dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 1

Updated VPN addresses

Browse source
This commit is contained in:
Tim Schubert 2022-04-10 14:20:56 +02:00
parent f7f6d03ee2
commit 04ee4a1507
Signed by: dadada
GPG key ID: EEB8D1CE62C4DFEA
2 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/networking.nix
View file

@ -115,7 +115,7 @@ in
networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) {
bs = { bs = {
ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ]; ips = [ "fd42:9c3b:f96d::${cfg.vpnExtension}/64" ];
listenPort = 51234; listenPort = 51234;
privateKeyFile = "/var/lib/wireguard/privkey"; privateKeyFile = "/var/lib/wireguard/privkey";
@ -123,7 +123,7 @@ in
peers = [ peers = [
{ {
publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs=";
allowedIPs = [ "fd42:dead:beef::/48" ]; allowedIPs = [ "fd42:9c3b:f96d::/48" ];
endpoint = "bs.vpn.dadada.li:51234"; endpoint = "bs.vpn.dadada.li:51234";
persistentKeepalive = 25; persistentKeepalive = 25;
} }
@ -140,7 +140,7 @@ in
systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) { systemd.services.wg-reresolve-dns = mkIf (cfg.vpnExtension != null) {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = '' script = ''
${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:dead:beef::/48 ${pkgs.wireguard-tools}/bin/wg set bs peer lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs= endpoint bs.vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
''; '';
}; };

4
nixos/modules/vpnServer.nix
View file

@ -36,12 +36,12 @@ in
networking.wireguard.interfaces."wg0" = { networking.wireguard.interfaces."wg0" = {
allowedIPsAsRoutes = true; allowedIPsAsRoutes = true;
privateKeyFile = "/var/lib/wireguard/wg0-key"; privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:dead:beef:1337::0/64" ]; ips = [ "fd42:9c3b:f96d:0200::0/64" ];
listenPort = 51234; listenPort = 51234;
peers = map peers = map
(peer: ( (peer: (
{ {
allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; allowedIPs = [ "fd42:9c3b:f96d:0200::${peer.id}/128" ];
publicKey = peer.key; publicKey = peer.key;
})) }))
(attrValues cfg.peers); (attrValues cfg.peers);