summaryrefslogtreecommitdiff
path: root/hosts/kay/modules/wireguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/kay/modules/wireguard.nix')
-rw-r--r--hosts/kay/modules/wireguard.nix57
1 files changed, 0 insertions, 57 deletions
diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix
deleted file mode 100644
index f90b1ec..0000000
--- a/hosts/kay/modules/wireguard.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ config, ... }:
-
-let
- wgInterface = "wg";
- wanInterface = "ppp0";
- subnet = "10.0.1.0";
- prefix = 24;
- port = 51820;
-in
-{
- sops.secrets."misc/wireguard" = {};
-
- networking = {
- nat = {
- enable = true;
- externalInterface = wanInterface;
- internalInterfaces = [ wgInterface ];
- };
- firewall = {
- allowedUDPPorts = [ port ];
- extraCommands = ''
- iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE
- '';
- };
-
- wireguard.interfaces.${wgInterface} = {
- ips = [ "10.0.1.1/${toString prefix}" ];
- listenPort = port;
- mtu = 1380; # 1460 (ppp0) - 80
- privateKeyFile = config.sops.secrets."misc/wireguard".path;
-
- peers = [
- { # cez
- publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8=";
- allowedIPs = [ "10.0.1.2/32" ];
- }
- { # vex
- publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8=";
- allowedIPs = [ "10.0.1.3/32" ];
- }
- { # dad
- publicKey = "q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ=";
- allowedIPs = [ "10.0.1.4/32" ];
- }
- { # shambai
- publicKey = "YYDlp/bNKkqFHAhdgaZ2SSEMnIjKTqPTK7Ju6O9/1gY=";
- allowedIPs = [ "10.0.1.5/32" ];
- }
- ];
- };
- };
-
- services.dnsmasq.settings = {
- no-dhcp-interface = wgInterface;
- interface = [ wgInterface ];
- };
-}