hosts/mermet/networking/wireguard.nix

   1 { config, inputs, ... }:
   2 let
   3   wgIface = "wg-intra";
   4 in
   5 {
   6   imports = [
   7     (inputs.julm-nix + "/nixos/profiles/wireguard/${wgIface}.nix")
   8   ];
   9   config = {
  10     networking.wireguard.${wgIface}.peers = {
  11       aubergine.enable = true;
  12       losurdo.enable = true;
  13       oignon.enable = true;
  14       patate.enable = true;
  15     };
  16     networking.nftables.ruleset = ''
  17       table inet filter {
  18         chain input-intra {
  19           tcp dport ssh counter accept comment "SSH"
  20           udp dport 60000-60100 counter accept comment "Mosh"
  21         }
  22         chain output-intra {
  23           tcp dport ssh counter accept comment "SSH"
  24           udp dport 60000-60100 counter accept comment "Mosh"
  25           counter accept
  26         }
  27       }
  28     '';
  29   };
  30 }