14 lines
451 B
Nix
14 lines
451 B
Nix
{ config, ... }: {
|
|
sops.secrets.wg_cloonar_key = {};
|
|
|
|
networking.wireguard.interfaces.wg_cloonar = {
|
|
ips = [ "10.42.98.10/24" ];
|
|
privateKeyFile = config.sops.secrets.wg_cloonar_key.path;
|
|
peers = [{
|
|
endpoint = "vpn.cloonar.com:51820";
|
|
publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
|
|
allowedIPs = [ "10.42.0.0/16" ];
|
|
persistentKeepalive = 25; # web-arm is behind NAT, keep tunnel alive
|
|
}];
|
|
};
|
|
}
|