machines/sternseemann/wolfgang: add njal.la VPN config

2 files changed, 40 insertions, 1 deletions

diff --git a/machines/sternenseemann/wireguard.nix b/machines/sternenseemann/wireguard.nix
new file mode 100644
index 00000000..73755d8f
--- /dev/null
+++ b/machines/sternenseemann/wireguard.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, ... }:
+
+let
+  keyDir = "/home/lukas/files/crypto/wireguard";
+in
+
+{
+  config = {
+    networking.wg-quick = {
+      interfaces = {
+        wg1 = {
+          address = [
+            "fd03:1337::158/64"
+            "10.13.37.158/24"
+          ];
+          dns = [
+            "95.215.19.53"
+            "2001:67c:2354:2::53"
+          ];
+          privateKeyFile = "${keyDir}/njalla-private";
+
+          peers = [
+            {
+              endpoint = "wg006.njalla.no:51820";
+              publicKey = "y0zGwVuzZwKqkNkxP1P9A2Zw9H79cRjTZZlXL8+PrVM=";
+              allowedIPs = [
+                "0.0.0.0/0"
+                "::/0"
+              ];
+              persistentKeepalive = 60;
+            }
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/machines/sternenseemann/wolfgang.nix b/machines/sternenseemann/wolfgang.nix
index b444451d..5b241125 100644
--- a/machines/sternenseemann/wolfgang.nix
+++ b/machines/sternenseemann/wolfgang.nix
@@ -13,6 +13,7 @@ in {
   imports = [
     ./base-laptop.nix
     ./desktop-sway.nix
+    ./wireguard.nix
   ];
 
   boot.initrd.availableKernelModules = [
@@ -25,7 +26,8 @@ in {
   boot.kernelModules = [
     "kvm-intel"
     "snd-seq"
-    "snd-rawmidi" ];
+    "snd-rawmidi"
+  ];
 
   hardware.opengl.driSupport32Bit = i686Games;
   hardware.pulseaudio = {