blob: 10b0c1742aa816c728b6bf89c9fd406ce9322352 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
{ config, lib, pkgs, ... }:
let
port = (import ../data/aliases.nix).services.wireguard.port;
in
{
networking = {
firewall.allowedTCPPorts = [ port ];
firewall.allowedUDPPorts = [ port ];
wireguard = {
interfaces = {
wg0 = {
ips = [ "10.35.190.1/23" ];
privateKeyFile = "/opt/secret/wireguard/wg0.key";
listenPort = port;
allowedIPsAsRoutes = false;
peers = [
{
publicKey = "ULWhaOsAaTu4cu84v3PM4DL7arxc/WNnzI/ic2k1KBU=";
allowedIPs = ["0.0.0.0/0" "::/0"];
}
];
};
};
};
};
}
|
