From 3a6d18e50752c115909db17739c083e72252ea5d Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Tue, 9 Apr 2024 15:08:34 +0200
Subject: [PATCH] mediabox: add wireguard

---
 mediabox/configuration.nix | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/mediabox/configuration.nix b/mediabox/configuration.nix
index c360fda..b3afcf8 100644
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@@ -24,6 +24,10 @@
     group = config.users.users.nobody.group;
   };
 
+  sops.secrets."wg_privkey" = {
+    sopsFile = ./secrets/wg_privkey.yaml;
+  };
+
   nix = {
     optimise.automatic = true;
     gc.automatic = true;
@@ -70,7 +74,7 @@
   networking = {
     firewall = {
       enable = true;
-      allowedTCPPorts = [80 443];
+      allowedTCPPorts = [80 443 51820];
     };
 
     hostName = "mediabox";
@@ -90,6 +94,22 @@
       192.168.88.1   router.lan
       192.168.88.231 workstation.lan
     '';
+
+    wireguard.interfaces = {
+      wg0 = {
+        ips = ["10.100.0.5/24"];
+        listenPort = 51820;
+        privateKeyFile = config.sops.secrets."wg_privkey".path;
+        peers = [
+          {
+            publicKey = builtins.readFile ../magpie/wg_pubkey;
+            allowedIPs = ["10.100.0.1"];
+            endpoint = "5.75.229.224:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
   };
 
   time.timeZone = "Europe/Sarajevo";