network: init ese wireguard

2024-10-04 15:39:10 +02:00 · 2024-10-04 15:39:10 +02:00 · 0d9bd777c8
commit 0d9bd777c8
parent e80eb649ca
2 changed files with 35 additions and 2 deletions
--- a/hosts/quitte/network.nix
+++ b/hosts/quitte/network.nix
@ -1,5 +1,6 @@
 { config, lib, ... }:
 {
+  sops.secrets."wg-ese" = { };
  networking = {
    # portunus module does weird things to this, so we force it to some sane values
    hosts = {
@ -44,4 +45,35 @@
      };
    };
  };
+  netdevs."30-wireguard-ese" = {
+    netdevConfig = {
+      Kind = "wireguard";
+      Name = "wg0";
+    };
+    wireguardConfig = {
+      PrivateKeyFile = config.sops.secrets."wg-ese".path;
+      ListenPort = 10000;
+      RouteTable = "main";
+      RouteMetric = 30;
+    };
+    wireguardPeers = [
+      {
+        PublicKey = "";
+        AllowedIPs = "0.0.0.0/0";
+      }
+    ];
+  };
+  networks."30-wireguard-ese" = {
+    matchConfig.Name = "wg0";
+    addresses = [
+      {
+        Address = "10.20.24.1/24";
+        # AddPrefixRoute = false;
+      }
+    ];
+    # networkConfig = {
+    #   DNSSEC = false;
+    #   BindCarrier = [ "ens3" ];
+    # };
+  };
 }