Server: remove unused wireguard configs and secrets

2023-12-06 15:13:08 +01:00 · 2023-12-06 15:13:08 +01:00 · dc3a37fd98
commit dc3a37fd98
parent e8f709aa45
9 changed files with 0 additions and 120 deletions
--- a/roles/server/default.nix
+++ b/roles/server/default.nix
@ -12,7 +12,6 @@
 		./transmission.nix
 		./ddclient.nix
 		./beep.nix
-		./wireguard.nix
 		./tailscale.nix
 		./traefik.nix
 		./minecraft.nix
--- a/roles/server/wireguard.nix
+++ b/roles/server/wireguard.nix
@ -1,73 +0,0 @@
-{ config, pkgs, ... }:
-
-{
-	# Set up secrets
-	age.secrets = {
-		silverPrivate.file = ../../secrets/wg/silver/serverPriv;
-		silverPhonePsk.file = ../../secrets/wg/silver/phonePsk;
-		toastPrivate.file = ../../secrets/wg/toast/serverPriv;
-		toastPhonePsk.file = ../../secrets/wg/toast/phonePsk;
-	};
-	
-	networking = {
-		# You need NAT if you want to use wireguard as a VPN
-		nat = {
-			enable = true;
-			externalInterface = "eno1";
-			internalInterfaces = [ "wg-*" ];
-		};
-
-		# Allow the wireguard port though the firewall
-		firewall.allowedUDPPorts = with config.networking.wireguard.interfaces; [ vpn-silver.listenPort vpn-toast.listenPort];
-
-		wireguard = {
-			enable = true;
-			interfaces = {
-				vpn-silver = {
-					/*
-					I see people normally use 10.0.X.X, but I already have the muscle memory of
-					typing 192.168.X.X so I went with this one. Plus I'm only going to have 2-3 
-					peers connected at once, so a type C IP is more than enough
-					*/
-					ips = [ "192.168.10.1/24" ];
-					listenPort = 51820;
-					privateKeyFile = config.age.secrets.silverPrivate.path;
-					postSetup = ''
-						${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eno1 -j MASQUERADE
-					'';
-					postShutdown = ''
-						${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.10.0/24 -o eno1 -j MASQUERADE
-					'';
-					peers = [
-						{
-							# Silver's phone
-							allowedIPs = [ "192.168.10.2" ];
-							publicKey = "silvrNOD8j5aDm4PhY8zJBV3JZOeBX6VK5KPvT+3yic=";
-							presharedKeyFile = config.age.secrets.silverPhonePsk.path;
-						}
-					];
-				};
-				vpn-toast = {
-					ips = [ "192.168.11.1/24" ];
-					listenPort = 51821;
-					privateKeyFile = config.age.secrets.toastPrivate.path;
-					postSetup = ''
-						${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -o eno1 -j MASQUERADE
-					'';
-					postShutdown = ''
-						${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 192.168.11.0/24 -o eno1 -j MASQUERADE
-					'';
-					peers = [
-						{
-							# My phone
-							allowedIPs = [ "192.168.11.2" ];
-							publicKey = "pHonE1YaBZcTU5sTMLg6Iy4FIyzInfHfH4x0NZ1lBRA=";
-							presharedKeyFile = config.age.secrets.toastPhonePsk.path;
-						}
-					];
-				};
-				
-			};
-		};
-	};
-}