kasdkasdkasdk

2024-02-25 16:04:18 +01:00 · 2024-02-25 16:04:18 +01:00 · 0b458b49fe
parent 01d5d61fe9
commit 0b458b49fe
3 changed files with 8 additions and 2 deletions
--- a/hosts/nord/default.nix
+++ b/hosts/nord/default.nix
@ -47,6 +47,9 @@

  networking.firewall.allowedTCPPorts = [ 57621 ]; # spotify local discovery

+  networking.wireguard.interfaces."wg0".ips = [ "172.22.48.4/24" ];
+
+
  # Networking
  networking.networkmanager.enable = true;
  #networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
--- a/hosts/noximilien/default.nix
+++ b/hosts/noximilien/default.nix
@ -99,6 +99,8 @@

  networking.hostId = "e1ffd469"; # needed for zfs: head -c 8 /etc/machine-id

+  networking.wireguard.interfaces."wg0".ips = [ "172.22.48.3/24" ];
+
  # TODO: remove? Move to where relevant?
  nixpkgs.overlays = [
    /** /
--- a/profiles/mounts/fridge-nfs.nix
+++ b/profiles/mounts/fridge-nfs.nix
@ -8,7 +8,7 @@
  # https://nixos.wiki/wiki/WireGuard
  networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces."wg0".listenPort ];
  networking.wireguard.interfaces."wg0" = {
-    ips = [ "172.22.48.3/24" ];
+    #ips = [ "172.22.48.3/24" ]; # set per host!
    listenPort = 51820; # (random is default)
    generatePrivateKeyFile = true;
    privateKeyFile = "/var/lib/wg/wireguard_key";
@ -16,10 +16,11 @@
    peers = [
      {
        # get your pubkey to give to fyrkat with `wg pubkey </var/lib/wg/wireguard_key`
-        publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";
        endpoint = "fridge.fyrkat.no:51820";
+        publicKey = "AbXutGF+GZ/3o3iyHJNQEuSEFpGbfnUb9gMfUHggkVM=";

        # Forward all the traffic via VPN.
+        # (ips you're allow to claim?)
        allowedIPs = [
          "172.22.48.0/24" # fyrkat wg subnet
          "10.48.0.0/16" # fyrkat subnet