1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
{ config, hostConfig, ... }:
{
dns.zones."zaphyra.eu".subdomains."router-2.dn42".AAAA = [ hostConfig.networking.ip6Address ];
sops.secrets."dn42/wgPrivateKey" = {
owner = "systemd-network";
group = "systemd-network";
};
services.knot.settings.server.listen = [
"fd6b:6174:6a61:53::2"
];
systemd.network = {
netdevs."20-dn42" = {
netdevConfig = {
Kind = "wireguard";
Name = "dn42";
MTUBytes = 1280;
};
wireguardConfig = {
PrivateKeyFile = config.sops.secrets."dn42/wgPrivateKey".path;
ListenPort = 1718;
FirewallMark = 1718;
};
wireguardPeers = [
{
PublicKey = "MRXPP//j+BDCiUyrYHdXtdULAsCZyfgumas8pxp6oiE=";
Endpoint = "router-a.dn42.zaphyra.eu:1718";
AllowedIPs = [ "fd00::/8" ];
PersistentKeepalive = 10;
}
];
};
networks."20-dn42" = {
matchConfig.Name = "dn42";
linkConfig.RequiredForOnline = false;
address = [
"fd6b:6174:6a61::2/128"
"fd6b:6174:6a61:53::2/128"
];
};
};
}