From 93586bb12ba967bd29f1d76078b194841b7a444f Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Fri, 19 Sep 2025 13:20:54 +0200
Subject: [PATCH] Restrict fox peer to a single IP

---
 m/apex/wireguard.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/m/apex/wireguard.nix b/m/apex/wireguard.nix
index 607564fe..0a6ac5f0 100644
--- a/m/apex/wireguard.nix
+++ b/m/apex/wireguard.nix
@@ -20,7 +20,7 @@
         {
           name = "fox";
           publicKey = "VfMPBQLQTKeyXJSwv8wBhc6OV0j2qAxUpX3kLHunK2Y=";
-          allowedIPs = [ "10.106.0.0/24" ];
+          allowedIPs = [ "10.106.0.1/32" ];
           endpoint = "fox.ac.upc.edu:666";
           # Send keepalives every 25 seconds. Important to keep NAT tables alive.
           persistentKeepalive = 25;