~ruther/nixos-config

ref: 41c18930577c170f4a26691a7630799793f99d7a nixos-config/modules/services/wireguard.nix -rw-r--r-- 1.1 KiB
41c18930 — Frantisek Bohacek feat: pin channels and registry 1 year, 5 months ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

{ config, lib, pkgs, user, ... }:

{
  networking.firewall = {
    allowedUDPPorts = [ 51820 ];
  };

  networking = {
    nameservers = [
      "${inputs.semi-secrets.wg.lan.serverIp}"
      "1.1.1.1"
      "1.0.0.1"
    ];

    # disable auto resolving
    dhcpcd.extraConfig = "nohook resolv.conf";
    networkmanager.dns = "none";
  };

  networking.resolvconf.extraOptions = [
    "timeout: 2"
  ];

  networking.wireguard.interfaces = {
    wg0 = {
      listenPort = 51820;

      generatePrivateKeyFile = true;
      privateKeyFile = "/etc/wireguard/pk.pem";

      peers = [
        {
          publicKey = "Mui5wOV21QTer4NK2dUcBOgaW9UFzFzwmxOn/458ByI=";
          endpoint = "${inputs.semi-secrets.wg.serverEndpoint}";
            # The ip is not refreshed, as the kernel cannot perform DNS resolution. Use dynamicEndpointRefreshSeconds,
            # in case the ip is refreshed often. If not, sync after refresh should be alright.
          allowedIPs = [ "${inputs.semi-secrets.wg.allowedIp}" ];
          persistentKeepalive = 25;
        }
      ];
    };
  };
}
Do not follow this link