From 7b536392082650ac21d92bdd8e5e97faac230e39 Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Wed, 18 Dec 2024 00:41:04 +0100
Subject: [PATCH] [vpn] rm wireguard.nix

---
 machines/vpn/wireguard.nix | 73 --------------------------------------
 1 file changed, 73 deletions(-)
 delete mode 100644 machines/vpn/wireguard.nix

diff --git a/machines/vpn/wireguard.nix b/machines/vpn/wireguard.nix
deleted file mode 100644
index 087ac797..00000000
--- a/machines/vpn/wireguard.nix
+++ /dev/null
@@ -1,73 +0,0 @@
-{config, pkgs, ...}:
-{
-  sops.secrets.wireguard_private = {};
-
-  # enable NAT
-  networking.nat.enable = true;
-  networking.nat.externalInterface = "eth0";
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ];
-  };
-
-
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces = {
-    # "wg0" is the network interface name. You can name the interface arbitrarily.
-    wg0 = {
-      # Determines the IP address and subnet of the server's end of the tunnel interface.
-      ips = [ "10.100.0.1/24" ];
-
-      # The port that WireGuard listens to. Must be accessible by the client.
-      listenPort = 51820;
-
-      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
-      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
-      postSetup = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-      '';
-
-      # This undoes the above command
-      postShutdown = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-      '';
-
-      # Path to the private key file.
-      #
-      # Note: The private key can also be included inline via the privateKey option,
-      # but this makes the private key world-readable; thus, using privateKeyFile is
-      # recommended.
-      privateKey = config.sops.secrets.wireguard_private.path;
-
-      peers = [
-        # List of allowed peers.
-        { # Feel free to give a meaningfull name
-          # Public key of the peer (not a file path).
-          publicKey = "SfokXbgmvSmodgPFoVHjwmHE3nriQ3OTQ+hISU/3eW4=";
-
-          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.100.0.2/32" ];
-
-        }
-      ];
-    };
-  };
-
-  #sops.secrets.wireguard_host = {};
-  #sops.secrets.mullvad_secret = {};
-
-  #networking.wg-quick.interfaces = {
-  #  wg0 = {
-  #    address = [ "50.100.0.2/24" ];
-  #    privateKeyFile = "/home/kalipso/.config/wireguard-keys/private";
-
-  #    peers = [
-  #      {
-  #        publicKey = "Anme1N482rGSZ14wqtZQbzUHvX4oFhoVct0d187H0iM=";
-  #        allowedIPs = [ "50.100.0.0/24" ];
-  #        endpoint = "5.9.153.217:51820";
-  #      }
-  #    ];
-  #  };
-
-}