give access to wg0 in usbstick

This commit is contained in:
Ingolf Wagner 2024-08-09 16:07:11 +02:00
parent b24094155a
commit 4f6924d5d7
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
3 changed files with 37 additions and 0 deletions

View file

@ -64,6 +64,9 @@ jobs:
- name: nix build sternchen
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
- name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch

View file

@ -5,6 +5,7 @@
./hardware-configuration
#./tinc.nix
#./syncthing.nix
./network-wireguard-wg0.nix
];

View file

@ -0,0 +1,33 @@
{ config, factsGenerator, clanLib, ... }:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.cidr" = "10.100.0.100/32";
"wireguard.wg0.ip" = "10.100.0.100";
};
# Enable WireGuard
networking.wg-quick.interfaces = {
# Hub and Spoke Setup
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = {
address = [
config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
mtu = 1280;
peers = [
{
publicKey = clanLib.readFact "wireguard.wg0.pub" "orbi";
allowedIPs = [
(clanLib.readFact "wireguard.wg0.cidr" "orbi")
];
endpoint = clanLib.readFact "wireguard.wg0.endpoint" "orbi";
}
];
};
};
}