diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 325e467..72cf59f 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -7,7 +7,7 @@ }: let home-manager = builtins.fetchTarball { url = "https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz"; - sha256 = "0d41gr0c89a4y4lllzdgmbm54h9kn9fjnmavwpgw0w9xwqwnzpax"; + sha256 = "07pk5m6mxi666dclaxdwf7xrinifv01vvgxn49bjr8rsbh31syaq"; }; in { imports = [ @@ -87,6 +87,56 @@ in { # 8222 (INTERNAL) vaultwarden 45000 # minecaft server ]; + allowedUDPPorts = [ + 54231 # Wireguard + ]; + }; + + # wireguard.interfaces = { + # wg0 = { + # ips = ["10.10.10.4/24"]; # my IP and the subnet (keyword: "AND") + # listenPort = 54231; + # + # privateKeyFile = "/root/wg_agrivpn_hyrule"; + # + # peers = [ + # { + # # peer's public key + # publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; + # + # # choose which traffic to forward + # allowedIPs = ["10.0.51.0/24" "10.10.10.0/24"]; + # + # # TODO: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + # endpoint = "150.242.34.33:54231"; + # + # # send keepalives every 25 seconds. Important to keep NAT tables alive. + # persistentKeepalive = 25; + # } + # ]; + # }; + # }; + wg-quick.interfaces = { + wg0 = { + address = [ + "10.10.10.4/24" + ]; + dns = ["10.10.10.1"]; + privateKeyFile = "/root/wg_agrivpn_hyrule"; + peers = [ + { + # peer's public key + publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; + + # choose which traffic to forward + allowedIPs = [ + "10.0.51.0/24" + "10.10.10.0/24" + ]; + endpoint = "150.242.34.33:54231"; + } + ]; + }; }; }; @@ -451,6 +501,7 @@ in { }; environment.systemPackages = with pkgs; [ + eza git vim helix