refactor

2025-05-30 22:46:27 +02:00 · 2025-05-30 22:46:27 +02:00 · b61bb970a5
commit b61bb970a5
parent a992a7b701
30 changed files with 69 additions and 34 deletions
--- a/host/roam/wireguard.nix
+++ b/host/roam/wireguard.nix
@ -0,0 +1,25 @@
+{ var, lib, ... }:
+let
+  wireguard-port = 51820;
+in
+{
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "ens3";
+      internalInterfaces = [ "wg0" ];
+    };
+
+    firewall.allowedUDPPorts = [ wireguard-port ];
+
+    wireguard = {
+      enable = true;
+      interfaces."wg0" = {
+        ips = var.wg.wireguard-network."roam".ips;
+        listenPort = wireguard-port;
+        privateKeyFile = var.wg.keyFile;
+        peers = var.wg.peers-for "roam";
+      };
+    };
+  };
+}