Setting up tetra and mogma

2026-01-15 03:01:34 +01:00 · 2026-01-15 03:01:34 +01:00 · 34a686c562
commit 34a686c562
parent 0812b82c46
12 changed files with 454 additions and 8 deletions
--- a/hosts/zora/networking.nix
+++ b/hosts/zora/networking.nix
@ -1,6 +1,10 @@
-{ ... }:
+{ config, ... }:

 {
+  imports = [
+    ../../modules/server/mogma
+  ];
+
  # Networking
  networking = {
    hostName = "zora";
@ -51,6 +55,51 @@
    };
  };

+  # VPN
+  networking.vpn-netns = {
+    wireguardInterface = "mogma";
+    nameserver = "10.2.0.1";
+
+    interfaceNamespace = "netns-mogma";
+    vethInterfaceName = "veth-mogma";
+
+    vethIP = "192.168.2.2";
+    vethOuterIP = "192.168.2.1";
+
+    wireguardOptions = {
+      privateKeyFile = config.age.secrets.mogma-privatekey.path;
+      ips = [ "10.2.0.2/32" ];
+
+      peers = [
+        {
+          publicKey = "W4XqVNXMdnhtiRxWNzWThy3f7hRoT9NTx/HYu/jTaRU=";
+          allowedIPs = [
+            "0.0.0.0/0"
+            "::/0"
+          ];
+          endpoint = "79.127.169.89:51820";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
+
+    restrictedServices = [
+      "qbittorrent"
+      # "suwayomi-server"
+    ];
+
+    portForwarding = {
+      enable = true;
+    };
+  };
+
+  age.secrets = {
+    mogma-privatekey = {
+      file = ../../secrets/zora/services/mogma-privatekey.age;
+      mode = "755";
+    };
+  };
+
  # Imposing a bandwidth limit to avoid Aurore/Crans disruptions
  # networking.nftables = {
  #   tables.rate_limit = {