Fix wireguard configuration

2020-12-01 15:11:29 +00:00 · 2020-12-01 15:11:29 +00:00 · b498876011
commit b498876011
parent 3f716bc2c1
5 changed files with 33 additions and 30 deletions
--- a/host/montalin/networking.nix
+++ b/host/montalin/networking.nix
@ -24,6 +24,8 @@ in {
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts =
+    [ meta.network.virtual.mgmt.server.port ];

  services.qois.luks-ssh = {
    enable = true;
@ -33,4 +35,14 @@ in {
    gateway = plessur-net.dmz.v4.gateway;
    sshPort = 2222;
  };
+
+  networking.wireguard.enable = true;
+  networking.wireguard.interfaces = let
+    network = meta.network.virtual;
+    networkName = "mgmt";
+  in {
+    "wg-${networkName}" =
+      pkgs.lib.qois.wireguard.makeInterface config.networking.hostName
+      networkName network.${networkName};
+  };
 }