fix ese wireguard

This commit is contained in:
Rouven Seifert 2024-10-04 16:34:54 +02:00
parent 0d9bd777c8
commit fcffa5f79c
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09

View file

@ -1,6 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
sops.secrets."wg-ese" = { }; sops.secrets."wg-ese" = {
owner = config.users.users.systemd-network.name;
};
networking = { networking = {
# portunus module does weird things to this, so we force it to some sane values # portunus module does weird things to this, so we force it to some sane values
hosts = { hosts = {
@ -16,6 +18,7 @@
firewall = { firewall = {
logRefusedConnections = false; logRefusedConnections = false;
allowedUDPPorts = [ 10000 ];
}; };
}; };
@ -44,7 +47,6 @@
EmitLLDP = "nearest-bridge"; EmitLLDP = "nearest-bridge";
}; };
}; };
};
netdevs."30-wireguard-ese" = { netdevs."30-wireguard-ese" = {
netdevConfig = { netdevConfig = {
Kind = "wireguard"; Kind = "wireguard";
@ -57,23 +59,23 @@
RouteMetric = 30; RouteMetric = 30;
}; };
wireguardPeers = [ wireguardPeers = [
{ {
PublicKey = ""; wireguardPeerConfig = {
AllowedIPs = "0.0.0.0/0";
PublicKey = "gTWcZ8dAb735kY0vs/LwnBdap5J6+eeHAsLXCu+C52M=";
AllowedIPs = "10.20.24.2/24";
};
} }
]; ];
}; };
networks."30-wireguard-ese" = { networks."30-wireguard-ese" = {
matchConfig.Name = "wg0"; matchConfig.Name = "wg0";
addresses = [ address = [ "10.20.24.1/24" ];
{
Address = "10.20.24.1/24";
# AddPrefixRoute = false;
}
];
# networkConfig = { # networkConfig = {
# DNSSEC = false; # DNSSEC = false;
# BindCarrier = [ "ens3" ]; # BindCarrier = [ "ens3" ];
# }; # };
}; };
};
} }