diff options
-rw-r--r-- | configuration.nix | 1 | ||||
-rw-r--r-- | vpn.nix | 38 |
2 files changed, 39 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix index a847f29..15ef8c4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -45,6 +45,7 @@ ./status.nix ./vpsadminos.nix ./wikiwiki.nix + ./vpn.nix ]; networking = { diff --git a/vpn.nix b/vpn.nix new file mode 100644 index 0000000..b6c3f07 --- /dev/null +++ b/vpn.nix @@ -0,0 +1,38 @@ +# WireGuard peering +# Copyright (C) 2024 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. + +{ config, ... }: +let wireguardPort = 51820; +in { + networking = { + firewall.allowedUDPPorts = [ wireguardPort ]; + wireguard.interfaces.wg0 = { + ips = [ "192.168.144.24/24" "fdb1:87db:2ad4::18/64" ]; + listenPort = wireguardPort; + privateKeyFile = "/etc/wireguard/private.key"; + peers = [ + { + publicKey = "P2t6yzGuvx5u4nw0J7TfxUYZPYvyblXhDIN8cRcHgTU="; + allowedIPs = [ "192.168.144.0/24" "fdb1:87db:2ad4::/64" ]; + endpoint = "giao.loan:${toString wireguardPort}"; + persistentKeepalive = 25; + } + ]; + }; + }; +} |