From dec414a98eb8c132e9ed8972fc0bdf8b60d9fb0a Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Sat, 7 Oct 2023 20:10:33 +0900
Subject: [PATCH] Update wireguard

---
 nixos/hosts/nixos-rpi4-03/default.nix  | 6 ++++--
 nixos/hosts/osaka-vultr-01/default.nix | 7 ++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/nixos/hosts/nixos-rpi4-03/default.nix b/nixos/hosts/nixos-rpi4-03/default.nix
index da430234..205ea75e 100644
--- a/nixos/hosts/nixos-rpi4-03/default.nix
+++ b/nixos/hosts/nixos-rpi4-03/default.nix
@@ -52,6 +52,7 @@
   
   # Temporary
   # networking.firewall.allowedTCPPorts = [ 22 ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
 
   # Set up the secrets file:
   sops.secrets."wireguard_keys/nixos-rpi4-03" = {
@@ -68,16 +69,17 @@
     enable = true;
     interfaces = {
       "wireguard0" = {
-        ips = [ "10.100.0.2/32" ];
+        ips = [ "10.100.0.2/24" ];
+        listenPort = 51820;
         privateKeyFile = "/run/secrets/wireguard_keys/nixos-rpi4-03";
         # Testing
         peers = [
           { # osaka-vultr-01
             publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE=";
+            presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
             persistentKeepalive = 5;
             allowedIPs = [ "0.0.0.0/0" ];
             endpoint = "64.176.54.57:51820";
-            presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
           }
         ];
       };
diff --git a/nixos/hosts/osaka-vultr-01/default.nix b/nixos/hosts/osaka-vultr-01/default.nix
index bf4205ee..52bb0cf7 100644
--- a/nixos/hosts/osaka-vultr-01/default.nix
+++ b/nixos/hosts/osaka-vultr-01/default.nix
@@ -39,16 +39,17 @@
       "wireguard0" = {
         ips = [ "10.100.0.1/24" ];
         listenPort = 51820;
+        privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
+
         postSetup    = ''${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
         postShutdown = ''${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eno3 -j MASQUERADE'';
-        privateKeyFile = "/run/secrets/wireguard_keys/osaka-vultr-01";
         # Testing
         peers = [
           { # nixos-rpi4-03
             publicKey = "trHvfNtQ7HKMiJjxEXo2Iubq5G6egjx7gHiBlDmJ5Ek=";
-            allowedIPs = [ "10.100.0.2/32" ];
-            persistentKeepalive = 5;
             presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key";
+            persistentKeepalive = 5;
+            allowedIPs = [ "10.100.0.2/32" ];
           }
         ];
       };