nix-config/hosts/cirrus/wireguard-server.nix

{ config, ... }:
{
  networking.firewall.allowedUDPPorts = [ 51820 51821 ];
  networking.wireguard.enable = true;
  systemd.network = {
    # oxalab
    netdevs."oxalab" = {
      netdevConfig = {
        Kind = "wireguard";
        Name = "oxalab";
        Description = "oxa's enterprise network";
      };
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;
        ListenPort = 51820;
        # own pubkey: 5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=
      };
      wireguardPeers = [
        {
          # microwave
          wireguardPeerConfig = {
          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
          PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc=";
          AllowedIPs = [ "10.66.66.10/32" ];
          PersistentKeepalive = 25;
        };
        }
        {
          # Dishwasher
          wireguardPeerConfig = {
          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
          PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw=";
          AllowedIPs = [ "10.66.66.100/32" ];
          PersistentKeepalive = 25;
        };
        }
      ];
    };
    networks."oxalab" = {
      matchConfig.Name = "oxalab";
      networkConfig = {
        Address = "10.66.66.1/24";
        IPForward = "ipv4";
      };
    };


    # oxaproxy
    netdevs."oxaproxy" = {
      netdevConfig = {
        Kind = "wireguard";
        Name = "oxaproxy";
        Description = "oxa's enterprise reverse-proxy network";
      };
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
        #own pubkey 0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=
        ListenPort = 51821;
      };
      wireguardPeers = [
        # nextcloud
        {
        wireguardPeerConfig = {
          PublicKey ="KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=";
          AllowedIPs = [ "10.34.45.100/32" ];
          PersistentKeepalive = 25;
        };
      }
      ];
    };
    networks."oxaproxy" = {
      matchConfig.Name = "oxaproxy";
      networkConfig = {
        Address = "10.34.45.1/24";
      };
    };
  };
}
oxalab: init 2022-06-18 11:49:27 +02:00			`{ config, ... }:`
			`{`
oxaproxy: init 2022-06-19 22:09:13 +02:00			`networking.firewall.allowedUDPPorts = [ 51820 51821 ];`
explicitly enable wireguard 2022-06-18 11:57:32 +02:00			`networking.wireguard.enable = true;`
oxalab: init 2022-06-18 11:49:27 +02:00			`systemd.network = {`
oxaproxy: init 2022-06-19 22:09:13 +02:00			`# oxalab`
oxalab: init 2022-06-18 11:49:27 +02:00			`netdevs."oxalab" = {`
			`netdevConfig = {`
			`Kind = "wireguard";`
			`Name = "oxalab";`
			`Description = "oxa's enterprise network";`
			`};`
			`wireguardConfig = {`
			`PrivateKeyFile = config.sops.secrets."wg/oxalab-seckey".path;`
			`ListenPort = 51820;`
			`# own pubkey: 5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=`
			`};`
			`wireguardPeers = [`
			`{`
			`# microwave`
			`wireguardPeerConfig = {`
			`# nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI`
			`PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc=";`
			`AllowedIPs = [ "10.66.66.10/32" ];`
			`PersistentKeepalive = 25;`
			`};`
			`}`
			`{`
			`# Dishwasher`
			`wireguardPeerConfig = {`
			`# nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI`
rotate dishwasher pubkey 2022-06-18 17:13:10 +02:00			`PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw=";`
oxalab: init 2022-06-18 11:49:27 +02:00			`AllowedIPs = [ "10.66.66.100/32" ];`
			`PersistentKeepalive = 25;`
			`};`
			`}`
			`];`
			`};`
			`networks."oxalab" = {`
			`matchConfig.Name = "oxalab";`
			`networkConfig = {`
set prefix size explicitly 2022-06-18 17:09:07 +02:00			`Address = "10.66.66.1/24";`
fix routing 2022-06-18 17:24:09 +02:00			`IPForward = "ipv4";`
oxalab: init 2022-06-18 11:49:27 +02:00			`};`
			`};`
oxaproxy: init 2022-06-19 22:09:13 +02:00

			`# oxaproxy`
			`netdevs."oxaproxy" = {`
			`netdevConfig = {`
			`Kind = "wireguard";`
			`Name = "oxaproxy";`
			`Description = "oxa's enterprise reverse-proxy network";`
			`};`
			`wireguardConfig = {`
			`PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;`
			`#own pubkey 0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=`
			`ListenPort = 51821;`
			`};`
oxaproxy: add nextcloud 2022-06-26 21:06:43 +02:00			`wireguardPeers = [`
			`# nextcloud`
			`{`
			`wireguardPeerConfig = {`
			`PublicKey ="KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=";`
			`AllowedIPs = [ "10.34.45.100/32" ];`
			`PersistentKeepalive = 25;`
			`};`
			`}`
			`];`
oxaproxy: init 2022-06-19 22:09:13 +02:00			`};`
			`networks."oxaproxy" = {`
			`matchConfig.Name = "oxaproxy";`
			`networkConfig = {`
			`Address = "10.34.45.1/24";`
			`};`
			`};`
oxalab: init 2022-06-18 11:49:27 +02:00			`};`
			`}`