feat(hydrogen): basic wireguard setup

2022-12-26 20:06:05 +01:00 · 2022-12-26 20:06:05 +01:00 · 4b3af2be48
parent bb1a1ee2c8
commit 4b3af2be48
1 changed files with 23 additions and 5 deletions
--- a/hosts/hydrogen/configuration.nix
+++ b/hosts/hydrogen/configuration.nix
@ -8,11 +8,17 @@
  networking = {
    hostName = name;
    domain = "fainsin.bzh";
-    firewall.allowedTCPPorts = [
-      22 # ssh
-      80 # http
-      443 # https
-    ];
+    firewall = {
+      allowedTCPPorts = [
+        22 # ssh
+        80 # http
+        443 # https
+      ];
+      allowedUDPPorts = [
+        53 # DNS (blocky)
+        5553 # wireguard
+      ];
+    };
  };

  services.fail2ban = {
@ -20,6 +26,18 @@
    maxretry = 5;
  };

+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "10.0.0.1/24" ];
+      listenPort = 5553;
+      privateKeyFile = "/root/wg-private";
+      peers = [{ # pixel
+        publicKey = "HS2q+PpPPwxqT1jCD7D4puqr4ZyaXV5TostavlYWBx0=";
+        allowedIPs = [ "10.0.0.2/32" ];
+      }];
+    };
+  };
+
  services.blocky = {
    enable = true;
    settings = {