ma gum.r: clean up dangling code

1 files changed, 52 insertions, 0 deletions

diff --git a/2configs/wireguard/server.nix b/2configs/wireguard/server.nix
new file mode 100644
index 000000000..e38fa05cb
--- /dev/null
+++ b/2configs/wireguard/server.nix
@@ -0,0 +1,52 @@
+{ config, ... }:
+let
+  ext-if = config.makefu.server.primary-itf;
+in { # wireguard server
+
+  # opkg install wireguard luci-proto-wireguard
+
+  # TODO: networking.nat
+
+  # boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+  # conf.all.proxy_arp =1
+  networking.firewall = {
+    allowedUDPPorts = [ 51820 ];
+    extraCommands = ''
+      iptables -t nat -A POSTROUTING -s 10.244.0.0/24 -o ${ext-if} -j MASQUERADE
+    '';
+  };
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = [ "10.244.0.1/24" ];
+    listenPort = 51820;
+    privateKeyFile = (toString <secrets>) + "/wireguard.key";
+    allowedIPsAsRoutes = true;
+    peers = [
+    {
+      # x
+      allowedIPs = [ "10.244.0.2/32" ];
+      publicKey = "fe5smvKVy5GAn7EV4w4tav6mqIAKhGWQotm7dRuRt1g=";
+    }
+    {
+      # vbob
+      allowedIPs = [ "10.244.0.3/32" ];
+      publicKey = "Lju7EsCu1OWXhkhdNR7c/uiN60nr0TUPHQ+s8ULPQTw=";
+    }
+    {
+      # x-test
+      allowedIPs = [ "10.244.0.4/32" ];
+      publicKey = "vZ/AJpfDLJyU3DzvYeW70l4FNziVgSTumA89wGHG7XY=";
+    }
+    {
+      # work-router
+      allowedIPs = [ "10.244.0.5/32" ];
+      publicKey = "QJMwwYu/92koCASbHnR/vqe/rN00EV6/o7BGwLockDw=";
+    }
+    {
+      # workr
+      allowedIPs = [ "10.244.0.6/32" ];
+      publicKey = "OFhCF56BrV9tjqW1sxqXEKH/GdqamUT1SqZYSADl5GA=";
+    }
+    ];
+  };
+}