-{ pkgs, lib, config, hostName, wireguard, ... }:
+{ pkgs, lib, config, hostName, inputs, ... }:
let
inherit (config.security.gnupg) secrets;
iface = "wg-intra";
wg = config.networking.wireguard.interfaces.${iface};
- wg-intra-hosts = import ../../../networking/wireguard/wg-intra/hosts.nix;
+ wg-intra-peers = import (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra/peers.nix");
in
{
imports = [
- ../../../networking/wireguard/wg-intra.nix
+ (inputs.julm-nix + "/nixos/profiles/wireguard/wg-intra.nix")
];
config = {
+networking.wireguard.${iface}.peers = {
+ losurdo.enable = true;
+ oignon.enable = true;
+ patate.enable = true;
+};
networking.wireguard.interfaces.${iface} = {
privateKeyFile = secrets."wireguard/${iface}/privateKey".path;
};
# ${iface} firewalling
add rule inet filter fw2intra counter accept
add rule inet filter intra2fw tcp dport ${toString wg.peersAnnouncing.listenPort} counter accept comment "WireGuard peers announcing"
- add rule inet filter intra2fw ip saddr ${wg-intra-hosts.losurdo.ipv4} counter accept comment "losurdo"
+ add rule inet filter intra2fw ip saddr ${wg-intra-peers.losurdo.ipv4} counter accept comment "losurdo"
'';
};
}
sourcephile / git / sourcephile-nix.git / blobdiff