From 17ace16793b33f15d6fd074725168dd84201f0d3 Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Mon, 8 Oct 2018 11:50:19 +0200
Subject: [PATCH] decoysnail: add wireguard tunnel

---
 decoysnail.nix | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/decoysnail.nix b/decoysnail.nix
index a65b58e..ac1ee4d 100644
--- a/decoysnail.nix
+++ b/decoysnail.nix
@@ -39,6 +39,23 @@
 
   services.openssh.forwardX11 = true;
 
-  system.nixos.stateVersion = "18.03";
+  system.stateVersion = "18.03";
+
+  networking.wireguard.interfaces.wg0 = {
+    ips = ["10.59.0.4/16"];
+    privateKeyFile = "/etc/wgkeys/decoysnail";
+    allowedIPsAsRoutes = true;
+    postSetup = ''
+      printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
+    '';
+    postShutdown = ''
+      ${pkgs.openresolv}/bin/resolvconf -d wg0
+    '';
+    peers = [{
+      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
+      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
+      endpoint = "mtlaa-gw.gebner.org:35869";
+    }];
+  };
 
 }