mediabox: add wireguard

2024-04-09 15:08:34 +02:00 · 2024-04-09 15:08:34 +02:00 · 3a6d18e507
commit 3a6d18e507
parent 85203ce57d
1 changed files with 21 additions and 1 deletions
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@ -24,6 +24,10 @@
    group = config.users.users.nobody.group;
  };

+  sops.secrets."wg_privkey" = {
+    sopsFile = ./secrets/wg_privkey.yaml;
+  };
+
  nix = {
    optimise.automatic = true;
    gc.automatic = true;
@ -70,7 +74,7 @@
  networking = {
    firewall = {
      enable = true;
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [80 443 51820];
    };

    hostName = "mediabox";
@ -90,6 +94,22 @@
      192.168.88.1   router.lan
      192.168.88.231 workstation.lan
    '';
+
+    wireguard.interfaces = {
+      wg0 = {
+        ips = ["10.100.0.5/24"];
+        listenPort = 51820;
+        privateKeyFile = config.sops.secrets."wg_privkey".path;
+        peers = [
+          {
+            publicKey = builtins.readFile ../magpie/wg_pubkey;
+            allowedIPs = ["10.100.0.1"];
+            endpoint = "5.75.229.224:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
  };

  time.timeZone = "Europe/Sarajevo";