2 files changed, 22 insertions, 1 deletions

diff --git a/config/networking.nix b/config/networking.nix
index 4de42c9..f48927b 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -17,5 +17,23 @@
         pskRaw = "ext:psk";
       };
     };
+
+    firewall.allowedUDPPorts = [51820];
+    wireguard = {
+      enable = true;
+      interfaces.talaria = {
+        ips = ["10.13.42.2/24"];
+        listenPort = 51820;
+        privateKeyFile = "/etc/wireguard/talaria.key";
+        peers = [
+          {
+            publicKey = "qgDFtt7qlKXW81bKpGHg793OXKPM4Hfjg9ntQrANXio=";
+            allowedIPs = ["10.13.42.1"];
+            endpoint = "hermes.aristote.fr:51820";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
   };
 }
diff --git a/config/users.nix b/config/users.nix
index 8d8715c..c6b2e7d 100644
--- a/config/users.nix
+++ b/config/users.nix
@@ -5,7 +5,10 @@
       isSystemUser = true;
       shell = pkgs.busybox-sandbox-shell;
       group = "nixremote";
-      openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgohiYF2Dsaq6ImGaslnKJMwpiVtwAaM9cm1tpSRr7t root@kerberos"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGstvYymapGvkjvKbFqkMZtE9ft9uEM13n8q798HtOT+ root@hermes"
+      ];
     };
     groups.nixremote = {};
   };