diff options
Diffstat (limited to 'infra/libkookie/configuration/server/wireguard/hyperion.nix')
-rw-r--r-- | infra/libkookie/configuration/server/wireguard/hyperion.nix | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/infra/libkookie/configuration/server/wireguard/hyperion.nix b/infra/libkookie/configuration/server/wireguard/hyperion.nix new file mode 100644 index 000000000000..2a20f6ee5533 --- /dev/null +++ b/infra/libkookie/configuration/server/wireguard/hyperion.nix @@ -0,0 +1,27 @@ +{ config, ... }: + +let listenPort = 51820; +in +{ + networking.firewall.allowedTCPPorts = [ listenPort ]; + + networking.wireguard.interfaces."intranet" = { + ips = [ "10.13.12.1" ]; + inherit listenPort; + privateKeyFile = "/var/lib/wireguard/keys/private"; + + peers = [ + { publicKey = "NHMpnZW6h/MwxWcjztpwH5NN44jS9lB1b5T5jby1i1A="; + allowedIPs = [ "10.13.12.2/32" ]; } + { publicKey = "U/EmC6uMGqrLOd+lqfquDcUShPHgoulN35Dan6RAqyU="; + allowedIPs = [ "10.13.12.3/32" ]; } + { publicKey = "yh8gU4otkndmSsVBuaPMxxFHem45FE3POvSAWi8LEik="; + allowedIPs = [ "10.13.12.4/32" ]; } + { publicKey = "cPvj0SPITg1twz3DprtQgehJDOAhOL/hnXlB5ZS6Fi4="; + endpoint = "85.119.82.108:51820"; + allowedIPs = [ "10.172.171.0/24" ]; } + # { publicKey = "oQZ3fcb9LsnQj8sDYLHf1+hodnW4XEhsM0rNBgHROz8="; + # allowedIPs = [ "10.172.171.2/32" ]; } + ]; + }; +} |