connect to hephaistos through wireguard

author: quentin@aristote.fr <quentin@aristote.fr> 2024-12-08 22:58:32 +0100
committer: quentin@aristote.fr <quentin@aristote.fr> 2024-12-08 22:58:32 +0100
commit: f7d5b5425fc70a242eb4c802cc59165ed7b00b70 (patch)
tree: 700c52b0214021bbbe57ea323e492cbc77a071c0 /config
parent: c30728dd51a4bd4fc24148ea400516c712b8bb16 (diff)
1 files changed, 24 insertions, 8 deletions
diff --git a/config/networking.nix b/config/networking.nix
index 172834d..14333fe 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{...}: {
   personal.networking = {
     enable = true;
     firewall.http = true;
@@ -12,11 +10,29 @@
     domain = "aristote.fr";
 
     useDHCP = false;
-    interfaces.ens3.ipv4.addresses = [{
-      address = "93.95.228.53";
-      prefixLength = 24;
-    }];
+    interfaces.ens3.ipv4.addresses = [
+      {
+        address = "93.95.228.53";
+        prefixLength = 24;
+      }
+    ];
     defaultGateway = "93.95.228.1";
-    nameservers = [ "93.95.224.28" "93.95.224.29" ];
+    nameservers = ["93.95.224.28" "93.95.224.29"];
+
+    firewall.allowedUDPPorts = [51820];
+    wireguard = {
+      enable = true;
+      interfaces.talaria = {
+        ips = ["10.13.42.1/24"];
+        listenPort = 51820;
+        privateKeyFile = "/etc/wireguard/talaria.key";
+        peers = [
+          {
+            publicKey = "RrRb7eFxyfOOM99pJyBJ9fOIaZeEllHa8kQheN99dFE=";
+            allowedIPs = ["10.13.42.2"];
+          }
+        ];
+      };
+    };
   };
 }
author	quentin@aristote.fr <quentin@aristote.fr>	2024-12-08 22:58:32 +0100
committer	quentin@aristote.fr <quentin@aristote.fr>	2024-12-08 22:58:32 +0100
commit	f7d5b5425fc70a242eb4c802cc59165ed7b00b70 (patch)
tree	700c52b0214021bbbe57ea323e492cbc77a071c0 /config
parent	c30728dd51a4bd4fc24148ea400516c712b8bb16 (diff)