dot

NixOS dotfiles
git clone https://git.echoz.io/dot.git
Log | Files | Refs
commit 670cf3e4cf3de03572a9debcb2965fa533a0f1d8
parent f3a41568def2aea321e2142bbe8f552135ea0f06
Author: Chris <chris@echoz.io>
Date:   Thu,  7 May 2026 18:59:03 +0200

feat: set up wireguard

Diffstat:

Mflake.lock | 6+++---


Mhosts/tp/default.nix | 62+++++++++++++++++++++++++++++++++++++++++++++++++++-----------


2 files changed, 54 insertions(+), 14 deletions(-)

diff --git a/flake.lock b/flake.lock
@@ -272,11 +272,11 @@
         "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1773362693,
-        "narHash": "sha256-VO4qGvXnEM6E0Hxkmpy1aTqukJ4thWhmJpVQF7xn+XA=",
+        "lastModified": 1773934657,
+        "narHash": "sha256-KzApX6crK6G3oOlaG9mvF7xnlbuOisWRumj9XyXhMuo=",
         "owner": "echozio",
         "repo": "sec",
-        "rev": "b445c28bc40cdf8ceb1c36fe5ed38130e22e6363",
+        "rev": "bb2500300dc07890f6e6bf9eb1ef101a7996ca90",
         "type": "github"
       },
       "original": {
diff --git a/hosts/tp/default.nix b/hosts/tp/default.nix
@@ -1,5 +1,6 @@
 {
   pkgs,
+  config,
   modulesPath,
 
   sec,
@@ -22,18 +23,55 @@
 
     networkmanager = {
       enable = true;
-      ensureProfiles.profiles.wwan = {
-        connection = {
-          id = "wwan";
-          type = "gsm";
-          interface-name = "cdc-wdm0";
-        };
-        gsm.apn = "internet";
-        ipv4.method = "auto";
-        ipv6 = {
-          method = "auto";
-          addr-gen-mode = "stable-privacy";
+      ensureProfiles = {
+        profiles = {
+          "fw01.isx.inl1.echoz.io" = {
+            connection = {
+              id = "fw01.isx.inl1.echoz.io";
+              type = "wireguard";
+              autoconnect = true;
+              interface-name = "wg0";
+            };
+
+            "wireguard-peer.uoeLveuevSLe6pkIvMryLOr2RVM3qcarSNn0OfNcIUA=" = {
+              endpoint = "fw01.isx.inl1.echoz.io:51820";
+              presistent-keepalive = 25;
+              allowed-ips = "0.0.0.0/0";
+            };
+
+            ipv4 = {
+              method = "manual";
+              address1 = "10.200.100.104/24";
+              dns = "10.120.120.101";
+              dns-search = "lan.inl1.echoz.io";
+            };
+
+            ipv6.method = "disabled";
+          };
+
+          wwan = {
+            connection = {
+              id = "wwan";
+              type = "gsm";
+              interface-name = "cdc-wdm0";
+            };
+            gsm.apn = "internet";
+            ipv4.method = "auto";
+            ipv6 = {
+              method = "auto";
+              addr-gen-mode = "stable-privacy";
+            };
+          };
         };
+
+        secrets.entries = [
+          {
+            file = config.sops.secrets."wireguard.key".path;
+            key = "private-key";
+            matchIface = "wg0";
+            matchSetting = "wireguard";
+          }
+        ];
       };
     };
 
@@ -48,6 +86,8 @@
     };
   };
 
+  sops.secrets."wireguard.key" = { };
+
   systemd.services.ModemManager = {
     enable = true;
     wantedBy = [