From f7d5b5425fc70a242eb4c802cc59165ed7b00b70 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 8 Dec 2024 22:58:32 +0100
Subject: connect to hephaistos through wireguard

---
 config/networking.nix | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

(limited to 'config')

diff --git a/config/networking.nix b/config/networking.nix
index 172834d..14333fe 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -1,6 +1,4 @@
-{ pkgs, ... }:
-
-{
+{...}: {
   personal.networking = {
     enable = true;
     firewall.http = true;
@@ -12,11 +10,29 @@
     domain = "aristote.fr";
 
     useDHCP = false;
-    interfaces.ens3.ipv4.addresses = [{
-      address = "93.95.228.53";
-      prefixLength = 24;
-    }];
+    interfaces.ens3.ipv4.addresses = [
+      {
+        address = "93.95.228.53";
+        prefixLength = 24;
+      }
+    ];
     defaultGateway = "93.95.228.1";
-    nameservers = [ "93.95.224.28" "93.95.224.29" ];
+    nameservers = ["93.95.224.28" "93.95.224.29"];
+
+    firewall.allowedUDPPorts = [51820];
+    wireguard = {
+      enable = true;
+      interfaces.talaria = {
+        ips = ["10.13.42.1/24"];
+        listenPort = 51820;
+        privateKeyFile = "/etc/wireguard/talaria.key";
+        peers = [
+          {
+            publicKey = "RrRb7eFxyfOOM99pJyBJ9fOIaZeEllHa8kQheN99dFE=";
+            allowedIPs = ["10.13.42.2"];
+          }
+        ];
+      };
+    };
   };
 }
-- 
cgit v1.2.3