fix(wireguard)!: AllowedIPs semantics
Also add `limonka` and `peshoDjam` peers
This commit is contained in:
parent
9bac61ee0a
commit
a5f1832d07
GPG key ID:
675AA7EF13964ACB
3 changed files with 42 additions and 35 deletions
|
|
@ -6,13 +6,13 @@
|
||||||
|
|
||||||
# NOTE: key generation
|
# NOTE: key generation
|
||||||
# umask 077
|
# umask 077
|
||||||
# wg genkey > private
|
# wg genkey > key
|
||||||
# wg pubkey < private > public
|
# wg pubkey < key > key.pub
|
||||||
|
|
||||||
# Server
|
# Server
|
||||||
age.secrets."wireguard.private" = {
|
age.secrets."wireguard.privateKey" = {
|
||||||
mode = "077";
|
mode = "077";
|
||||||
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/private.age";
|
rekeyFile = "${inputs.self}/secrets/home/jeeves/wireguard/key.age";
|
||||||
generator = {
|
generator = {
|
||||||
script = {lib, pkgs, file, ...}: ''
|
script = {lib, pkgs, file, ...}: ''
|
||||||
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
||||||
|
|
@ -32,40 +32,46 @@
|
||||||
MTUBytes = "1300";
|
MTUBytes = "1300";
|
||||||
};
|
};
|
||||||
wireguardConfig = {
|
wireguardConfig = {
|
||||||
PrivateKeyFile = config.age.secrets."wireguard.private".path;
|
PrivateKeyFile = config.age.secrets."wireguard.privateKey".path;
|
||||||
ListenPort = 51820;
|
ListenPort = 51820;
|
||||||
};
|
};
|
||||||
wireguardPeers = [
|
wireguardPeers =
|
||||||
{
|
lib.mapAttrsToList
|
||||||
# cheetah
|
(host: peerConfig: {
|
||||||
wireguardPeerConfig = {
|
wireguardPeerConfig = peerConfig;
|
||||||
PublicKey = "CFTGvBcly791ClwyS6PzTjmqztvYJW2eklR7it/QhxI=";
|
})
|
||||||
AllowedIPs = [
|
{
|
||||||
"0.0.0.0/0"
|
cheetah = {
|
||||||
# "::/0"
|
PublicKey = "CFTGvBcly791ClwyS6PzTjmqztvYJW2eklR7it/QhxI=";
|
||||||
];
|
AllowedIPs = [
|
||||||
|
"10.100.0.2/32"
|
||||||
|
"0.0.0.0/0"
|
||||||
|
# "::/0"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
limonka = {
|
||||||
|
PublicKey = "+x4cKc16KxhW/M3wv64FU1J0AkiLyXT5Oar6I1n1xk4=";
|
||||||
|
AllowedIPs = [
|
||||||
|
"10.100.0.3/32"
|
||||||
|
"192.168.1.123/32"
|
||||||
|
"0.0.0.0/0"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
peshoDjam = {
|
||||||
|
PublicKey = "37QEe3Lsq5BTIzxqAh9z7clHYeaOaMH31oqi5YvAPBY=";
|
||||||
|
AllowedIPs = [
|
||||||
|
"10.100.0.4/32"
|
||||||
|
"192.168.1.134/32"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
s42 = {
|
||||||
|
PublicKey = "pZF6M8TZ1FSBtTwFz4xzlMqwqRScEqgBfqHBk7ddixc=";
|
||||||
|
AllowedIPs = [
|
||||||
|
"10.100.0.5/32"
|
||||||
|
"0.0.0.0/0"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
|
||||||
{
|
|
||||||
# limonka
|
|
||||||
wireguardPeerConfig = {
|
|
||||||
PublicKey = "+x4cKc16KxhW/M3wv64FU1J0AkiLyXT5Oar6I1n1xk4=";
|
|
||||||
AllowedIPs = [
|
|
||||||
"0.0.0.0/0"
|
|
||||||
# "192.168.1.0/24"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# s42
|
|
||||||
wireguardPeerConfig = {
|
|
||||||
PublicKey = "pZF6M8TZ1FSBtTwFz4xzlMqwqRScEqgBfqHBk7ddixc=";
|
|
||||||
AllowedIPs = [
|
|
||||||
"0.0.0.0/0"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networks.wg0 = {
|
networks.wg0 = {
|
||||||
|
|
|
||||||
1
secrets/home/jeeves/wireguard/key.pub
Normal file
1
secrets/home/jeeves/wireguard/key.pub
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
U6nnTD+EzeF4qfs5KJTwWc2Im700qKbbCmIVLatXa1Q=
|
||||||
Loading…
Add table
Add a link
Reference in a new issue