--wip-- [skip ci]

baldur/configuration.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, config, ... }: {
   boot = {
     growPartition = true;
     kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
@@ -130,6 +130,12 @@
       enable = true;
       openFirewall = true;
     };
+    # wgautomesh = {
+    #   enable = true;
+    #   settings = {
+    #     interface = "wg0";  
+    #   };
+    # };
   };
 
   security.acme = {
@@ -153,12 +159,41 @@
     shell = pkgs.zsh;
   };
 
-  networking.firewall = {
-    enable = true;
-    allowPing = true;
-    allowedTCPPorts = [ 8000 80 443 ];
-    # allowedUDPPorts = [ ];
-    # extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+  networking = {
+    firewall = {
+      enable = true;
+      allowPing = true;
+      allowedTCPPorts = [ 51235 80 443 ];
+      # allowedUDPPorts = [ ];
+      # extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
+    };
+    wg-quick.interfaces.wg0 = {
+      address = [
+        "192.168.10.2/24"
+      ];
+      peers = [
+        {
+          # baldur
+          allowedIPs = [
+            "192.168.10.1/24"
+          ];
+          # endpoint = "demo.wireguard.io:12913";
+          publicKey = "K57ikgFSR1O0CXWBxfQEu7uxSOsp3ePj/NMRets5pVc=";
+          # presharedKeyFile = config.age.secrets.baldur_wg_psk.path;
+        }
+        {
+          # odin
+          allowedIPs = [
+            "192.168.10.1/24"
+          ];
+          # endpoint = "demo.wireguard.io:12913";
+          publicKey = "AY2kVl9Znp79wrgHjmTUX5aagJKay7barD4BcMir5SY=";
+          # presharedKeyFile = config.age.secrets.odin_wg_psk.path;
+        }
+      ];
+      privateKeyFile = config.age.secrets."${config.networking.hostName}_wg_priv".path;
+      listenPort = 51235;
+    };
   };
 
   system.stateVersion = "22.11";