# WireGuard peering
# Copyright (C) 2024  Nguyễn Gia Phong
#
# This file is part of loang configuration.
#
# Loang configuration is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Loang configuration is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.

{ config, ... }:
let wireguardPort = 51820;
in {
  networking = {
    firewall.allowedUDPPorts = [ wireguardPort ];
    wireguard.interfaces.wg0 = {
      ips = [ "192.168.144.24/24" "fdb1:87db:2ad4::18/64" ];
      listenPort = wireguardPort;
      privateKeyFile = "/etc/wireguard/private.key";
      peers = [
        {
          publicKey = "P2t6yzGuvx5u4nw0J7TfxUYZPYvyblXhDIN8cRcHgTU=";
          allowedIPs = [ "192.168.144.0/24" "fdb1:87db:2ad4::/64" ];
          endpoint = "giao.loan:${toString wireguardPort}";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}