From 0ef23d4501592a192ba020a2ac34abb1a3d8fc5e Mon Sep 17 00:00:00 2001
From: Azat Bahawi <azat@bahawi.net>
Date: Sat, 11 Mar 2023 12:51:58 +0300
Subject: 2023-03-11

---
 nixosConfigurations/manwe/default.nix | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

(limited to 'nixosConfigurations/manwe')

diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix
index 12d929e..a47cd88 100644
--- a/nixosConfigurations/manwe/default.nix
+++ b/nixosConfigurations/manwe/default.nix
@@ -1,5 +1,6 @@
 {
   config,
+  inputs,
   lib,
   ...
 }:
@@ -34,6 +35,7 @@ with lib; {
       enable = true;
       domain = my.domain.azahi;
     };
+    murmur.enable = true;
     radicale.enable = true;
     rss-bridge.enable = true;
     shadowsocks.enable = true;
@@ -44,6 +46,35 @@ with lib; {
     vaultwarden.enable = true;
   };
 
+  # To play old LAN games with the boys.
+  secrets."wireguard-private-key-70".file = "${inputs.self}/secrets/wireguard-private-key-70";
+  networking = mkIf config.nixfiles.modules.wireguard.server.enable {
+    wireguard.interfaces.wg70 = {
+      ips = ["10.70.0.1/16"];
+      listenPort = 7070;
+      privateKeyFile = config.secrets."wireguard-private-key-70".path;
+      peers = [
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.1/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.2/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.3/32"];
+        }
+        {
+          publicKey = "@PUBLIC_KEY@";
+          allowedIPs = ["10.70.1.4/32"];
+        }
+      ];
+    };
+    firewall.allowedUDPPorts = [7070];
+  };
+
   boot = {
     loader.grub = {
       enable = true;
-- 
cgit v1.2.3