguardConfig = {
|
|
PrivateKeyFile = config.sops.secrets.wg-b-palladium.path;
|
|
ListenPort = 51844;
|
|
};
|
|
wireguardPeers = [
|
|
{
|
|
PublicKey = "YMTOhRAKWfFX1UVBoROPvgcQxTSN4tny35brAocdnwo=";
|
|
AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ];
|
|
PersistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.network.networks."10-wg-b-palladium" = {
|
|
matchConfig.Name = "wg-b-palladium";
|
|
address = [
|
|
"fd90:37fd:ddec:d921::1/64"
|
|
];
|
|
linkConfig.RequiredForOnline = "no";
|
|
};
|
|
|
|
networking.firewall.allowedUDPPorts = [ 51844 ];
|
|
|
|
}
|