give access to wg0 in usbstick
This commit is contained in:
parent
b24094155a
commit
4f6924d5d7
3 changed files with 37 additions and 0 deletions
|
@ -64,6 +64,9 @@ jobs:
|
|||
- name: nix build sternchen
|
||||
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
|
||||
|
||||
- name: nix build usbstick
|
||||
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
|
||||
|
||||
- name: commit & push
|
||||
if: ${{ github.event_name == 'schedule' }}
|
||||
# only if all nix builds are fine we update our branch
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
./hardware-configuration
|
||||
#./tinc.nix
|
||||
#./syncthing.nix
|
||||
./network-wireguard-wg0.nix
|
||||
|
||||
];
|
||||
|
||||
|
|
33
machines/usbstick/network-wireguard-wg0.nix
Normal file
33
machines/usbstick/network-wireguard-wg0.nix
Normal file
|
@ -0,0 +1,33 @@
|
|||
{ config, factsGenerator, clanLib, ... }:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||
clan.core.facts.services.wireguard_ip = factsGenerator.public {
|
||||
"wireguard.wg0.cidr" = "10.100.0.100/32";
|
||||
"wireguard.wg0.ip" = "10.100.0.100";
|
||||
};
|
||||
|
||||
# Enable WireGuard
|
||||
networking.wg-quick.interfaces = {
|
||||
# Hub and Spoke Setup
|
||||
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
|
||||
wg0 = {
|
||||
address = [
|
||||
config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
|
||||
];
|
||||
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||
privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||
mtu = 1280;
|
||||
|
||||
peers = [
|
||||
{
|
||||
publicKey = clanLib.readFact "wireguard.wg0.pub" "orbi";
|
||||
allowedIPs = [
|
||||
(clanLib.readFact "wireguard.wg0.cidr" "orbi")
|
||||
];
|
||||
endpoint = clanLib.readFact "wireguard.wg0.endpoint" "orbi";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue