diff options
| author | quentin@aristote.fr <quentin@aristote.fr> | 2024-12-08 22:53:47 +0100 |
|---|---|---|
| committer | quentin@aristote.fr <quentin@aristote.fr> | 2024-12-08 23:11:30 +0100 |
| commit | b972c811e34796dd5ee350246e9170bee8ca304d (patch) | |
| tree | 6bbba31f513ca3d3300b54975beca7e37d0f35d6 /config | |
| parent | a27682d42fc4d1cfbc0a4818363c174a5dbb2037 (diff) | |
connect to hermes through wireguard
Diffstat (limited to 'config')
| -rw-r--r-- | config/networking.nix | 18 | ||||
| -rw-r--r-- | config/users.nix | 5 |
2 files changed, 22 insertions, 1 deletions
diff --git a/config/networking.nix b/config/networking.nix index 4de42c9..f48927b 100644 --- a/config/networking.nix +++ b/config/networking.nix @@ -17,5 +17,23 @@ pskRaw = "ext:psk"; }; }; + + firewall.allowedUDPPorts = [51820]; + wireguard = { + enable = true; + interfaces.talaria = { + ips = ["10.13.42.2/24"]; + listenPort = 51820; + privateKeyFile = "/etc/wireguard/talaria.key"; + peers = [ + { + publicKey = "qgDFtt7qlKXW81bKpGHg793OXKPM4Hfjg9ntQrANXio="; + allowedIPs = ["10.13.42.1"]; + endpoint = "hermes.aristote.fr:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; }; } diff --git a/config/users.nix b/config/users.nix index 8d8715c..c6b2e7d 100644 --- a/config/users.nix +++ b/config/users.nix @@ -5,7 +5,10 @@ isSystemUser = true; shell = pkgs.busybox-sandbox-shell; group = "nixremote"; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes" + ]; }; groups.nixremote = {}; }; |