do wg-quick declaratively
This commit is contained in:
parent
9b2faf8e47
commit
f768d6191d
|
@ -71,7 +71,7 @@ services.iperf3.enable = true;
|
|||
};
|
||||
services.acpid.enable = true;
|
||||
|
||||
environment.extraInit = "if echo \"$-\" | grep i > /dev/null; then bash /etc/motd.script; if [ -r ~/README ]; then printf '\nHello %s, there is a README file in your home directory. See the contents below:\n\n%s\n' $USER \"$(<~/README)\"; fi; if [ -r /var/tmp/poll ]; then printf '\nTHERE IS AN ONGOING POLL.\n%s\nPoll ends on %s\nPlace your vote in ~/.vote\n' \"$(</var/tmp/poll)\" \"$(date -d @$(($(stat -c %Y /var/tmp/poll)+604800)))\"; fi; fi";
|
||||
environment.extraInit = "if echo \"$-\" | grep i > /dev/null; then bash /etc/motd.script; if [ -r ~/README ]; then printf '\nHello %s, there is a README file in your home directory. See the contents below:\n\n%s\n' $USER \"$(<~/README)\"; fi; if [ -r /var/tmp/poll ]; then printf '\nTHERE IS AN ONGOING POLL.\n%s\nPoll ends on %s\nPlace your vote in ~/.vote\n' \"$(</var/tmp/poll)\" \"$(date -d @$(($(stat -c %Y /var/tmp/poll)+1159300)))\"; fi; fi";
|
||||
security.auditd.enable = true;
|
||||
|
||||
# services.phpfpm.pools.mypool.socket = "";
|
||||
|
@ -156,6 +156,26 @@ programs.bash.interactiveShellInit = ''
|
|||
];
|
||||
};
|
||||
networking.wireguard.enable = true;
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
address = [ "10.7.0.4/24" ];
|
||||
dns = [ "192.168.122.1" ];
|
||||
privateKeyFile = "/root/wg-privkey";
|
||||
peers = [
|
||||
{
|
||||
# Public key of the server (not a file path).
|
||||
publicKey = "ylsR8JgSF9RuIFW+3EKHbLAA1PZYCFG/OnCuJtZlXl4=";
|
||||
presharedKeyFile = "/root/wg-psk";
|
||||
# Forward all the traffic via VPN.
|
||||
allowedIPs = [ "0.0.0.0/0" ];
|
||||
# Set this to the server IP and port.
|
||||
endpoint = "5.161.108.85:51820";
|
||||
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
security.pam.services.su.text = "account required pam_unix.so\nauth sufficient pam_rootok.so\nauth required pam_faillock.so\nauth required pam_deny.so\npassword sufficient pam_unix.so nullok sha512\nsession required pam_env.so conffile=/etc/pam/environment readenv=0\nsession required pam_unix.so";
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
|
|
Loading…
Reference in New Issue