2configs/wireguard/thierry.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

{ config, lib, ... }:
{
  sops.secrets."wg-thierry.key" = {};
  networking.wireguard.interfaces.thierry-wg = {
    ips = [ "172.27.66.10/24" ]; # TODO: not dnyamic
    privateKeyFile = config.sops.secrets."wg-thierry.key".path;
    allowedIPsAsRoutes = true;
    # explicit route via eth0 to gum
    peers = [
    {
      endpoint = "thierryhome.duckdns.org:51820";
      allowedIPs = [ "172.27.66.0/24" ];
      publicKey = "filYuG/xbb2YW8WT0xT26rzeZ/ZiM6NLnbxbsCR9rS0=";
      persistentKeepalive = 25;
    }
    #{
    #  allowedIPs = [ "172.27.66.3/32" ];
    #  publicKey = "cDIf14LH4qleXNo889lS2ATIqDx9r//JNCkhHlHgc1Q=";
    #}
  ];
  };
}