hosts/mermet/networking/wireguard.nix

   1 { pkgs, lib, config, hostName, inputs, ... }:
   2 let
   3   iface = "wg-intra";
   4   wg-intra-peers = import (inputs.julm-nix + "/nixos/profiles/wireguard/${iface}/peers.nix");
   5 in
   6 {
   7 imports = [
   8   (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
   9 ];
  10 config = {
  11 networking.wireguard.${iface}.peers = {
  12   aubergine.enable = true;
  13   losurdo.enable = true;
  14   oignon.enable = true;
  15   patate.enable = true;
  16 };
  17 networking.nftables.ruleset = ''
  18   add rule inet filter fw2intra counter accept
  19
  20   add rule inet filter intra2fw ip saddr ${wg-intra-peers.losurdo.ipv4} counter accept comment "losurdo"
  21 '';
  22 };
  23 }