feat(hydrogen): basic wireguard setup

This commit is contained in:
Laureηt 2022-12-26 20:06:05 +01:00
parent bb1a1ee2c8
commit 4b3af2be48
Signed by: Laurent
SSH key fingerprint: SHA256:kZEpW8cMJ54PDeCvOhzreNr4FSh6R13CMGH/POoO8DI

View file

@ -8,11 +8,17 @@
networking = { networking = {
hostName = name; hostName = name;
domain = "fainsin.bzh"; domain = "fainsin.bzh";
firewall.allowedTCPPorts = [ firewall = {
allowedTCPPorts = [
22 # ssh 22 # ssh
80 # http 80 # http
443 # https 443 # https
]; ];
allowedUDPPorts = [
53 # DNS (blocky)
5553 # wireguard
];
};
}; };
services.fail2ban = { services.fail2ban = {
@ -20,6 +26,18 @@
maxretry = 5; maxretry = 5;
}; };
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.0.0.1/24" ];
listenPort = 5553;
privateKeyFile = "/root/wg-private";
peers = [{ # pixel
publicKey = "HS2q+PpPPwxqT1jCD7D4puqr4ZyaXV5TostavlYWBx0=";
allowedIPs = [ "10.0.0.2/32" ];
}];
};
};
services.blocky = { services.blocky = {
enable = true; enable = true;
settings = { settings = {