hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cfg/host/roam/networking.nix
Henri Dohmen 65c5bcdd0d qbittorrent wip
2026-03-23 00:04:05 +01:00

92 lines
1.8 KiB
Nix
Raw Blame History

{
var,
config,
secrets,
...
}:
let
wireguard-port = 51820;
in
{
age.secrets.mullvad-vpn-key = {
file = secrets.roam."mullvad-vpn-key.age";
owner = "root";
group = "root";
mode = "440";
};
networking = {
enableIPv6 = true;
interfaces = {
"ens3".ipv6.addresses = [
{
address = "2a03:4000:3b:f99::";
prefixLength = 64;
}
];
};
defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
firewall = {
enable = true;
checkReversePath = "loose";
interfaces."wg0" = {
allowedTCPPorts = [ 25565 ];
};
allowedTCPPorts = [
80
443
];
};
nat = {
enable = true;
enableIPv6 = true;
externalInterface = "ens3";
internalInterfaces = [ "wg0" ];
};
firewall.allowedUDPPorts = [ wireguard-port ];
localCommands = ''
ip route add default dev mullvad table 1000
'';
wireguard = {
enable = true;
interfaces."wg0" = {
ips = var.wg.wireguard-network."roam".ips;
listenPort = wireguard-port;
privateKeyFile = var.wg.keyFile;
peers = var.wg.peers-for "roam";
};
interfaces."mullvad" = {
ips = [
"10.69.173.41/32"
"fc00:bbbb:bbbb:bb01::6:ad28/128"
]; # free cat
table = "1000";
privateKeyFile = config.age.secrets.mullvad-vpn-key.path;
peers = [
{
name = "de-fra-wg-007";
publicKey = "mTmrSuXmTnIC9l2Ur3/QgodGrVEhhIE3pRwOHZpiYys=";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
endpoint = "de-fra-wg-007.relays.mullvad.net:51820";
}
];
};
};
};
}
Reference in a new issue View git blame Copy permalink