aboutsummaryrefslogtreecommitdiff
path: root/machines/nixos/x86_64-linux/vm-synology.nix
diff options
context:
space:
mode:
Diffstat (limited to 'machines/nixos/x86_64-linux/vm-synology.nix')
-rw-r--r--machines/nixos/x86_64-linux/vm-synology.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix
index 468d0dd..f5e8c90 100644
--- a/machines/nixos/x86_64-linux/vm-synology.nix
+++ b/machines/nixos/x86_64-linux/vm-synology.nix
@@ -23,6 +23,9 @@
nas_client_credentials = {
file = "${self}/secrets/nas_client.age";
};
+ wireguard = {
+ file = "${self}/secrets/vm-synology/wireguard.age";
+ };
};
};
@@ -84,5 +87,24 @@
nix.settings.trusted-users = [ "builder" ];
+ networking.wireguard = {
+ enable = true;
+ interfaces.wg0 = {
+ ips = [ "10.100.0.40/32" ];
+ listenPort = 51871;
+ privateKeyFile = config.age.secrets.wireguard.path;
+ peers = [
+ {
+ publicKey = "I+l/sWtfXcdunz2nZ05rlDexGew30ZuDxL0DVTTK318=";
+ allowedIPs = [ "10.100.0.0/24" ];
+ endpoint = "165.232.158.110:51871";
+ persistentKeepalive = 25;
+ }
+ ];
+ };
+ };
+
+ networking.firewall.allowedUDPPorts = [ 51871 ];
+
system.stateVersion = "23.11"; # Did you read the comment?
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 11:59:05 +0000