From ea718b396792f950e8ed705003cb04f510f83e3a Mon Sep 17 00:00:00 2001
From: Gabriel Ebner <gebner@gebner.org>
Date: Sat, 1 Sep 2018 15:40:10 +0200
Subject: [PATCH] petalius: add wireguard

---
 basic-tools.nix |  1 +
 petalius.nix    | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/basic-tools.nix b/basic-tools.nix
index 545b739..1225beb 100644
--- a/basic-tools.nix
+++ b/basic-tools.nix
@@ -35,6 +35,7 @@
     ctags
     nix-prefetch-scripts
     (pkgs.nix-repl or pkgs.nix)
+    (pkgs.wireguard or pkgs.hello)
     jq
   ];
 
diff --git a/petalius.nix b/petalius.nix
index d31c93c..24bf024 100644
--- a/petalius.nix
+++ b/petalius.nix
@@ -89,4 +89,16 @@
 
   system.stateVersion = "18.03";
 
+  networking.wireguard.interfaces.wg0 = {
+    ips = ["10.59.0.2/16"];
+    privateKeyFile = "/etc/wgkeys/petalius";
+    allowedIPsAsRoutes = true;
+    peers = [{
+      publicKey = "ByLlJbevlTBooAo2RIZGGJvBHKqA9qiOpHBvR5yuJX4=";
+      allowedIPs = ["10.56.0.0/14" "10.60.1.1"];
+      endpoint = "mtlaa-gw.gebner.org:35869";
+    }];
+  };
+  systemd.services.wireguard-wg0.wantedBy = pkgs.lib.mkOverride 10 [];
+
 }