wireguard network

connection proxy->v6proxy works connection mail->v6proxy blocked
2026-03-21 21:27:14 +01:00 · 2026-03-21 21:27:14 +01:00 · 9c10e99502
commit 9c10e99502
parent 26d56a1dfe
7 changed files with 158 additions and 2 deletions
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -29,6 +29,7 @@ in
    defaultSopsFile = ./secrets.sops.yml;
    secrets = {
      "ldap_passwd".owner = "dovecot2";
+      "wireguard-key".owner = "systemd-network";
    };
  };
  imports = [
@ -59,6 +60,28 @@ in
      address = "141.56.51.254";
      interface = "eth0";
    };
+    wireguard = {
+      enable = true;
+      interfaces = {
+        sturauplink = {
+          privateKeyFile = config.sops.secrets."wireguard-key".path;
+          ips = [
+            "10.100.0.20/24"
+            "fd28:6691:1921:6299::20/64"
+          ];
+          peers = [
+            # mail.test.htw.stura-dresden.de
+            {
+              endpoint = "hetzner.test.htw.stura-dresden.de:51820";
+              allowedIPs = [
+                "10.100.0.1/24"
+              ];
+              publicKey = "Tg/SNniezzF4DUnvUl1/JxQwS18POrUR20UmkQDt+X0=";
+            }
+          ];
+        };
+      };
+    };
  };

  services.nginx.virtualHosts = {