fritzbox VPN

2026-03-16 10:11:08 +01:00 · 2024-09-23 19:19:14 +02:00
parent 2067944151
commit 3bdf71425b
7 changed files with 38 additions and 1 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -246,6 +246,7 @@ in {
    ./nix.nix
    ./newsboat.nix
    ./flameshot.nix
    ./fritzbox.nix
    ./packages.nix
    ./picom.nix
    ./stardict.nix
--- a/configs/fritzbox.nix
+++ b/configs/fritzbox.nix
@@ -0,0 +1,18 @@
 { config, ... }:
 {
  networking.firewall.allowedUDPPorts = [ 51820 ];
  networking.wg-quick.interfaces.aether = {
    dns = ["192.168.178.1" "fritz.box"];
    listenPort = 51820;
    privateKeyFile = config.age.secrets.wireguard-aether-key.path;
    peers = [
      {
        allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
        endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
        persistentKeepalive = 25;
        presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
        publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
      }
    ];
  };
 }
--- a/2
+++ b/2
--- a/secrets.txt
+++ b/secrets.txt
@@ -13,6 +13,8 @@ secrets/fatteh-retiolum-privateKey-ed25519.age
 secrets/fatteh-retiolum-privateKey-rsa.age
 secrets/fatteh-syncthing-cert.age
 secrets/fatteh-syncthing-key.age
 secrets/fatteh-wireguard-aether-key.age
 secrets/fatteh-wireguard-aether-psk.age
 secrets/ful-retiolum-privateKey-ed25519.age
 secrets/ful-retiolum-privateKey-rsa.age
 secrets/ful-root.age
@@ -25,6 +27,8 @@ secrets/kabsa-retiolum-privateKey-ed25519.age
 secrets/kabsa-retiolum-privateKey-rsa.age
 secrets/kabsa-syncthing-cert.age
 secrets/kabsa-syncthing-key.age
 secrets/kabsa-wireguard-aether-key.age
 secrets/kabsa-wireguard-aether-psk.age
 secrets/kfm-password.age
 secrets/ledger-basicAuth.age
 secrets/makanek-retiolum-privateKey-ed25519.age
@@ -33,6 +37,8 @@ secrets/manakish-retiolum-privateKey-ed25519.age
 secrets/manakish-retiolum-privateKey-rsa.age
 secrets/manakish-syncthing-cert.age
 secrets/manakish-syncthing-key.age
 secrets/manakish-wireguard-aether-key.age
 secrets/manakish-wireguard-aether-psk.age
 secrets/maxmind-license-key.age
 secrets/mega-password.age
 secrets/miniflux-api-token.age
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -38,8 +38,12 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
    syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
    wireguard-aether-key.file = ../../secrets/fatteh-wireguard-aether-key.age;
    wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
  };
  networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
  networking.hostName = "fatteh";
  networking.retiolum = retiolumAddresses.fatteh;
--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -43,8 +43,12 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
    wireguard-aether-key.file = ../../secrets/kabsa-wireguard-aether-key.age;
    wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
  };
  networking.wg-quick.interfaces.aether.address = ["192.168.178.203/24"];
  environment.systemPackages = [pkgs.zeroad];
  networking = {
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -32,8 +32,12 @@ in {
    };
    syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
    syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
    wireguard-aether-key.file = ../../secrets/manakish-wireguard-aether-key.age;
    wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
  };
  networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
  niveum = {