{ pkgs, config, lib, ... }: { # Set up the secrets file: sops.secrets."wireguard_keys/framework-server" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; sops.secrets."wireguard_keys/preshared_key" = { owner = "root"; sopsFile = ../../../secrets/wireguard.yaml; }; # Wireguard Forwarder networking.firewall.allowPing = true; networking.wireguard = { enable = true; interfaces = { "wireguard0" = { ips = [ "10.100.0.2/24" ]; listenPort = 51820; privateKeyFile = "/run/secrets/wireguard_keys/framework-server"; # Testing peers = [ { # osaka-linode-01 publicKey = "yPZ3EmmIqCkReXf1DRTxzVaKQ2k+ifGmYJHji5nnMmE="; presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; persistentKeepalive = 5; allowedIPs = [ "10.100.0.1/32" ]; # endpoint = "64.176.54.57:51820"; # osaka-vultr-01 endpoint = "172.234.84.222:51820"; # osaka-linode-01 } ]; }; }; }; }