about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--configuration.nix1
-rw-r--r--vpn.nix38
2 files changed, 39 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix
index a847f29..15ef8c4 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -45,6 +45,7 @@
     ./status.nix
     ./vpsadminos.nix
     ./wikiwiki.nix
+    ./vpn.nix
   ];
 
   networking = {
diff --git a/vpn.nix b/vpn.nix
new file mode 100644
index 0000000..b6c3f07
--- /dev/null
+++ b/vpn.nix
@@ -0,0 +1,38 @@
+# WireGuard peering
+# Copyright (C) 2024  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, ... }:
+let wireguardPort = 51820;
+in {
+  networking = {
+    firewall.allowedUDPPorts = [ wireguardPort ];
+    wireguard.interfaces.wg0 = {
+      ips = [ "192.168.144.24/24" "fdb1:87db:2ad4::18/64" ];
+      listenPort = wireguardPort;
+      privateKeyFile = "/etc/wireguard/private.key";
+      peers = [
+        {
+          publicKey = "P2t6yzGuvx5u4nw0J7TfxUYZPYvyblXhDIN8cRcHgTU=";
+          allowedIPs = [ "192.168.144.0/24" "fdb1:87db:2ad4::/64" ];
+          endpoint = "giao.loan:${toString wireguardPort}";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+  };
+}