systems/LoutreOS/medias.nix

@@ -13,7 +13,6 @@
         rpc-whitelist-enabled = false;
         peer-port = 51413;
         incomplete-dir = "/mnt/medias/incomplete";
-        download-dir = "/mnt/medias/torrent";
       };
     };
 

systems/LoutreOS/services.nix

@@ -541,6 +541,24 @@ in
   security.pam.services.sshd.text = pkgs.lib.mkDefault( pkgs.lib.mkAfter "session optional ${pkgs.pam}/lib/security/pam_exec.so seteuid ${login_mail_alert}/bin/mail_alert.sh" );
 
   networking = {
+    wireguard.interfaces = {
+      wg0 = {
+        ips = [ "192.168.20.1/24" ];
+        privateKeyFile = "/mnt/secrets/wireguard/wg0.privatekey";
+        listenPort = 51820;
+        allowedIPsAsRoutes = true;
+        peers = [
+          {
+            allowedIPs = [ "192.168.20.2/32" ];
+            publicKey = "b/SXiqo+GPdNOc54lyEVeUBc6B5AbVMKh+g5EZPGzlE=";
+          }
+        ];
+      };
+    };
+
+    nat.internalInterfaces = [ "wg0" ];
+    nat.internalIPs = [ "192.168.20.0/24" ];
+
     firewall.interfaces.eno2.allowedTCPPorts = [
       3260
     ];
@@ -553,5 +571,9 @@ in
     firewall.allowedTCPPortRanges = [
       { from = 64000; to = 65535; } # FTP
     ];
+
+    firewall.allowedUDPPorts = [
+      config.networking.wireguard.interfaces.wg0.listenPort
+    ];
   };
 }

systems/common-cli.nix

@@ -49,6 +49,7 @@
     inetutils
     rclone
     lftp
+    wireguard-tools
     nfs-utils
     nmap