Création de la config de base WireGuard

2024-11-08 11:04:12 +01:00 · 2024-11-08 11:04:12 +01:00 · ae8d689727
commit ae8d689727
parent fae42bcdb2
1 changed files with 115 additions and 81 deletions
--- a/systems/LoutreOS/configuration.nix
+++ b/systems/LoutreOS/configuration.nix
@ -1,7 +1,3 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, inputs, ... }:
 {
@ -59,6 +55,11 @@
    useNetworkd = true;
    useDHCP = false;
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];
    vlans = {
      bouygues = {
        id = 100;
@ -133,86 +134,119 @@
    };
  };
-  systemd.network.networks = {
+  systemd.network = {
-    "40-bouygues" = {
+    enable = true;
-      dhcpV4Config.RouteMetric = 1;
+
-      dhcpV6Config = {
+    netdevs = {
-        DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
+      "10-wg0" = {
-        WithoutRA = "solicit";
+        netdevConfig = {
-      };
+          Kind = "wireguard";
-      ipv6AcceptRAConfig.DHCPv6Client = true;
+          Name = "wg0";
-      networkConfig = {
+        };
-        KeepConfiguration = "dhcp-on-stop";
+        wireguardConfig = {
-        IPv6AcceptRA = true;
+          PrivateKeyFile = "/run/keys/wireguard-privkey";
-        DHCPPrefixDelegation = true;
+          ListenPort = 9918;
-      };
+        };
-      dhcpPrefixDelegationConfig.SubnetId = "0";
+        wireguardPeers = [          
-    };
+          {
-    "40-eno1".linkConfig.RequiredForOnline = "no";
+            PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0=";
-    "40-eno2" = {
+            AllowedIPs = ["fc00::1/64" "10.100.0.1"];
-      networkConfig = {
+            Endpoint = "{set this to the server ip}:51820";
-        IPv6SendRA = true;
+          }
        DHCPPrefixDelegation = true;
        DHCPServer = true;
      };
      dhcpServerConfig = {
        # MIN = 10.30.100.0
        #PoolOffset = 25500;
        # MAX = 10.30.200.0
        #PoolSize = 25500;
        EmitRouter = true;
        EmitDNS = true;
        DNS = [
          "1.1.1.1"
          "1.0.0.1"
        ];
      };
      dhcpServerStaticLeases = [
        # IPMI
        {
          dhcpServerStaticLeaseConfig = {
            Address = "10.30.1.1";
            MACAddress = "ac:1f:6b:4b:01:15";
          };
        }
        # paul-fixe
        {
          dhcpServerStaticLeaseConfig = {
            Address = "10.30.50.1";
            MACAddress = "b4:2e:99:ed:24:26";
          };
        }
        # salonled
        {
          dhcpServerStaticLeaseConfig = {
            Address = "10.30.40.1";
            MACAddress = "e0:98:06:85:e9:ce";
          };
        }
        # miroir-bleu
        {
          dhcpServerStaticLeaseConfig = {
            Address = "10.30.40.2";
            MACAddress = "e0:98:06:86:38:fc";
          };
        }
        # miroir-orange
        {
          dhcpServerStaticLeaseConfig = {
            Address = "10.30.40.3";
            MACAddress = "50:02:91:78:be:be";
          };
        }
      ];
      ipv6SendRAConfig = {
        EmitDNS = true;
        DNS = [
          "2606:4700:4700::1111"
          "2606:4700:4700::1001"
        ];
      };
    };
-    "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024;
+
    networks = {
      "40-bouygues" = {
        dhcpV4Config.RouteMetric = 1;
        dhcpV6Config = {
          DUIDRawData = "00:03:00:01:E8:AD:A6:21:73:68";
          WithoutRA = "solicit";
        };
        ipv6AcceptRAConfig.DHCPv6Client = true;
        networkConfig = {
          KeepConfiguration = "dhcp-on-stop";
          IPv6AcceptRA = true;
          DHCPPrefixDelegation = true;
        };
        dhcpPrefixDelegationConfig.SubnetId = "0";
      };
      "40-eno1".linkConfig.RequiredForOnline = "no";
      "10-wg0" = {
        matchConfig.Name = "wg0";
        address = [
          "fe80::3/64"
          "fc00::3/120"
          "10.100.0.2/24"
        ];
      };
      "40-eno2" = {
        networkConfig = {
          IPv6SendRA = true;
          DHCPPrefixDelegation = true;
          DHCPServer = true;
        };
        dhcpServerConfig = {
          # MIN = 10.30.100.0
          #PoolOffset = 25500;
          # MAX = 10.30.200.0
          #PoolSize = 25500;
          EmitRouter = true;
          EmitDNS = true;
          DNS = [
            "1.1.1.1"
            "1.0.0.1"
          ];
        };
        dhcpServerStaticLeases = [
          # IPMI
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.30.1.1";
              MACAddress = "ac:1f:6b:4b:01:15";
            };
          }
          # paul-fixe
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.30.50.1";
              MACAddress = "b4:2e:99:ed:24:26";
            };
          }
          # salonled
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.30.40.1";
              MACAddress = "e0:98:06:85:e9:ce";
            };
          }
          # miroir-bleu
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.30.40.2";
              MACAddress = "e0:98:06:86:38:fc";
            };
          }
          # miroir-orange
          {
            dhcpServerStaticLeaseConfig = {
              Address = "10.30.40.3";
              MACAddress = "50:02:91:78:be:be";
            };
          }
        ];
        ipv6SendRAConfig = {
          EmitDNS = true;
          DNS = [
            "2606:4700:4700::1111"
            "2606:4700:4700::1001"
          ];
        };
      };
      # Set 4G connection as low routing priority
      "40-enp0s21u1".dhcpV4Config.RouteMetric = 1024;
    };
  };
  services.openssh = {