add a profile for wireguard configuration

1 files changed, 1 insertions, 32 deletions

diff --git a/machines/nixos/x86_64-linux/bree.nix b/machines/nixos/x86_64-linux/bree.nix
index 7296077..2f564b5 100644
--- a/machines/nixos/x86_64-linux/bree.nix
+++ b/machines/nixos/x86_64-linux/bree.nix
@@ -12,44 +12,13 @@
     ../../../profiles/hardware/synology-vm.nix
     ../../../profiles/home-manager.nix
     ../../../profiles/server.nix
+    ../../../profiles/wireguard.nix
   ];
 
-  age.secrets.wireguard.file = ../../../secrets/bree/wireguard.age;
-
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.loader.systemd-boot.enable = true;
-
   networking.hostName = "bree";
   networking.useDHCP = lib.mkDefault true;
   systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
 
-  networking.wireguard = {
-    enable = true;
-    interfaces.wg0 = {
-      ips = [ "10.100.0.40/32" ];
-      listenPort = 51871;
-      privateKeyFile = config.age.secrets.wireguard.path;
-      peers = [
-        {
-          # argonath
-          publicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
-          allowedIPs = [ "10.100.0.51/32" ];
-          endpoint = "157.230.146.234:51871";
-          persistentKeepalive = 25;
-        }
-        {
-          # rivendell
-          publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-          allowedIPs = [ "10.100.0.60/32" ];
-          persistentKeepalive = 25;
-        }
-      ];
-    };
-  };
-
-  networking.firewall.trustedInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51871 ];
-
   home-manager = {
     users.${adminUser.name} = {
       imports = [