summaryrefslogtreecommitdiff
path: root/hosts/muhammed/wireguard/ahmed.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/muhammed/wireguard/ahmed.nix')
-rw-r--r--hosts/muhammed/wireguard/ahmed.nix24
1 files changed, 24 insertions, 0 deletions
diff --git a/hosts/muhammed/wireguard/ahmed.nix b/hosts/muhammed/wireguard/ahmed.nix
new file mode 100644
index 0000000..406ff7d
--- /dev/null
+++ b/hosts/muhammed/wireguard/ahmed.nix
@@ -0,0 +1,24 @@
+{metadata, config, ...}: {
+ networking.wg-quick.interfaces.wg0 = {
+ # Use the address assigned for us in `hosts/ahmed/wireguard-vpn/default.nix`.
+ address = ["10.100.0.2"];
+
+ # Use DNS server set up in `hosts/ahmed/local-dns/default.nix`.
+ dns = ["10.100.0.1" "1.1.1.1"];
+
+ privateKeyFile = config.age.secrets.wireguard-key.path;
+
+ peers = [(let
+ peerInfo = metadata.hosts.ahmed.wireguard;
+ in {
+ publicKey = peerInfo.pubkey;
+ allowedIPs = ["0.0.0.0/0" "::/0"];
+ endpoint = "${peerInfo.ipv4Address}:${toString peerInfo.port}";
+ persistentKeepalive = 5; # We are a roaming client, they are static.
+ })];
+
+ # table = "off";
+ };
+
+ age.secrets.wireguard-key.file = ../../../secrets/wireguard-keys/muhammed.age;
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 20:33:53 +0000