WireGuard: Difference between revisions

Line 242:

{ config, pkgs, lib, ... }:{

{ config, pkgs, lib, ... }: {

boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];

systemd.network = {

Line 250:

netdevConfig = {

Kind = "wireguard";

Name = "wg0";

MTUBytes = "1300";

~~Name = "wg0";~~

};

# See also man systemd.netdev (also contains info on the permissions of the key files)

~~extraConfig~~ = ''

wireguardConfig = {

~~[WireGuard]~~

# Don't use a file from the Nix store as these are world readable.

PrivateKeyFile=/run/keys/wireguard-privkey

PrivateKeyFile = "/run/keys/wireguard-privkey";

ListenPort=9918

ListenPort = 9918;

};

[~~WireGuardPeer]~~

wireguardPeers = [{

PublicKey=OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=

wireguardPeerConfig = {

AllowedIPs=fc00::1/64, 10.100.0.1

PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";

Endpoint={set this to the server ip}:51820

AllowedIPs = [ "fc00::1/64" "10.100.0.1" ];

'';

Endpoint = "{set this to the server ip}:51820";

}

}];

};

networks = {

networks.wg0 = {

# See also man systemd.network

"~~40-~~wg0"~~.extraConfig = ''~~

matchConfig.Name = "wg0";

~~[Match]~~

# IP addresses the client interface will have

~~Name~~=~~wg0~~

address = [

"fe80::3/64"

[~~Network]~~

"fc00::3/120"

~~DHCP=no~~

"10.100.0.2/24"

~~IPv6AcceptRA=false~~

];

~~Gateway=~~fc00::1

DHCP = "no";

~~Gateway=~~10.100.0.1

dns = [ "fc00::53" ];

~~DNS~~=fc00::53

ntp = [ "fc00::123" ];

~~NTP~~=fc00::123

gateway = [

"fc00::1"

~~# IP addresses the client interface will have~~

"10.100.0.1"

~~[Address~~]

];

~~Address~~=~~fe80::3/64~~

networkConfig = {

[~~Address]~~

IPv6AcceptRA = false;

~~Address=~~fc00::~~3/120~~

};

~~[Address]~~

~~Address=~~10.100.0.~~2/24~~

'';

};

@@ Line 242: / Line 242: @@
 <syntaxHighlight lang="nix">
-{ config, pkgs, lib, ... }:{
+{ config, pkgs, lib, ... }: {
    boot.extraModulePackages = [ config.boot.kernelPackages.wireguard ];
    systemd.network = {
@@ Line 250: / Line 250: @@
          netdevConfig = {
            Kind = "wireguard";
+          Name = "wg0";
            MTUBytes = "1300";
-          Name = "wg0";
          };
          # See also man systemd.netdev (also contains info on the permissions of the key files)
-         extraConfig = ''
+         wireguardConfig = {
-          [WireGuard]
            # Don't use a file from the Nix store as these are world readable.
-           PrivateKeyFile=/run/keys/wireguard-privkey
+           PrivateKeyFile = "/run/keys/wireguard-privkey";
-           ListenPort=9918
+           ListenPort = 9918;
+        };
-          [WireGuardPeer]
+        wireguardPeers = [{
-           PublicKey=OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=
+           wireguardPeerConfig = {
-          AllowedIPs=fc00::1/64, 10.100.0.1
+            PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";
-          Endpoint={set this to the server ip}:51820
+            AllowedIPs = [ "fc00::1/64" "10.100.0.1" ];
-         '';
+            Endpoint = "{set this to the server ip}:51820";
+          }
+         }];
        };
      };
-     networks = {
+     networks.wg0 = {
        # See also man systemd.network
-       "40-wg0".extraConfig = ''
+       matchConfig.Name = "wg0";
-        [Match]
+      # IP addresses the client interface will have
-        Name=wg0
+      address = [
+         "fe80::3/64"
-        [Network]
+         "fc00::3/120"
-         DHCP=no
+         "10.100.0.2/24"
-         IPv6AcceptRA=false
+      ];
-        Gateway=fc00::1
+      DHCP = "no";
-         Gateway=10.100.0.1
+      dns = [ "fc00::53" ];
-        DNS=fc00::53
+      ntp = [ "fc00::123" ];
-        NTP=fc00::123
+      gateway = [
+         "fc00::1"
-        # IP addresses the client interface will have
+         "10.100.0.1"
-        [Address]
+      ];
-        Address=fe80::3/64
+      networkConfig = {
-        [Address]
+        IPv6AcceptRA = false;
-         Address=fc00::3/120
+       };
-         [Address]
-        Address=10.100.0.2/24
-       '';
      };
    };