From 47136eae1c1ae3676cd0e6dbbea5f70921489d24 Mon Sep 17 00:00:00 2001 From: Yan Lin Date: Wed, 10 Sep 2025 21:36:30 +0200 Subject: [PATCH] Add two ios peers to wireguard --- README.md | 15 +++++++++++++++ config/wireguard/ipad.conf | 12 ++++++++++++ config/wireguard/iphone.conf | 12 ++++++++++++ hosts/nixos/vps/system.nix | 10 ++++++++++ 4 files changed, 49 insertions(+) create mode 100644 config/wireguard/ipad.conf create mode 100644 config/wireguard/iphone.conf diff --git a/README.md b/README.md index 2aa7146..473b02b 100644 --- a/README.md +++ b/README.md @@ -898,6 +898,8 @@ sudo chmod 600 /etc/borg-passphrase ### Network Architecture: - **VPS (Hub)**: 10.2.2.1/24 - Central WireGuard server with public endpoint - **HS (Spoke)**: 10.2.2.20/24 - Home server connecting through VPS +- **iPhone**: 10.2.2.30/24 - iOS device (mobile connectivity) +- **iPad**: 10.2.2.31/24 - iOS device (tablet connectivity) - **LAN Access**: HS remains accessible at 10.1.1.152 on local network - **DNS Setup**: hs.yanlincs.com resolves to 10.1.1.152 (LAN) with 10.2.2.20 (WireGuard) fallback @@ -940,6 +942,7 @@ sudo wg pubkey < /etc/wireguard/private.key ### Configuration Details: - **Server Mode**: Configured on VPS with NAT forwarding and firewall rules - **Client Mode**: Configured on HS with persistent keepalive to VPS +- **iOS Devices**: iPhone and iPad configurations available in `wireguard-configs/` - **Automatic Startup**: Enabled via systemd wg-quick service - **Key Storage**: Private keys stored in `/etc/wireguard/private.key` with 600 permissions - **Port**: Default UDP 51820 (configurable) @@ -950,6 +953,18 @@ sudo wg pubkey < /etc/wireguard/private.key 3. Update peer configurations with actual public keys and VPS endpoint IP 4. Restart WireGuard services to establish connection +### iOS Device Setup: +1. Install WireGuard app from App Store on your iPhone/iPad +2. Configuration files are available in `wireguard-configs/`: + - `iphone.conf` - iPhone configuration (10.2.2.30) + - `ipad.conf` - iPad configuration (10.2.2.31) +3. Import configuration to WireGuard app: + - Option 1: Generate QR code: `qrencode -t ansiutf8 < wireguard-configs/iphone.conf` + - Option 2: Email/AirDrop the .conf file to your device + - Option 3: Manually enter configuration in the app +4. Enable the VPN connection in WireGuard app +5. Test connectivity: Access internal services at 10.2.2.1 (VPS) or 10.2.2.20 (HS) + ## 🏠 Home Server (`hs` Host) The `hs` NixOS configuration provides a comprehensive home server solution with enterprise-grade storage, containerized services, and automated monitoring. diff --git a/config/wireguard/ipad.conf b/config/wireguard/ipad.conf new file mode 100644 index 0000000..8321531 --- /dev/null +++ b/config/wireguard/ipad.conf @@ -0,0 +1,12 @@ +[Interface] +# iPad WireGuard Configuration +PrivateKey = QDFSzR43DSxQ4RFL2zZR5DfZ1aDhuR9myvDxUT4OjWU= +Address = 10.2.2.31/24 +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +# VPS Server +PublicKey = 46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM= +Endpoint = 91.98.84.215:51820 +AllowedIPs = 10.2.2.0/24 +PersistentKeepalive = 25 \ No newline at end of file diff --git a/config/wireguard/iphone.conf b/config/wireguard/iphone.conf new file mode 100644 index 0000000..d3872be --- /dev/null +++ b/config/wireguard/iphone.conf @@ -0,0 +1,12 @@ +[Interface] +# iPhone WireGuard Configuration +PrivateKey = iCm5JgLs0ErUsEC3BaoB89L4hZn9gz41fFaV8SETRHg= +Address = 10.2.2.30/24 +DNS = 1.1.1.1, 8.8.8.8 + +[Peer] +# VPS Server +PublicKey = 46QHjSzAas5g9Hll1SCEu9tbR5owCxXAy6wGOUoPwUM= +Endpoint = 91.98.84.215:51820 +AllowedIPs = 10.2.2.0/24 +PersistentKeepalive = 25 \ No newline at end of file diff --git a/hosts/nixos/vps/system.nix b/hosts/nixos/vps/system.nix index 6bc0e31..99c4b29 100644 --- a/hosts/nixos/vps/system.nix +++ b/hosts/nixos/vps/system.nix @@ -148,6 +148,16 @@ publicKey = "HZY7V8QlnFvY6ZWNiI0WgUgWUISnEqUdzXi7Oq9M1Es="; allowedIPs = [ "10.2.2.20/32" ]; } + { + name = "iphone"; + publicKey = "mK4zGcytZP0Jane7kE36milpcWERWzYZKZyrbUlNFFg="; + allowedIPs = [ "10.2.2.30/32" ]; + } + { + name = "ipad"; + publicKey = "f/+Jyz4CpD5uyaZox77IuD9mI/KU9QOiK6tLMcbVGTE="; + allowedIPs = [ "10.2.2.31/32" ]; + } ]; }; };