From 63331ab3f84eb7f23ba3ac873338e8a80272c40f Mon Sep 17 00:00:00 2001 From: mups Date: Tue, 27 Aug 2024 22:16:28 +0000 Subject: [PATCH] Fix wireguard --- hosts/mups/configuration.nix | 2 ++ modules/nixos/core/network.nix | 34 ++++++++++++++++------------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/hosts/mups/configuration.nix b/hosts/mups/configuration.nix index 62acba8..dcc5c69 100644 --- a/hosts/mups/configuration.nix +++ b/hosts/mups/configuration.nix @@ -32,6 +32,8 @@ in { mods.server.media.enable = true; + mods.server.wireguard.enable = true; + # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; diff --git a/modules/nixos/core/network.nix b/modules/nixos/core/network.nix index ffa2b7b..2f3b7a0 100644 --- a/modules/nixos/core/network.nix +++ b/modules/nixos/core/network.nix @@ -23,26 +23,24 @@ }; - networking = lib.mkIf config.mods.wireguard.enable { - firewall = { - allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport - }; - wireguard.interfaces = { - wg0 = { - ips = [ "10.100.0.2/24" ]; - listenPort = 51820; + networking.firewall = lib.mkIf config.mods.wireguard.enable { + allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport + }; + networking.wireguard.interfaces = lib.mkIf config.mods.wireguard.enable { + wg0 = { + ips = [ "10.100.0.2/24" ]; + listenPort = 51820; - privateKeyFile = "/home/muon/wireguard-keys/private"; + privateKeyFile = "/home/muon/wireguard-keys/private"; - peers = [ - { - publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; - allowedIPs = [ "0.0.0.0/0" ]; - endpoint = "{server ip}:51820"; - persistentKeepalive = 25; - } - ]; - }; + peers = [ + { + publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; + allowedIPs = [ "0.0.0.0/0" ]; + endpoint = "{server ip}:51820"; + persistentKeepalive = 25; + } + ]; }; };