configuration
flake
hosts
_iso
aluminium
astatine
backup-4
backup.nix
configuration.nix
hardware-configuration.nix
replication.nix
restic-server.nix
secrets.json
ssh.pub
wg-b-palladium.nix
beryllium
carbon
clerie-backup
dn42-il-gw1
dn42-il-gw5
dn42-il-gw6
dn42-ildix-clerie
dn42-ildix-service
gatekeeper
hydra-1
hydra-2
krypton
mail-2
monitoring-3
nonat
osmium
palladium
porter
storage-2
tungsten
web-2
zinc
lib
modules
pkgs
profiles
users
.gitignore
README.md
flake.lock
flake.nix
41 lines
855 B
Nix
41 lines
855 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
|
|
sops = {
|
|
secrets.wg-b-palladium = {
|
|
owner = "systemd-network";
|
|
group = "systemd-network";
|
|
};
|
|
};
|
|
|
|
systemd.network.netdevs."10-wg-b-palladium" = {
|
|
netdevConfig = {
|
|
Kind = "wireguard";
|
|
Name = "wg-b-palladium";
|
|
};
|
|
wireguardConfig = {
|
|
PrivateKeyFile = config.sops.secrets.wg-b-palladium.path;
|
|
ListenPort = 51844;
|
|
};
|
|
wireguardPeers = [
|
|
{
|
|
PublicKey = "YMTOhRAKWfFX1UVBoROPvgcQxTSN4tny35brAocdnwo=";
|
|
AllowedIPs = [ "fd90:37fd:ddec:d921::/64" ];
|
|
PersistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.network.networks."10-wg-b-palladium" = {
|
|
matchConfig.Name = "wg-b-palladium";
|
|
address = [
|
|
"fd90:37fd:ddec:d921::1/64"
|
|
];
|
|
linkConfig.RequiredForOnline = "no";
|
|
};
|
|
|
|
networking.firewall.allowedUDPPorts = [ 51844 ];
|
|
|
|
}
|