Add wireguard to http proxy

2025-05-15 21:11:46 +02:00
parent f9a0a74435
commit f15c318558
4 changed files with 56 additions and 0 deletions
--- a/hosts/http-proxy/default.nix
+++ b/hosts/http-proxy/default.nix
@@ -3,5 +3,6 @@
  imports = [
    ./configuration.nix
    ../../services/http-proxy
+    ./wireguard.nix
  ];
 }
--- a/hosts/http-proxy/wireguard.nix
+++ b/hosts/http-proxy/wireguard.nix
@@ -0,0 +1,25 @@
+{ config, ... }:
+{
+  sops.secrets.wireguard_private_key = {
+    sopsFile = ../../secrets/http-proxy/wireguard.yaml;
+    key = "wg_private_key";
+  };
+  networking.wireguard = {
+    enable = true;
+
+    interfaces = {
+      wg0 = {
+        ips = [ "10.69.222.2/24" ];
+        listenPort = 51820;
+        privateKeyFile = config.sops.secrets.wireguard_private_key.path;
+        peers = [
+          {
+            publicKey = "32Rb13wExcy8uI92JTnFdiOfkv0mlQ6f181WA741DHs=";
+            allowedIPs = [ "10.69.222.0/24" ];
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+  };
+}