From 4dbd7ebf91ddeef00cca1536d206d4fa9ddab84c Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Tue, 13 May 2025 14:43:49 +0200
Subject: muhammed: Conenct to Rumpenettet VPN

---
 hosts/muhammed/configuration.nix     |  1 +
 hosts/muhammed/wireguard/ahmed.nix   | 24 ++++++++++++++++++++++++
 hosts/muhammed/wireguard/default.nix |  5 +++++
 3 files changed, 30 insertions(+)
 create mode 100644 hosts/muhammed/wireguard/ahmed.nix
 create mode 100644 hosts/muhammed/wireguard/default.nix

diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix
index be8c71d..12dbef8 100644
--- a/hosts/muhammed/configuration.nix
+++ b/hosts/muhammed/configuration.nix
@@ -11,6 +11,7 @@
 
     ./remote-builders
     ./update-git-repos
+    ./wireguard
   ];
 
   # Avoid downloading the nixpkgs tarball every hour.
diff --git a/hosts/muhammed/wireguard/ahmed.nix b/hosts/muhammed/wireguard/ahmed.nix
new file mode 100644
index 0000000..406ff7d
--- /dev/null
+++ b/hosts/muhammed/wireguard/ahmed.nix
@@ -0,0 +1,24 @@
+{metadata, config, ...}: {
+  networking.wg-quick.interfaces.wg0 = {
+    # Use the address assigned for us in `hosts/ahmed/wireguard-vpn/default.nix`.
+    address = ["10.100.0.2"];
+
+    # Use DNS server set up in `hosts/ahmed/local-dns/default.nix`.
+    dns = ["10.100.0.1" "1.1.1.1"];
+
+    privateKeyFile = config.age.secrets.wireguard-key.path;
+
+    peers = [(let
+      peerInfo = metadata.hosts.ahmed.wireguard;
+    in {
+      publicKey = peerInfo.pubkey;
+      allowedIPs = ["0.0.0.0/0" "::/0"];
+      endpoint = "${peerInfo.ipv4Address}:${toString peerInfo.port}";
+      persistentKeepalive = 5; # We are a roaming client, they are static.
+    })];
+
+    # table = "off";
+  };
+
+  age.secrets.wireguard-key.file = ../../../secrets/wireguard-keys/muhammed.age;
+}
diff --git a/hosts/muhammed/wireguard/default.nix b/hosts/muhammed/wireguard/default.nix
new file mode 100644
index 0000000..0defd83
--- /dev/null
+++ b/hosts/muhammed/wireguard/default.nix
@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./ahmed.nix
+  ];
+}
-- 
cgit v1.2.3