diff options
Diffstat (limited to '')
| -rw-r--r-- | machines/nixos/x86_64-linux/argonath.nix | 29 |
1 files changed, 28 insertions, 1 deletions
diff --git a/machines/nixos/x86_64-linux/argonath.nix b/machines/nixos/x86_64-linux/argonath.nix index eb08896..14b698a 100644 --- a/machines/nixos/x86_64-linux/argonath.nix +++ b/machines/nixos/x86_64-linux/argonath.nix @@ -1,4 +1,9 @@ -{ lib, adminUser, ... }: +{ + config, + lib, + adminUser, + ... +}: { imports = [ ../../../profiles/cgroups.nix @@ -9,11 +14,33 @@ ../../../profiles/server.nix ]; + age.secrets.wireguard.file = ../../../secrets/argonath/wireguard.age; + # fixes duplicated devices in mirroredBoots boot.loader.grub.devices = lib.mkForce [ "/dev/vda" ]; disko.devices.disk.disk1.device = "/dev/vda"; + networking.wireguard = { + enable = true; + interfaces.wg0 = { + ips = [ "10.100.0.51/32" ]; + listenPort = 51871; + privateKeyFile = config.age.secrets.wireguard.path; + peers = [ + { + # rivendell + publicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; + allowedIPs = [ "10.100.0.60/32" ]; + persistentKeepalive = 25; + } + ]; + }; + }; + + networking.firewall.trustedInterfaces = [ "wg0" ]; + networking.firewall.allowedUDPPorts = [ 51871 ]; + system.stateVersion = "25.05"; # Did you read the comment? home-manager = { |