From 82d409c7840ec1378e8e00d61a1d534bece1399c Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Sat, 7 Oct 2023 08:56:36 -0400
Subject: add wg peers

---
 modules/router.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'modules/router.nix')

diff --git a/modules/router.nix b/modules/router.nix
index aaf36ee..3f997e2 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -324,9 +324,19 @@ in {
     networking.wireguard.interfaces.wg-vpn = {
       socketNamespace = "router";
       interfaceNamespace = "router";
-      ips = [ "${vpnPrefix}::d/128" ];
+      ips = [ "${vpnPrefix}::1/128" ];
       privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
       listenPort = vpnPort;
+      ppers = let mkPeer = host: ip: {
+        ips = [ "${vpn-prefix}::${ip}/128" ];
+        publicKey = (builtins.readFile (../secrets + "/${host}-wireguard-key.pub"));
+        endpoint = null;
+        router = false;
+      } in {
+        firelink = mkPeer "firelink" "2001";
+        pincer = mkPeer "pincer" "2001";
+        trygve = mkPeer "trygve" "2004";
+      };
     };
 
     services.ddclient = {
-- 
cgit v1.2.3