yay

2026-02-24 21:44:37 -08:00 · 2026-02-24 21:44:37 -08:00 · ad0c74b801
commit ad0c74b801
parent 753d9a581e
3 changed files with 14 additions and 2 deletions
--- a/common.nix
+++ b/common.nix
@ -24,7 +24,7 @@
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = "no";
-      AllowUsers = [ "ellie" "forgejo" ];
+      AllowUsers = [ "ellie" "forgejo" "borg" ];
    };
    extraConfig = ''
      Match User forgejo Address 10.10.0.1
--- a/flake.nix
+++ b/flake.nix
@ -86,7 +86,6 @@
          ./services/coturn.nix
          ./services/wireguard-outer.nix
          ./services/borgbackup-vps.nix
-          ./services/syncthing-relay.nix
        ];
      };

--- a/services/wireguard-outer.nix
+++ b/services/wireguard-outer.nix
@ -1,6 +1,8 @@
 { lib, pkgs, config, ... }:

 {
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
  sops.secrets."wireguard/private_key" = {
    sopsFile = ./secrets/wireguard_vps.yaml;
    mode = "0400";
@ -21,9 +23,20 @@

    peers = [
      {
+        # Home server
        publicKey = "s2plHABMTF83iqrCHlQ+o5ieJSAfudx3upm3v77y1DI=";
        allowedIPs = [ "10.10.0.2/32" ];
      }
+      {
+        # Desktop
+        publicKey = "nMQY5RsyTkUi3p6i8pElY9b2Z0vFEeSUdqtw7eQnbQM=";
+        allowedIPs = [ "10.10.0.3/32" ];
+      }
+      {
+        # Phone
+        publicKey = "4MDcBaF7oafv5ZC2fjgFHuXnrpwaRglM7fmSw7zo6CQ=";
+        allowedIPs = [ "10.10.0.4/32" ];
+      }
    ];
  };