decoysnail: add wireguard tunnel

2018-10-08 11:50:19 +02:00 · 2018-10-08 11:50:19 +02:00 · 17ace16793
commit 17ace16793
parent 13b2d0c933
1 changed files with 18 additions and 1 deletions
--- a/decoysnail.nix
+++ b/decoysnail.nix
@ -39,6 +39,23 @@
  services.openssh.forwardX11 = true;
-  system.nixos.stateVersion = "18.03";
+  system.stateVersion = "18.03";
  networking.wireguard.interfaces.wg0 = {
    ips = ["10.59.0.4/16"];
    privateKeyFile = "/etc/wgkeys/decoysnail";
    allowedIPsAsRoutes = true;
    postSetup = ''
      printf "nameserver 10.57.0.1" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0
    '';
    postShutdown = ''
      ${pkgs.openresolv}/bin/resolvconf -d wg0
    '';
    peers = [{
      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
      endpoint = "mtlaa-gw.gebner.org:35869";
    }];
  };
 }