muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add wireguard

Browse source
This commit is contained in:
muon 2024-08-27 21:50:43 +00:00
parent 4dc3200d68
commit 86e4bf1c4e
10 changed files with 156 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

26
modules/nixos/core/network.nix
View file

@ -1,6 +1,7 @@
{ pkgs, lib, config, ... }: {
options.mods = {
tailscale.enable = lib.mkEnableOption "enables tailscale";
wireguard.enable = lib.mkEnableOption "enables wireguard client";
openvpn.enable = lib.mkEnableOption "enables openvpn config";
openvpn.config = let
username = "${config.mods.user.name}";
@ -20,5 +21,30 @@
services.openvpn.servers = lib.mkIf config.mods.openvpn.enable {
remote.config = ''config ${config.mods.openvpn.config}'';
};
networking = lib.mkIf config.mods.wireguard.enable {
firewall = {
allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport
};
wireguard.interfaces = {
wg0 = {
ips = [ "10.100.0.2/24" ];
listenPort = 51820;
privateKeyFile = "/home/muon/wireguard-keys/private";
peers = [
{
publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA=";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "{server ip}:51820";
persistentKeepalive = 25;
}
];
};
};
};
};
}