From b9db0e0b98da4d45fcecb2b1a16dd394eacd0442 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Sun, 12 May 2024 20:21:50 +0900 Subject: Set up WireGuard --- configuration.nix | 1 + vpn.nix | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 vpn.nix diff --git a/configuration.nix b/configuration.nix index a847f29..15ef8c4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -45,6 +45,7 @@ ./status.nix ./vpsadminos.nix ./wikiwiki.nix + ./vpn.nix ]; networking = { diff --git a/vpn.nix b/vpn.nix new file mode 100644 index 0000000..b6c3f07 --- /dev/null +++ b/vpn.nix @@ -0,0 +1,38 @@ +# WireGuard peering +# Copyright (C) 2024 Nguyễn Gia Phong +# +# This file is part of loang configuration. +# +# Loang configuration is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published +# by the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Loang configuration is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with loang configuration. If not, see . + +{ config, ... }: +let wireguardPort = 51820; +in { + networking = { + firewall.allowedUDPPorts = [ wireguardPort ]; + wireguard.interfaces.wg0 = { + ips = [ "192.168.144.24/24" "fdb1:87db:2ad4::18/64" ]; + listenPort = wireguardPort; + privateKeyFile = "/etc/wireguard/private.key"; + peers = [ + { + publicKey = "P2t6yzGuvx5u4nw0J7TfxUYZPYvyblXhDIN8cRcHgTU="; + allowedIPs = [ "192.168.144.0/24" "fdb1:87db:2ad4::/64" ]; + endpoint = "giao.loan:${toString wireguardPort}"; + persistentKeepalive = 25; + } + ]; + }; + }; +} -- cgit 1.4.1