refactor

2025-05-26 01:08:54 +02:00 · 2025-05-26 01:08:54 +02:00 · 8fbd9d06b4
commit 8fbd9d06b4
parent dbd88aea66
29 changed files with 130 additions and 101 deletions
--- a/host/roam/modules/wireguard.nix
+++ b/host/roam/modules/wireguard.nix
@ -0,0 +1,25 @@
+{ ... }:
+let
+  wireguard-port = 51820;
+  wireguard-subnet = "100.10.11.0/24";
+in
+{
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "ens3";
+      internalInterfaces = [ "wg0" ];
+    };
+
+    firewall.allowedUDPPorts = [ wireguard-port ];
+
+    wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        ips = [ wireguard-subnet ];
+        listenPort = wireguard-port;
+        privateKeyFile = "/var/secrets/wg0.key";
+      };
+    };
+  };
+}