decoysnail: add wireguard tunnel

2018-10-08 11:50:19 +02:00 · 2018-10-08 11:50:19 +02:00 · 17ace16793
commit 17ace16793
parent 13b2d0c933
1 changed files with 18 additions and 1 deletions
--- a/decoysnail.nix
+++ b/decoysnail.nix
@ -39,6 +39,23 @@

  services.openssh.forwardX11 = true;

-  system.nixos.stateVersion = "18.03";
+  system.stateVersion = "18.03";
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = ["10.59.0.4/16"];
+    privateKeyFile = "/etc/wgkeys/decoysnail";
+    allowedIPsAsRoutes = true;
+    postSetup = ''
+      printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
+    '';
+    postShutdown = ''
+      ${pkgs.openresolv}/bin/resolvconf -d wg0
+    '';
+    peers = [{
+      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
+      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
+      endpoint = "mtlaa-gw.gebner.org:35869";
+    }];
+  };

 }