deploy wireguard

2026-02-18 23:04:21 +01:00 · 2026-02-18 23:04:21 +01:00 · e097126817
commit e097126817
parent a47d096503
7 changed files with 84 additions and 202 deletions
--- a/hosts/nixos/vps/system.nix
+++ b/hosts/nixos/vps/system.nix
@ -6,7 +6,7 @@
    ./containers.nix
    ./proxy.nix
    ../system-default.nix
-    ../../../modules/vpn/tailscale.nix
+    ../../../modules/vpn/wireguard.nix
    ../../../modules/podman.nix
    ../../../modules/traefik.nix
    ../../../modules/borg/client.nix
@ -44,7 +44,6 @@
    firewall = {
      enable = true;
      allowedTCPPorts = [ 22 80 443 27017 ];
-      trustedInterfaces = [ "tailscale0" ];
    };
  };

@ -71,7 +70,17 @@
    ];
  };

-  services.tailscale-custom.exitNode = true;
+  services.wireguard-custom = {
+    enable = true;
+    mode = "server";
+    serverConfig = {
+      address = "10.2.2.1/24";
+      peers = [{
+        publicKey = "MCuSF/aFZy7Jq3nI6VpU7jbfZOuEGuMjgpxRWazxtmY=";
+        allowedIPs = [ "10.2.2.10/32" ];
+      }];
+    };
+  };

  services.git-server-custom = {
    enable = true;