From 83c11ba039801a27d19edbb1ba505bb41cd8cdcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= Date: Fri, 8 Nov 2024 14:39:53 +0200 Subject: [PATCH] WG config test for exoplasim --- machine-confs/exoplasim.nix | 48 +++++++++++++++---------------------- 1 file changed, 19 insertions(+), 29 deletions(-) diff --git a/machine-confs/exoplasim.nix b/machine-confs/exoplasim.nix index c35bfc7..f9b1d34 100644 --- a/machine-confs/exoplasim.nix +++ b/machine-confs/exoplasim.nix @@ -5,34 +5,23 @@ networking = { hostName = "exoplasim"; - # wg-quick.interfaces = { - # wg0 = { - # autostart = true; - # address = [ - # "fd08:d473:bcca:f0::3/64" - # "2001:14ba:a08c:2df0::3/64" - # ]; - # dns = [ - # "fd08:d473:bcca::1" - # "vsinerva.fi" - # ]; - # privateKeyFile = "/root/wireguard-keys/privatekey-home"; - # listenPort = 51820; + firewall.allowedUDPPorts = [ 51821 ]; - # peers = [ - # { - # publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34="; - # presharedKeyFile = "/root/wireguard-keys/psk-home"; - # allowedIPs = [ - # "fd08:d473:bcca::/64" - # "fd08:d473:bcca:f0::/64" - # "::/0" - # ]; - # endpoint = "wg.vsinerva.fi:51820"; - # } - # ]; - # }; - # }; + wg-quick.interfaces = { + wg0 = { + address = [ "10.0.0.1/24" ]; + privateKeyFile = "/root/wireguard-keys/privatekey"; + listenPort = 51821; + + peers = [ + { + publicKey = "9FOmHXs0CmDlW61noS7DqhgH5GfQHzg8ZMasyNQACSc="; + presharedKeyFile = "/root/wireguard-keys/psk"; + allowedIPs = [ "10.0.0.2/32" ]; + } + ]; + }; + }; }; # User worker @@ -42,8 +31,9 @@ description = "ExoPlaSim Worker"; uid = 1001; extraGroups = [ "networkmanager" ]; - openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [ ]; - # hashedPasswordFile = "/root/hashed-passwords/worker"; + openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [ + # TODO add user-specific key + ]; }; users.groups.worker.gid = 1001;