3 files changed, 27 insertions, 1 deletions

diff --git a/config/vpn-server.nix b/config/vpn-server.nix
new file mode 100644
index 0000000..f2663d5
--- /dev/null
+++ b/config/vpn-server.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+let
+  port = (import ../data/aliases.nix).services.wireguard.port;
+in
+{
+  networking.wireguard = {
+    interfaces = {
+      wg0 = {
+        ips = [ "10.35.190.1/23" ];
+	privateKeyFile = "/opt/secret/wireguard/wg0.key";
+	listenPort = port;
+	peers = [
+	  {
+	    publicKey = "ULWhaOsAaTu4cu84v3PM4DL7arxc/WNnzI/ic2k1KBU=";
+	    allowedIPs = ["0.0.0.0/0" "::/0"];
+	  }
+	];
+      };
+    };
+  };
+}
diff --git a/data/aliases.nix b/data/aliases.nix
index 1911d53..37a291c 100644
--- a/data/aliases.nix
+++ b/data/aliases.nix
@@ -1,5 +1,6 @@
 rec {
   ip = {
+    dragon = "10.0.20.2";
     shape = "10.0.20.15";
     raigh = "raigh.orbekk.com";
   };
@@ -12,5 +13,6 @@ rec {
     systemhttpd = { address = ip.shape; port = 11105; };
     linoquotes = { address = ip.raigh; port = 11106; };
     stats = { home = "/var/lib/stats"; };
+    wireguard = { port = 11107; };
   };
 }
diff --git a/machines/dragon.nix b/machines/dragon.nix
index 8ff1785..2b281bb 100644
--- a/machines/dragon.nix
+++ b/machines/dragon.nix
@@ -11,8 +11,11 @@
     ../config/mail-server.nix
     ../config/munin-node.nix
     ../config/munin-master.nix
+    ../config/vpn-server.nix
   ];
 
+  environment.systemPackages = with pkgs; [ ipmitool ];
+
   virtualisation.lxd.enable = true;
   security.apparmor = {
     enable = true;
@@ -25,7 +28,7 @@
 
   boot.kernelParams = [ "console=tty0" ''console="ttyS0,115200n8"'' ];
   boot.loader.grub.extraConfig = ''
-    GRUB_TERMINAL="console serial"
+    GRUB_TERMINAL="serial"
     GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
   '';
   boot.loader.grub.enable = true;