51 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
		
			1.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| {
 | |
|   config,
 | |
|   inputs,
 | |
|   pkgs,
 | |
|   ...
 | |
| }:
 | |
| let
 | |
|   jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
 | |
|   wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort;
 | |
| in
 | |
| {
 | |
|   sops.secrets."wireguard/client/vps" = { };
 | |
| 
 | |
|   networking = {
 | |
|     iproute2 = {
 | |
|       enable = true;
 | |
|       rttablesExtraConfig = ''
 | |
|         100 wireguard
 | |
|       '';
 | |
|     };
 | |
| 
 | |
|     wireguard.interfaces.wg0 =
 | |
|       let
 | |
|         ip = "${pkgs.iproute2}/bin/ip";
 | |
|         table = "wireguard";
 | |
|       in
 | |
|       {
 | |
|         ips = [
 | |
|           "10.0.0.2/24"
 | |
|           "${config.networking.publicIPv4}/32"
 | |
|         ];
 | |
| 
 | |
|         privateKeyFile = config.sops.secrets."wireguard/client/vps".path;
 | |
| 
 | |
|         inherit table;
 | |
|         postSetup = [ "${ip} rule add from ${config.networking.publicIPv4} table ${table}" ];
 | |
|         postShutdown = [ "${ip} rule del from ${config.networking.publicIPv4} table ${table}" ];
 | |
| 
 | |
|         peers = [
 | |
|           {
 | |
|             name = "jupiter-vps";
 | |
|             allowedIPs = [ "0.0.0.0/0" ];
 | |
|             publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub";
 | |
|             endpoint = "${jupiterVpsConfig.networking.publicIPv4}:${builtins.toString wireguardPort}";
 | |
|             persistentKeepalive = 25;
 | |
|           }
 | |
|         ];
 | |
|       };
 | |
|   };
 | |
| }
 |