give access to wg0 in usbstick
This commit is contained in:
parent
b24094155a
commit
4f6924d5d7
3 changed files with 37 additions and 0 deletions
|
@ -64,6 +64,9 @@ jobs:
|
||||||
- name: nix build sternchen
|
- name: nix build sternchen
|
||||||
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
|
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
|
||||||
|
|
||||||
|
- name: nix build usbstick
|
||||||
|
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
|
||||||
|
|
||||||
- name: commit & push
|
- name: commit & push
|
||||||
if: ${{ github.event_name == 'schedule' }}
|
if: ${{ github.event_name == 'schedule' }}
|
||||||
# only if all nix builds are fine we update our branch
|
# only if all nix builds are fine we update our branch
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
./hardware-configuration
|
./hardware-configuration
|
||||||
#./tinc.nix
|
#./tinc.nix
|
||||||
#./syncthing.nix
|
#./syncthing.nix
|
||||||
|
./network-wireguard-wg0.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
33
machines/usbstick/network-wireguard-wg0.nix
Normal file
33
machines/usbstick/network-wireguard-wg0.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{ config, factsGenerator, clanLib, ... }:
|
||||||
|
{
|
||||||
|
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||||
|
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
|
||||||
|
clan.core.facts.services.wireguard_ip = factsGenerator.public {
|
||||||
|
"wireguard.wg0.cidr" = "10.100.0.100/32";
|
||||||
|
"wireguard.wg0.ip" = "10.100.0.100";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable WireGuard
|
||||||
|
networking.wg-quick.interfaces = {
|
||||||
|
# Hub and Spoke Setup
|
||||||
|
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
|
||||||
|
wg0 = {
|
||||||
|
address = [
|
||||||
|
config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.cidr".value
|
||||||
|
];
|
||||||
|
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
|
||||||
|
privateKeyFile = config.clan.core.facts.services.wireguard.secret."wireguard.wg0.key".path;
|
||||||
|
mtu = 1280;
|
||||||
|
|
||||||
|
peers = [
|
||||||
|
{
|
||||||
|
publicKey = clanLib.readFact "wireguard.wg0.pub" "orbi";
|
||||||
|
allowedIPs = [
|
||||||
|
(clanLib.readFact "wireguard.wg0.cidr" "orbi")
|
||||||
|
];
|
||||||
|
endpoint = clanLib.readFact "wireguard.wg0.endpoint" "orbi";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue