2024-07-24 15:49:31 -04:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
|
|
|
|
inherit (config.khepri) rwDataDir;
|
2024-02-28 13:43:07 -05:00
|
|
|
|
|
|
|
|
rwPath = rwDataDir + "/wg-easy";
|
|
|
|
|
in {
|
2024-07-24 15:49:31 -04:00
|
|
|
khepri.compositions."wg-easy".services."wg-easy" = {
|
|
|
|
|
image = import ./images/wg-easy.nix pkgs;
|
2024-02-28 13:43:07 -05:00
|
|
|
restart = "always";
|
|
|
|
|
privileged = true;
|
|
|
|
|
|
2024-07-24 15:49:31 -04:00
|
|
|
capAdd = [
|
|
|
|
|
"NET_ADMIN"
|
|
|
|
|
"SYS_MODULE"
|
|
|
|
|
];
|
2024-02-28 13:43:07 -05:00
|
|
|
|
2024-07-24 15:49:31 -04:00
|
|
|
sysctls = [
|
|
|
|
|
"net.ipv4.ip_forward=1"
|
|
|
|
|
"net.ipv4.conf.all.src_valid_mark=1"
|
|
|
|
|
];
|
2024-02-28 13:43:07 -05:00
|
|
|
|
|
|
|
|
dns = ["1.0.0.1"];
|
|
|
|
|
|
|
|
|
|
environment = {
|
|
|
|
|
WG_HOST = "166.62.179.208";
|
|
|
|
|
WG_PORT = "51820";
|
|
|
|
|
WG_DEFAULT_ADDRESS = "10.6.0.x";
|
|
|
|
|
WG_DEFAULT_DNS = "1.0.0.1";
|
|
|
|
|
};
|
|
|
|
|
|
2024-03-11 22:25:32 -04:00
|
|
|
volumes = [
|
|
|
|
|
"${rwPath}/data:/etc/wireguard"
|
2024-02-28 13:43:07 -05:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
ports = [
|
|
|
|
|
"53:51820/udp"
|
|
|
|
|
"51822:51820/udp"
|
|
|
|
|
"51821:51821/tcp"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
}
|
