fritzbox VPN

2026-03-16 10:11:08 +01:00 · 2024-09-23 19:19:14 +02:00
parent 2067944151
commit 3bdf71425b
7 changed files with 38 additions and 1 deletions
--- a/configs/default.nix
+++ b/configs/default.nix
@@ -246,6 +246,7 @@ in {
    ./nix.nix
    ./newsboat.nix
    ./flameshot.nix
+    ./fritzbox.nix
    ./packages.nix
    ./picom.nix
    ./stardict.nix
--- a/configs/fritzbox.nix
+++ b/configs/fritzbox.nix
@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking.wg-quick.interfaces.aether = {
+    dns = ["192.168.178.1" "fritz.box"];
+    listenPort = 51820;
+    privateKeyFile = config.age.secrets.wireguard-aether-key.path;
+    peers = [
+      {
+        allowedIPs = ["192.168.178.0/24" "0.0.0.0/0"];
+        endpoint = "lng5gx2rmssv8ge1.myfritz.net:58997";
+        persistentKeepalive = 25;
+        presharedKeyFile = config.age.secrets.wireguard-aether-psk.path;
+        publicKey = "8Rr7BueC0CGmycBQFS7YM7VF7Adkdc1ZcLFy8YXyOQk=";
+      }
+    ];
+  };
+}
--- a/2
+++ b/2
--- a/secrets.txt
+++ b/secrets.txt
@@ -13,6 +13,8 @@ secrets/fatteh-retiolum-privateKey-ed25519.age
 secrets/fatteh-retiolum-privateKey-rsa.age
 secrets/fatteh-syncthing-cert.age
 secrets/fatteh-syncthing-key.age
+secrets/fatteh-wireguard-aether-key.age
+secrets/fatteh-wireguard-aether-psk.age
 secrets/ful-retiolum-privateKey-ed25519.age
 secrets/ful-retiolum-privateKey-rsa.age
 secrets/ful-root.age
@@ -25,6 +27,8 @@ secrets/kabsa-retiolum-privateKey-ed25519.age
 secrets/kabsa-retiolum-privateKey-rsa.age
 secrets/kabsa-syncthing-cert.age
 secrets/kabsa-syncthing-key.age
+secrets/kabsa-wireguard-aether-key.age
+secrets/kabsa-wireguard-aether-psk.age
 secrets/kfm-password.age
 secrets/ledger-basicAuth.age
 secrets/makanek-retiolum-privateKey-ed25519.age
@@ -33,6 +37,8 @@ secrets/manakish-retiolum-privateKey-ed25519.age
 secrets/manakish-retiolum-privateKey-rsa.age
 secrets/manakish-syncthing-cert.age
 secrets/manakish-syncthing-key.age
+secrets/manakish-wireguard-aether-key.age
+secrets/manakish-wireguard-aether-psk.age
 secrets/maxmind-license-key.age
 secrets/mega-password.age
 secrets/miniflux-api-token.age
--- a/systems/fatteh/configuration.nix
+++ b/systems/fatteh/configuration.nix
@@ -38,8 +38,12 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/fatteh-syncthing-cert.age;
    syncthing-key.file = ../../secrets/fatteh-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/fatteh-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/fatteh-wireguard-aether-psk.age;
  };

+  networking.wg-quick.interfaces.aether.address = ["192.168.178.202/24"];
+
  networking.hostName = "fatteh";
  networking.retiolum = retiolumAddresses.fatteh;

--- a/systems/kabsa/configuration.nix
+++ b/systems/kabsa/configuration.nix
@@ -43,8 +43,12 @@ in {
    restic.file = ../../secrets/restic.age;
    syncthing-cert.file = ../../secrets/kabsa-syncthing-cert.age;
    syncthing-key.file = ../../secrets/kabsa-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/kabsa-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/kabsa-wireguard-aether-psk.age;
  };

+  networking.wg-quick.interfaces.aether.address = ["192.168.178.203/24"];
+
  environment.systemPackages = [pkgs.zeroad];

  networking = {
--- a/systems/manakish/configuration.nix
+++ b/systems/manakish/configuration.nix
@@ -32,8 +32,12 @@ in {
    };
    syncthing-cert.file = ../../secrets/manakish-syncthing-cert.age;
    syncthing-key.file = ../../secrets/manakish-syncthing-key.age;
+    wireguard-aether-key.file = ../../secrets/manakish-wireguard-aether-key.age;
+    wireguard-aether-psk.file = ../../secrets/manakish-wireguard-aether-psk.age;
  };

+  networking.wg-quick.interfaces.aether.address = ["192.168.178.204/24"];
+
  stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";

  niveum = {