added wireguard config

2025-02-22 17:38:02 -06:00 · 2025-02-22 17:38:02 -06:00 · 9471b1f393
commit 9471b1f393
parent 489106956b
3 changed files with 32 additions and 9 deletions
--- a/configurations/nixos/horizon/hardware-configuration.nix
+++ b/configurations/nixos/horizon/hardware-configuration.nix
@ -6,12 +6,19 @@
  lib,
  pkgs,
  modulesPath,
+  inputs,
  ...
 }: {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

+  sops.secrets = {
+    "wireguard-keys/proton/horizon" = {
+      sopsFile = "${inputs.secrets}/wireguard-keys.yaml";
+    };
+  };
+
  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"];
@ -90,8 +97,23 @@
    useDHCP = lib.mkDefault true;
    hostName = "horizon"; # Define your hostname.

-    wireguard.interfaces = {
+    wg-quick.interfaces = {
      proton = {
+        # IP address of this machine in the *tunnel network*
+        address = ["10.2.0.1/32"];
+
+        listenPort = 51820;
+
+        privateKeyFile = config.sops.secrets."wireguard-keys/proton/horizon".path;
+
+        peers = [
+          {
+            publicKey = "Yu2fgynXUAASCkkrXWj76LRriFxKMTQq+zjTzyOKG1Q=";
+            allowedIPs = ["0.0.0.0/0"];
+            endpoint = "84.17.63.8:51820";
+            persistentKeepalive = 25;
+          }
+        ];
      };
    };
  };