Configuration VPN Wireguard

systems/LoutreOS/services.nix

@@ -394,19 +394,39 @@ in
     { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
   ];
 
-  networking.firewall.allowedTCPPorts = [
+  networking = {
-    111 2049 4000 4001 4002 # NFS
+    wireguard.interfaces = {
-    3483 9000 9090 # Slimserver
+      wg0 = {
-    51413 # Transmission
+        ips = [ "192.168.20.1/24" ];
-    8448 # Matrix federation
+        privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
-    20 21 # FTP
+        listenPort = 51820;
-  ];
+        allowedIPsAsRoutes = false;
-  networking.firewall.allowedTCPPortRanges = [
+        peers = [
-    { from = 64000; to = 65535; } # FTP
+          {
-  ];
+            allowedIPs = [ "0.0.0.0/0" ];
-  networking.firewall.allowedUDPPorts = [
+            publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
-    111 2049 4000 4001 4002 # NFS
+          }
-    3483 # Slimserver
+        ];
-    51413 # Transmission
+      };
-  ];
+    };
+
+    firewall.allowedTCPPorts = [
+      111 2049 4000 4001 4002 # NFS
+      3483 9000 9090 # Slimserver
+      51413 # Transmission
+      8448 # Matrix federation
+      20 21 # FTP
+    ];
+
+    firewall.allowedTCPPortRanges = [
+      { from = 64000; to = 65535; } # FTP
+    ];
+
+    firewall.allowedUDPPorts = [
+      111 2049 4000 4001 4002 # NFS
+      3483 # Slimserver
+      51413 # Transmission
+      51820 # Wireguard
+    ];
+  };
 }