materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nixos-config/configurations/host/Old-materusPC/network.nix

57 lines
1.8 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "Old-materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656
22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port # Syncthing
];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656
22000 21027 # Syncthing
];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.settings = {
connectivity = {
uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
};
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.general};";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.Old-materusPC}/23";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
Reference in New Issue View Git Blame Copy Permalink