summaryrefslogtreecommitdiff
path: root/hosts/muhammed/wireguard/ahmed.nix
diff options
context:
space:
mode:
authorLinnnus <[email protected]>2025-05-13 14:43:49 +0200
committerLinnnus <[email protected]>2025-05-13 14:51:02 +0200
commit4dbd7ebf91ddeef00cca1536d206d4fa9ddab84c (patch)
treea21c1ef028874017e20bc3c404d964d7b17e432d /hosts/muhammed/wireguard/ahmed.nix
parent31a5b8c76b537a8c5846077c4885b3424d7a855a (diff)
muhammed: Conenct to Rumpenettet VPN
Diffstat (limited to 'hosts/muhammed/wireguard/ahmed.nix')
-rw-r--r--hosts/muhammed/wireguard/ahmed.nix24
1 files changed, 24 insertions, 0 deletions
diff --git a/hosts/muhammed/wireguard/ahmed.nix b/hosts/muhammed/wireguard/ahmed.nix
new file mode 100644
index 0000000..406ff7d
--- /dev/null
+++ b/hosts/muhammed/wireguard/ahmed.nix
@@ -0,0 +1,24 @@
+{metadata, config, ...}: {
+ networking.wg-quick.interfaces.wg0 = {
+ # Use the address assigned for us in `hosts/ahmed/wireguard-vpn/default.nix`.
+ address = ["10.100.0.2"];
+
+ # Use DNS server set up in `hosts/ahmed/local-dns/default.nix`.
+ dns = ["10.100.0.1" "1.1.1.1"];
+
+ privateKeyFile = config.age.secrets.wireguard-key.path;
+
+ peers = [(let
+ peerInfo = metadata.hosts.ahmed.wireguard;
+ in {
+ publicKey = peerInfo.pubkey;
+ allowedIPs = ["0.0.0.0/0" "::/0"];
+ endpoint = "${peerInfo.ipv4Address}:${toString peerInfo.port}";
+ persistentKeepalive = 5; # We are a roaming client, they are static.
+ })];
+
+ # table = "off";
+ };
+
+ age.secrets.wireguard-key.file = ../../../secrets/wireguard-keys/muhammed.age;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 23:46:45 +0000