From 74f98b7f03fd21bbf75825a7c04ba4ce1eef2250 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 4 Sep 2024 15:30:04 +0200
Subject: [PATCH] feat: move vpn ip from lisa to akhaten

---
 machines/akhaten/default.nix | 56 +++++++++++++++++++++++++++++++++++-
 machines/gustave/default.nix |  3 +-
 2 files changed, 57 insertions(+), 2 deletions(-)

diff --git a/machines/akhaten/default.nix b/machines/akhaten/default.nix
index a600824..422fdab 100644
--- a/machines/akhaten/default.nix
+++ b/machines/akhaten/default.nix
@@ -43,6 +43,7 @@
   networking.useNetworkd = true;
   systemd.network = {
     enable = true;
+    config.networkConfig.IPv4Forwarding = true;
 
     networks = {
       "10-wan" = {
@@ -55,7 +56,14 @@
           { Address = "163.172.91.82/24"; }
           { Address = "2001:0bc8:3d24::45/64"; }
         ];
-        gateway = [ "163.172.91.1" ];
+        routes = [
+          {
+            routeConfig = {
+              Gateway = "163.172.91.1";
+              Destination = "0.0.0.0/0";
+            };
+          }
+        ];
         dhcpV6Config = {
           DUIDRawData = "00:01:62:7c:0e:d3:27:5b";
           DUIDType = "link-layer";
@@ -70,8 +78,54 @@
 
         linkConfig.RequiredForOnline = "routable";
       };
+
+      "30-wg0" = {
+        matchConfig.Name = "wg0";
+        address = [
+          "10.100.45.1/24"
+          "fc00::1/64"
+        ];
+        networkConfig.IPMasquerade = "ipv4";
+      };
     };
+
+    netdevs = {
+      "10-wg0" = {
+        netdevConfig = {
+          Kind = "wireguard";
+          Name = "wg0";
+          MTUBytes = "1300";
+        };
+        wireguardConfig = {
+          PrivateKeyFile = "/srv/wg-private";
+          ListenPort = 51821;
+        };
+        wireguardPeers = [
+          {
+            wireguardPeerConfig = {
+              PublicKey = "axigTezuClSoQlxWvpdzXKXUDjrrQlswE50ox0uDLR0=";
+              AllowedIPs = [ "10.100.45.2/32" ];
+            };
+          }
+          {
+            wireguardPeerConfig = {
+              PublicKey = "ElVrxNiYvV13hEDtqZNw4kLF7UiPTXziz8XgqABB0AU=";
+              AllowedIPs = [ "10.100.45.3/32" ];
+            };
+          }
+
+        ];
+      };
+    };
+
   };
 
+  networking.firewall.allowedUDPPorts = [
+    51821
+  ];
+  networking.firewall.allowedTCPPorts = [
+    51821
+  ];
+
   system.stateVersion = "24.11";
 }
diff --git a/machines/gustave/default.nix b/machines/gustave/default.nix
index 78e2e73..46c0e2b 100644
--- a/machines/gustave/default.nix
+++ b/machines/gustave/default.nix
@@ -2,6 +2,7 @@
   pkgs,
   inputs,
   profiles,
+  lib,
   ...
 }:
 {
@@ -53,7 +54,7 @@
           wireguardPeerConfig = {
             PublicKey = "oYsN1Qy+a7dwVOKapN5s5KJOmhSflLHZqh+GLMeNpHw=";
             AllowedIPs = [ "0.0.0.0/0" ];
-            Endpoint = "[2a01:e0a:5f9:9681:5880:c9ff:fe9f:3dfb]:51821";
+            Endpoint = "[${lib.snowfield.akhaten.ips.public.ipv6}]:51821";
             PersistentKeepalive = 25;
           };
         }