added wireguard to desktop

2021-09-23 13:50:10 +02:00
parent 0ace2043f0
commit 89f9e98ec2
5 changed files with 38 additions and 2 deletions
--- a/.gitsecret/paths/mapping.cfg
+++ b/.gitsecret/paths/mapping.cfg
@ -1 +1 @@
-configs/secrets.nix:a83d724b6fe99623ff5a9e649a30227c3c199d302b10dce75db8ab3f3271d7f8
+configs/secrets.nix:165513a6eda74a9bca732e62cb1ba1863bcd230be4e9cf0809b7081fe6f29133
--- a/configs/secrets.nix.secret
+++ b/configs/secrets.nix.secret
--- a/machine/desktop.nix
+++ b/machine/desktop.nix
@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:

 let
-  unstable = import <nixos-unstable> { config.allowUnfree = true; };
+  secrets = import ../configs/secrets.nix;
 in
 {
  imports =
@ -36,6 +36,22 @@ in
  boot.kernelModules = [ "it87" "v4l2loopback" ];

  networking.hostName = "desktop"; # Define your hostname.
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.100.0.2/24" ];
+      privateKey = secrets.wireguard-desktop-private;
+
+      peers = [
+        {
+          publicKey = secrets.wireguard-vps-public;
+          presharedKey = secrets.wireguard-preshared;
+          allowedIPs = [ "10.100.0.0/24" ];
+          endpoint = "szczepan.ski:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };

  # Set your time zone.
  time.timeZone = "Europe/Berlin";
--- a/machine/mini.nix
+++ b/machine/mini.nix
@ -24,6 +24,22 @@
      # allowedTCPPorts = [ 6443 ];
    };
    networkmanager.enable = true;
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "10.100.0.3/24" ];
+        privateKey = secrets.wireguard-mini-private;
+
+        peers = [
+          {
+            publicKey = secrets.wireguard-vps-public;
+            presharedKey = secrets.wireguard-preshared;
+            allowedIPs = [ "10.100.0.0/24" ];
+            endpoint = "szczepan.ski:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
  };

  services.k3s.enable = true;
--- a/machine/vps.nix
+++ b/machine/vps.nix
@ -38,6 +38,10 @@ in
          publicKey = secrets.wireguard-desktop-public;
          presharedKey = secrets.wireguard-preshared;
          allowedIPs = [ "10.100.0.2/32" ];
+        }{
+          publicKey = secrets.wireguard-mini-public;
+          presharedKey = secrets.wireguard-preshared;
+          allowedIPs = [ "10.100.0.3/32" ];
        }];
      };
    };