diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2021-08-04 17:12:58 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2021-08-04 17:13:36 -0400 |
| commit | d0a5776d5ffe07fa286b1ef0f2b27f422cf301b5 (patch) | |
| tree | 93d5efb344a724d57aa9dfb7698cc20b77ef0e24 /modules | |
| parent | bb9e37472da4885448ddb34ff009aadddbc9faf2 (diff) | |
add wireguard config
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/wireguard.nix (renamed from modules/mullvad.nix) | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/modules/mullvad.nix b/modules/wireguard.nix index 436a3b2..0188d90 100644 --- a/modules/mullvad.nix +++ b/modules/wireguard.nix @@ -1,12 +1,14 @@ { config, lib, pkgs, ... }: let - cfg = config.orbekk.mullvad; + cfg = config.orbekk.wireguard; in { options = { - orbekk.mullvad = { + orbekk.wireguard = { enable = lib.mkEnableOption "Enable VPN"; + enableMullvad = lib.mkEnableOption "Enable Mullvad"; + enableNycmesh = lib.mkEnableOption "Enable NYC Mesh"; listenPort = lib.mkOption { type = lib.types.port; @@ -21,7 +23,7 @@ in networking.wireguard = { enable = true; - interfaces.mullvad = { + interfaces.mullvad = lib.mkIf cfg.enableMullvad { privateKeyFile = "/opt/secret/wireguard/mullvad.private"; ips = [ "10.70.90.245/32" "fc00:bbbb:bbbb:bb01::7:5af4/128" ]; allowedIPsAsRoutes = false; @@ -34,6 +36,20 @@ in } ]; }; + + interfaces.nycmesh = lib.mkIf cfg.enableNycmesh { + privateKeyFile = "/opt/secret/wireguard/nycmesh.private"; + ips = [ "10.70.73.50/32" ]; + allowedIPsAsRoutes = false; + listenPort = cfg.listenPort; + peers = [ + { + endpoint = "wgvpn.sn1.mesh.nycmesh.net:51822"; + publicKey = "W5AQ3LmNVr2bW/IQrIY1GpyacplGc2lpavoeSzU/KhQ="; + allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + } + ]; + }; }; }; } |