Allows direct contact via the VPN when accessing from fox, but use Internet when using the rest of the machines. Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
		
			
				
	
	
		
			40 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			40 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, ... }:
 | |
| 
 | |
| {
 | |
|   networking.firewall = {
 | |
|     allowedUDPPorts = [ 666 ];
 | |
|   };
 | |
| 
 | |
|   age.secrets.wgFox.file = ../../secrets/wg-fox.age;
 | |
| 
 | |
|   networking.wireguard.enable = true;
 | |
|   networking.wireguard.interfaces = {
 | |
|     # "wg0" is the network interface name. You can name the interface arbitrarily.
 | |
|     wg0 = {
 | |
|       # Determines the IP address and subnet of the server's end of the tunnel interface.
 | |
|       ips = [ "10.100.0.1/24" ];
 | |
| 
 | |
|       # The port that WireGuard listens to. Must be accessible by the client.
 | |
|       listenPort = 666;
 | |
| 
 | |
|       # Path to the private key file.
 | |
|       privateKeyFile = config.age.secrets.wgFox.path;
 | |
|       # Public key: VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=
 | |
| 
 | |
|       peers = [
 | |
|         # List of allowed peers.
 | |
|         { 
 | |
|           name = "Apex";
 | |
|           publicKey = "VwhcN8vSOzdJEotQTpmPHBC52x3Hbv1lkFIyKubrnUA=";
 | |
|           # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
 | |
|           allowedIPs = [ "10.100.0.30/32" ];
 | |
|         }
 | |
|       ];
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   networking.hosts = {
 | |
|     "10.100.0.30" = [ "apex" ];
 | |
|   };
 | |
| }
 |