51 lines
1.1 KiB
Nix
51 lines
1.1 KiB
Nix
{ pkgs, config, ... }:
|
|
let
|
|
s = config.sops.secrets;
|
|
|
|
secretConfig = {
|
|
owner = "nebula-wopus";
|
|
group = "nebula-wopus";
|
|
restartUnits = [ "nebula@wopus.service" ];
|
|
sopsFile = ../../secrets/double-rainbow/default.yaml;
|
|
};
|
|
in
|
|
{
|
|
environment.systemPackages = with pkgs; [ nebula ];
|
|
|
|
services.nebula.networks.wopus = {
|
|
enable = true;
|
|
isLighthouse = false;
|
|
lighthouses = [ "192.168.88.1" ];
|
|
settings = {
|
|
cipher = "aes";
|
|
};
|
|
cert = s."nebula-wopus-vpn/double-rainbow-crt".path;
|
|
key = s."nebula-wopus-vpn/double-rainbow-key".path;
|
|
ca = s."nebula-wopus-vpn/ca-crt".path;
|
|
staticHostMap = {
|
|
"192.168.88.1" = [
|
|
"neubla-vpn.wopus.dev:4242"
|
|
];
|
|
};
|
|
firewall.outbound = [
|
|
{
|
|
host = "any";
|
|
port = "any";
|
|
proto = "any";
|
|
}
|
|
];
|
|
firewall.inbound = [
|
|
{
|
|
host = "any";
|
|
port = "any";
|
|
proto = "any";
|
|
}
|
|
];
|
|
};
|
|
|
|
sops.secrets = {
|
|
"nebula-wopus-vpn/ca-crt" = secretConfig;
|
|
"nebula-wopus-vpn/double-rainbow-crt" = secretConfig;
|
|
"nebula-wopus-vpn/double-rainbow-key" = secretConfig;
|
|
};
|
|
}
|