diff --git a/hosts/hydrogen/configuration.nix b/hosts/hydrogen/configuration.nix index 81369dc..a001943 100644 --- a/hosts/hydrogen/configuration.nix +++ b/hosts/hydrogen/configuration.nix @@ -8,11 +8,17 @@ networking = { hostName = name; domain = "fainsin.bzh"; - firewall.allowedTCPPorts = [ - 22 # ssh - 80 # http - 443 # https - ]; + firewall = { + allowedTCPPorts = [ + 22 # ssh + 80 # http + 443 # https + ]; + allowedUDPPorts = [ + 53 # DNS (blocky) + 5553 # wireguard + ]; + }; }; services.fail2ban = { @@ -20,6 +26,18 @@ maxretry = 5; }; + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.0.0.1/24" ]; + listenPort = 5553; + privateKeyFile = "/root/wg-private"; + peers = [{ # pixel + publicKey = "HS2q+PpPPwxqT1jCD7D4puqr4ZyaXV5TostavlYWBx0="; + allowedIPs = [ "10.0.0.2/32" ]; + }]; + }; + }; + services.blocky = { enable = true; settings = {