42 lines
1.4 KiB
Nix
42 lines
1.4 KiB
Nix
{ config, pkgs, ...}:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard-tools
|
|
];
|
|
|
|
networking = {
|
|
firewall.allowedUDPPorts = [ 51820 ];
|
|
firewall.trustedInterfaces = [ "ens19"];
|
|
iproute2.enable = true;
|
|
iproute2.rttablesExtraConfig = ''
|
|
100 PUBLIC6
|
|
'';
|
|
wireguard.enable = true;
|
|
wireguard.interfaces = {
|
|
wg0 = {
|
|
ips = [ "fe80::42:10:1/64" ];
|
|
privateKeyFile = "/var/src/secrets/wireguard/wg0";
|
|
listenPort = 51820;
|
|
allowedIPsAsRoutes = false;
|
|
postSetup = ''
|
|
ip -6 rule add from 2a01:4f8:1c0c:8221::/64 lookup PUBLIC6
|
|
ip -6 route add default via fe80::1 dev wg0 table PUBLIC6
|
|
'';
|
|
peers = [{
|
|
publicKey = "Y++eB9SfU17zB4mJ/6AaN761tngXAyTNoVaPNKmuvls=";
|
|
allowedIPs = [ "::/0" ];
|
|
endpoint = "78.47.183.82:51876";
|
|
#endpoint = "gatekeeper.net.clerie.de:51876";
|
|
persistentKeepalive = 25;
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
|
|
networking.interfaces.ens19.ipv6.addresses = [
|
|
{ address = "fd00:10:42:10::25"; prefixLength = 64; }
|
|
{ address = "2a01:4f8:1c0c:8221::25"; prefixLength = 64; }
|
|
];
|
|
}
|