From c77b31150cdce3d1df314eba05bd55b2c97b704a Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Sat, 7 Oct 2023 08:22:00 -0400
Subject: vpn update

---
 modules/router.nix | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'modules/router.nix')

diff --git a/modules/router.nix b/modules/router.nix
index a5ab637..28d2d23 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -9,6 +9,7 @@ let
 
   mullvadPort = config.orbekk.mullvad.listenPort;
   vpnPort = config.orbekk.vpn.listenPort;
+  vpnPrefx = "2001:470:8e2e:1000";
 
   router-netns-up = pkgs.writeScript "router-netns-up" ''
     #!${pkgs.bash}/bin/bash
@@ -91,6 +92,16 @@ let
     }];
     systemd.services.he0-netdev.after = ["kjlan-netdev.service"];
 
+    networking.wireguard = {
+      enable = true;
+      interfaces.wg-vpn = {
+        ips = [ "${vpnPrefix}::d"/128 ];
+        privateKeyFile = config.age.secrets.dragon-wireguard-key.path;
+        allowedIPs = [ "${vpnPrefix}::/64" ];
+        listenPort = vpnPort;
+      };
+    };
+
     networking.iproute2.enable = true;
     networking.iproute2.rttablesExtraConfig = ''
       ${toString mullvadMark} mullvad
-- 
cgit v1.2.3