cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

system/wireguard: add and default to an ipv6-only tunnel

Browse source
This commit is contained in:
LavaDesu 2025-05-22 22:10:52 +10:00
parent bdbb5fe0de
commit 1ecec11727
Signed by: cilly
GPG key ID: 6500251E087653C9
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/system/wireguard.nix
View file

@ -58,6 +58,12 @@ let
endpoint = "${serverIp}:${toString port}"; endpoint = "${serverIp}:${toString port}";
persistentKeepalive = 25; persistentKeepalive = 25;
}; };
server6OnlyPeer = {
publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0=";
allowedIPs = [ "::/0" ];
endpoint = "${serverIp}:${toString port}";
persistentKeepalive = 25;
};
serverConfig = { serverConfig = {
nat = { nat = {
@ -123,7 +129,15 @@ let
dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ]; dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
peers = [ server6OnlyPeer ];
};
wg1 = {
address = client.allowedIPs;
dns = [ "2606:4700:4700::1111" "2606:4700:4700::1001" "1.1.1.1" "1.0.0.1" ];
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
peers = [ serverPeer ]; peers = [ serverPeer ];
autostart = false;
}; };
}; };
}; };