Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

disable protonvpn

Browse source
This commit is contained in:
Lillian Violet 2024-12-07 00:56:51 +01:00
parent 47dc699ed1
commit 72c9457a37
1 changed files with 25 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
nixos/hosts/wheatley/configuration.nix
View file

@ -146,34 +146,34 @@
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg= # wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily. # "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = { # wg0 = {
autostart = true; # autostart = true;
# Determines the IP address and subnet of the server's end of the tunnel interface. # # Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.2.0.2/32"]; # address = ["10.2.0.2/32"];
# The port that WireGuard listens to. Must be accessible by the client. # # The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51820; # listenPort = 51820;
dns = ["10.2.0.1"]; # dns = ["10.2.0.1"];
# Path to the private key file. # # Path to the private key file.
# # #
# Note: The private key can also be included inline via the privateKey option, # # Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is # # but this makes the private key world-readable; thus, using privateKeyFile is
# recommended. # # recommended.
privateKeyFile = config.sops.secrets."protonvpn-priv-key".path; # privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
peers = [ # peers = [
# List of allowed peers. # # List of allowed peers.
{ # {
# Feel free to give a meaning full name # # Feel free to give a meaning full name
# Public key of the peer (not a file path). # # Public key of the peer (not a file path).
publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg="; # publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing. # # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["0.0.0.0/0"]; # allowedIPs = ["0.0.0.0/0"];
endpoint = "146.70.86.114:51820"; # endpoint = "146.70.86.114:51820";
} # }
]; # ];
}; # };
wg1 = { wg1 = {
# Determines the IP address and subnet of the server's end of the tunnel interface. # Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
@ -181,7 +181,6 @@
# The port that WireGuard listens to. Must be accessible by the client. # The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51821; listenPort = 51821;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = '' postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT