mirrors/mdlayher-homelab
1
0
Fork 0
mirror of https://github.com/mdlayher/homelab.git synced 2024-12-14 11:47:32 +00:00
Code Activity

nixos/routnerr-2: move wireguard to networkd

Browse source
This commit is contained in:
Matt Layher 2022-03-02 19:46:55 -05:00
parent fa209015c6
commit 2830f25b14
1 changed files with 22 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

45
nixos/routnerr-2/networking.nix
View file

@ -3,11 +3,6 @@
let
vars = import ./lib/vars.nix;
mkPeer = (peer: {
publicKey = peer.public_key;
allowedIPs = peer.allowed_ips;
});
in {
networking = {
hostName = "routnerr-2";
@ -17,24 +12,6 @@ in {
useNetworkd = true;
useDHCP = false;
# TODO(mdlayher): move to networkd.
wireguard = with vars.wireguard; {
enable = true;
interfaces = {
${name} = {
listenPort = 51820;
ips = with subnet; [
"${ipv4}"
"${ipv6.gua}"
"${ipv6.ula}"
"${ipv6.lla}"
];
privateKeyFile = "/var/lib/wireguard/${name}.key";
peers = lib.forEach peers mkPeer;
};
};
};
# Use nftables instead.
nat.enable = false;
firewall.enable = false;
@ -209,6 +186,28 @@ in {
SubnetId = "2";
};
};
# WireGuard tunnel.
netdevs."40-wg0" = {
netdevConfig = {
Name = "wg0";
Kind = "wireguard";
};
wireguardConfig = {
PrivateKeyFile = "/var/lib/wireguard/wg0.key";
ListenPort = 51820;
};
wireguardPeers = lib.forEach vars.wireguard.peers (peer: {
wireguardPeerConfig = {
PublicKey = peer.public_key;
AllowedIPs = peer.allowed_ips;
};
});
};
networks."40-wg0" = {
matchConfig.Name = "wg0";
address = with vars.wireguard.subnet; [ ipv4 ipv6.gua ipv6.ula ipv6.lla ];
};
};
# Enable WireGuard Prometheus exporter and set up peer key/name mappings.