m3tam3re
/
nix-configurations
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wireguard

This commit is contained in:
m3tam3re 2023-02-08 14:59:00 +01:00
parent 84f7df9860
commit 46db7bd979
6 changed files with 33 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/lkk-nix-1/default.nix
View File

@ -20,6 +20,7 @@
to = 3100; to = 3100;
}]; }];
firewall.allowedTCPPorts = [ 80 443 5432 3306 3478 ]; firewall.allowedTCPPorts = [ 80 443 5432 3306 3478 ];
firewall.allowedUDPPorts = [ 51820 ];
firewall.allowedUDPPortRanges = [{ firewall.allowedUDPPortRanges = [{
from = 3478; from = 3478;
to = 3481; to = 3481;
@ -52,6 +53,10 @@
mode = "770"; mode = "770";
owner = "searx"; owner = "searx";
}; };
wg-easy-environmentFile = {
file = ../../secrets/wg-easy-environmentFile.age;
mode = "770";
};
}; };
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
}; };

1
hosts/lkk-nix-1/services/containers/default.nix
View File

@ -3,5 +3,6 @@
./baserow.nix ./baserow.nix
./matomo.nix ./matomo.nix
./wordpress.nix ./wordpress.nix
./wireguard.nix
]; ];
} }

14
hosts/lkk-nix-1/services/containers/wireguard.nix Normal file
View File

@ -0,0 +1,14 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."wireguard" = {
image = "weejewel/wg-easy";
environment = { WG_HOST = "wg.lanakk.com"; };
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
volumes = [ "wireguard_data:/etc/wireguard" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--cap-add=SYS_MODULE"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv4.ip_forward=1"
];
};
}

11
hosts/lkk-nix-1/services/traefik.nix
View File

@ -42,6 +42,7 @@
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }]; searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }]; nextcloud.loadBalancer.servers = [{ url = "http://localhost:3005/"; }];
invidious.loadBalancer.servers = [{ url = "http://localhost:3006/"; }]; invidious.loadBalancer.servers = [{ url = "http://localhost:3006/"; }];
wireguard.loadBalancer.servers = [{ url = "http://localhost:3007/"; }];
}; };
routers = { routers = {
api = { api = {
@ -111,6 +112,16 @@
service = "invidious"; service = "invidious";
entrypoints = "websecure"; entrypoints = "websecure";
}; };
wireguard = {
rule = "Host(`wg.lanakk.com`)";
tls = {
certResolver = "godaddy";
domains = "wg.lanakk.com";
};
service = "wireguard";
middlewares = "auth";
entrypoints = "websecure";
};
}; };
}; };
}; };

2
secrets.nix
View File

@ -10,4 +10,6 @@ in {
"godaddy-api-secret.age".publicKeys = [ root ]; "godaddy-api-secret.age".publicKeys = [ root ];
"searx-environmentFile.age".publicKeys = [ root ]; "searx-environmentFile.age".publicKeys = [ root ];
"wg-easy-environmentFile.age".publicKeys = [ root ];
} }

BIN
secrets/wg-easy-environmentFile.age Normal file
View File

Binary file not shown.