Add wireguard tunnel

2020-11-05 09:09:46 +01:00 · 2020-11-05 09:09:46 +01:00 · c78b42b9b9
commit c78b42b9b9
parent 6735869160
1 changed files with 25 additions and 0 deletions
--- a/machines/t520/configuration.nix
+++ b/machines/t520/configuration.nix
@ -129,6 +129,31 @@

  autologin.username = "jalr";

+  networking.wg-quick.interfaces.wgkalle = {
+    address = [
+      "172.16.254.5/24"
+      "fd00::604:0:0:ac10:fe05/96"
+    ];
+    privateKeyFile = "/root/wireguard-keys/wgkalle";
+    listenPort = 51820;
+
+    peers = [
+      {
+        publicKey = "52kAcBdnrFeSuVupHs0u4diUf6tpF8Esy4vzJAlT5Tc=";
+        endpoint = "78.47.224.233:1194";
+        #endpoint = "[2a01:4f8:190:6068::2]:1194";
+        persistentKeepalive = 60;
+        allowedIPs = [
+          "0.0.0.0/0"
+          "::/0"
+        ];
+      }
+    ];
+  };
+  networking.firewall.allowedUDPPorts = [
+    51820 # wireguard
+  ];
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave