diff --git a/systems/LoutreOS/configuration.nix b/systems/LoutreOS/configuration.nix index 899802e..616c927 100644 --- a/systems/LoutreOS/configuration.nix +++ b/systems/LoutreOS/configuration.nix @@ -142,16 +142,21 @@ netdevConfig = { Kind = "wireguard"; Name = "wg0"; + MTUBytes = "1450"; }; wireguardConfig = { PrivateKeyFile = "/run/keys/wireguard-privkey"; - ListenPort = 9918; + FirewallMark = 51820; }; wireguardPeers = [ { - PublicKey = "OhApdFoOYnKesRVpnYRqwk3pdM247j8PPVH5K7aIKX0="; - AllowedIPs = ["fc00::1/64" "10.100.0.1"]; - Endpoint = "{set this to the server ip}:51820"; + wireguardPeerConfig = { + Endpoint = "89.234.141.83:8095"; + PublicKey = "t3+JkBfXI1uw8fa9P6JfxXJfTPm9cOHcgIN215UHg2g="; + PresharedKeyFile = "/run/keys/wireguard-psk.key"; + AllowedIPs = ["0.0.0.0/0" "::/0"]; + PersistentKeepalive = 15; + }; } ]; }; @@ -176,10 +181,45 @@ "10-wg0" = { matchConfig.Name = "wg0"; address = [ - "fe80::3/64" - "fc00::3/120" - "10.100.0.2/24" + "89.234.141.196/32" + "2a00:5881:8119:400::1/128" ]; + # routingPolicyRules = [ + # { + # routingPolicyRuleConfig = { + # FirewallMark = "51820"; + # InvertRule = true; + # Table = "51820"; + # Priority = "10"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "10.0.0.0/8"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "192.168.0.0/16"; + # Priority = "9"; + # }; + # } + # { + # routingPolicyRuleConfig = { + # To = "89.234.141.83/32"; + # Priority = "5"; + # }; + # } + # ]; + # routes = [ + # { + # routeConfig = { + # Destination = "0.0.0.0/0"; + # Table = 51820; + # }; + # } + # ]; }; "40-eno2" = { networkConfig = {