vern
/
pubnix-configs
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

do wg-quick declaratively

This commit is contained in:
~vern 2022-12-18 05:42:55 +00:00
parent 9b2faf8e47
commit f768d6191d
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
nixos/configuration.nix
View File

@ -71,7 +71,7 @@ services.iperf3.enable = true;
};
services.acpid.enable = true;
environment.extraInit = "if echo \"$-\" | grep i > /dev/null; then bash /etc/motd.script; if [ -r ~/README ]; then printf '\nHello %s, there is a README file in your home directory. See the contents below:\n\n%s\n' $USER \"$(<~/README)\"; fi; if [ -r /var/tmp/poll ]; then printf '\nTHERE IS AN ONGOING POLL.\n%s\nPoll ends on %s\nPlace your vote in ~/.vote\n' \"$(</var/tmp/poll)\" \"$(date -d @$(($(stat -c %Y /var/tmp/poll)+604800)))\"; fi; fi";
environment.extraInit = "if echo \"$-\" | grep i > /dev/null; then bash /etc/motd.script; if [ -r ~/README ]; then printf '\nHello %s, there is a README file in your home directory. See the contents below:\n\n%s\n' $USER \"$(<~/README)\"; fi; if [ -r /var/tmp/poll ]; then printf '\nTHERE IS AN ONGOING POLL.\n%s\nPoll ends on %s\nPlace your vote in ~/.vote\n' \"$(</var/tmp/poll)\" \"$(date -d @$(($(stat -c %Y /var/tmp/poll)+1159300)))\"; fi; fi";
security.auditd.enable = true;
# services.phpfpm.pools.mypool.socket = "";
@ -156,6 +156,26 @@ programs.bash.interactiveShellInit = ''
];
};
networking.wireguard.enable = true;
networking.wg-quick.interfaces = {
wg0 = {
address = [ "10.7.0.4/24" ];
dns = [ "192.168.122.1" ];
privateKeyFile = "/root/wg-privkey";
peers = [
{
# Public key of the server (not a file path).
publicKey = "ylsR8JgSF9RuIFW+3EKHbLAA1PZYCFG/OnCuJtZlXl4=";
presharedKeyFile = "/root/wg-psk";
# Forward all the traffic via VPN.
allowedIPs = [ "0.0.0.0/0" ];
# Set this to the server IP and port.
endpoint = "5.161.108.85:51820";
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
security.pam.services.su.text = "account required pam_unix.so\nauth sufficient pam_rootok.so\nauth required pam_faillock.so\nauth required pam_deny.so\npassword sufficient pam_unix.so nullok sha512\nsession required pam_env.so conffile=/etc/pam/environment readenv=0\nsession required pam_unix.so";
system.stateVersion = "22.05"; # Did you read the comment?