deploy wireguard

2026-02-18 21:42:25 +01:00 · 2026-02-18 21:42:25 +01:00 · 3f9cd6a0c1
commit 3f9cd6a0c1
parent a47d096503
6 changed files with 181 additions and 212 deletions
--- a/hosts/nixos/nfss/system.nix
+++ b/hosts/nixos/nfss/system.nix
@ -6,12 +6,12 @@
    ./containers.nix
    ./proxy.nix
    ../system-default.nix
-    ../../../modules/vpn/tailscale.nix
    ../../../modules/podman.nix
    ../../../modules/traefik.nix
    ../../../modules/borg/client.nix
    ../../../modules/media/server.nix
    ../../../modules/file-server/samba.nix
+    ../../../modules/vpn/client.nix
  ];

  # GRUB bootloader with ZFS support
@ -132,9 +132,11 @@
    };
  };

-  services.tailscale-custom = {
-    exitNode = true;
-    subnetRoutes = [ "10.1.1.0/24" ];
+  services.wireguard-client = {
+    enable = true;
+    address = "10.2.2.10/24";
+    serverPublicKey = "46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM=";
+    serverEndpoint = "91.98.84.215:51820";
  };

  # Media server services
--- a/hosts/nixos/vps/proxy.nix
+++ b/hosts/nixos/vps/proxy.nix
@ -57,7 +57,7 @@
          loadBalancer = {
            serversTransport = "longTimeout";
            servers = [{
-              url = "http://10.1.1.152:8080";
+              url = "http://10.2.2.10:8080";
            }];
          };
        };
@ -65,7 +65,7 @@
        music = {
          loadBalancer = {
            servers = [{
-              url = "http://10.1.1.152:4533";
+              url = "http://10.2.2.10:4533";
            }];
          };
        };
--- a/hosts/nixos/vps/system.nix
+++ b/hosts/nixos/vps/system.nix
@ -6,11 +6,11 @@
    ./containers.nix
    ./proxy.nix
    ../system-default.nix
-    ../../../modules/vpn/tailscale.nix
    ../../../modules/podman.nix
    ../../../modules/traefik.nix
    ../../../modules/borg/client.nix
    ../../../modules/git/server.nix
+    ../../../modules/vpn/server.nix
  ];

  # GRUB bootloader with UEFI support
@ -44,7 +44,6 @@
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 80 443 27017 ];
-      trustedInterfaces = [ "tailscale0" ];
    };
  };

@ -71,7 +70,14 @@
    ];
  };

-  services.tailscale-custom.exitNode = true;
+  services.wireguard-server = {
+    enable = true;
+    address = "10.2.2.1/24";
+    peers = [{
+      publicKey = "MCuSF/aFZy7Jq3nI6VpU7jbfZOuEGuMjgpxRWazxtmY=";
+      allowedIPs = [ "10.2.2.10/32" ];
+    }];
+  };

  services.git-server-custom = {
    enable = true;