vpn stuff

author: Kjetil Orbekk <kj@orbekk.com> 2021-08-09 18:24:06 -0400
committer: Kjetil Orbekk <kj@orbekk.com> 2021-08-09 18:24:11 -0400
commit: 19068d52b5fc4c199bd9776abd96b21476c2c6dd (patch)
tree: a5bad6b828fe2f72db92e55360fe5c652a1c5c8f
parent: 348db9ee7d85aff0a11d11279f1ae47dbb300db0 (diff)
1 files changed, 34 insertions, 0 deletions
diff --git a/modules/vpn.nix b/modules/vpn.nix
new file mode 100644
index 0000000..fb6fd3a
--- /dev/null
+++ b/modules/vpn.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.orbekk.vpn;
+in
+{
+  options = {
+    orbekk.vpn = {
+      enable = lib.mkEnableOption "Enable VPN";
+
+      listenPort = lib.mkOption {
+        type = lib.types.port;
+        default = 40421;
+        description = "wireguard local port";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    orbekk.simple-firewall.allowedUDPPorts = [ cfg.listenPort ];
+
+    networking.wireguard = {
+      enable = true;
+      interfaces.vpn = {
+        privateKeyFile = "/opt/secret/wireguard/vpn.private";
+        ips = [ "10.70.90.245/32" "fc00:bbbb:bbbb:bb01::7:5af4/128" ];
+        allowedIPsAsRoutes = false;
+        listenPort = cfg.listenPort;
+        peers = [
+        ];
+      };
+    };
+  };
+}
author	Kjetil Orbekk <kj@orbekk.com>	2021-08-09 18:24:06 -0400
committer	Kjetil Orbekk <kj@orbekk.com>	2021-08-09 18:24:11 -0400
commit	19068d52b5fc4c199bd9776abd96b21476c2c6dd (patch)
tree	a5bad6b828fe2f72db92e55360fe5c652a1c5c8f
parent	348db9ee7d85aff0a11d11279f1ae47dbb300db0 (diff)