summaryrefslogtreecommitdiff
path: root/hosts/muhammed/wireguard/ahmed.nix
blob: 406ff7dd52691f12d55dea06c1fb4d15d3e6822e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{metadata, config, ...}: {
  networking.wg-quick.interfaces.wg0 = {
    # Use the address assigned for us in `hosts/ahmed/wireguard-vpn/default.nix`.
    address = ["10.100.0.2"];

    # Use DNS server set up in `hosts/ahmed/local-dns/default.nix`.
    dns = ["10.100.0.1" "1.1.1.1"];

    privateKeyFile = config.age.secrets.wireguard-key.path;

    peers = [(let
      peerInfo = metadata.hosts.ahmed.wireguard;
    in {
      publicKey = peerInfo.pubkey;
      allowedIPs = ["0.0.0.0/0" "::/0"];
      endpoint = "${peerInfo.ipv4Address}:${toString peerInfo.port}";
      persistentKeepalive = 5; # We are a roaming client, they are static.
    })];

    # table = "off";
  };

  age.secrets.wireguard-key.file = ../../../secrets/wireguard-keys/muhammed.age;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 20:55:47 +0000