35 lines
996 B
Nix
35 lines
996 B
Nix
{ config, lib, pkgs, ... }:
|
|
{
|
|
systemd.services.wireguard-upstream = {
|
|
wants = [ "wg-upstream-key.service" ];
|
|
after = [ "wg-upstream-key.service" ];
|
|
};
|
|
networking.wireguard.interfaces.upstream = {
|
|
ips = [ "2a0d:eb04:8:ffff:2::2/128" ];
|
|
generatePrivateKeyFile = true;
|
|
privateKeyFile = "/etc/wireguard/upstream.key";
|
|
listenPort = 51820;
|
|
peers = [
|
|
{
|
|
allowedIPs = [ "::/0" ];
|
|
endpoint = "103.105.50.220:51823";
|
|
publicKey = "qL5xKnQ7xLbtTvu0VmLBwHExteJBhmCe5S/0ZoXBeXY=";
|
|
}
|
|
];
|
|
postSetup = ''
|
|
${pkgs.iproute}/bin/ip addr del dev upstream 2a0d:eb04:8:ffff:2::2/128
|
|
${pkgs.iproute}/bin/ip addr add dev upstream 2a0d:eb04:8:ffff:2::2/128 peer 2a0d:eb04:8:ffff:2::1/128
|
|
'';
|
|
};
|
|
networking.interfaces.lo.ipv6 = {
|
|
addresses = [{
|
|
address = "2a0d:eb04:8:10::1";
|
|
prefixLength = 128;
|
|
}];
|
|
};
|
|
networking.defaultGateway6 = {
|
|
address = "2a0d:eb04:8:ffff:2::1";
|
|
interface = "upstream";
|
|
};
|
|
}
|