37 lines
1.2 KiB
Nix
37 lines
1.2 KiB
Nix
{ config, ... }:
|
|
{
|
|
age.secrets.wg-private.file = ../../keys/wg-macbook;
|
|
networking.wg-quick.interfaces.wg-selene = {
|
|
privateKeyFile = config.age.secrets.wg-private.path;
|
|
|
|
# The internal IP address assigned to this client by the server.
|
|
# The /24 subnet mask is important for knowing the VPN's local network.
|
|
address = [ "10.100.0.2/32" ];
|
|
|
|
# DNS server(s) to use when the tunnel is active.
|
|
# This is critical for resolving hostnames when all traffic is routed.
|
|
dns = [
|
|
"1.1.1.1"
|
|
"1.0.0.1"
|
|
]; # Cloudflare DNS, or use your preferred one like 8.8.8.8
|
|
|
|
peers = [
|
|
{
|
|
# Public key of the SERVER.
|
|
publicKey = builtins.readFile ../../keys/wg-selene.pub;
|
|
|
|
# The server's public IP address and listening port.
|
|
endpoint = "37.27.207.39:51820";
|
|
|
|
# This is the most important part for a "VPN" setup.
|
|
# 0.0.0.0/0 tells your Mac to route all IPv4 traffic through the tunnel.
|
|
# Add "::/0" if your server and network support IPv6.
|
|
allowedIPs = [ "10.100.0.1/24" ];
|
|
|
|
# Optional but highly recommended for clients behind NAT.
|
|
# It sends a packet every 25 seconds to keep the connection open.
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
}
|