From 7d73807f80c885333b7d1cb0ac6afd1f0400efeb Mon Sep 17 00:00:00 2001
From: kalipso <kalipso@c3d2.de>
Date: Mon, 16 Dec 2024 22:01:04 +0100
Subject: [PATCH] [lucia] rm wireguard cfg

---
 machines/lucia/configuration.nix |  1 -
 machines/lucia/wireguard.nix     | 55 --------------------------------
 2 files changed, 56 deletions(-)
 delete mode 100644 machines/lucia/wireguard.nix

diff --git a/machines/lucia/configuration.nix b/machines/lucia/configuration.nix
index 12c87d8..7184763 100644
--- a/machines/lucia/configuration.nix
+++ b/machines/lucia/configuration.nix
@@ -7,7 +7,6 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ../modules/malobeo_user.nix
-      ./wireguard.nix
     ];
 
   sops.defaultSopsFile = ./secrets.yaml;
diff --git a/machines/lucia/wireguard.nix b/machines/lucia/wireguard.nix
deleted file mode 100644
index d000b62..0000000
--- a/machines/lucia/wireguard.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{config, pkgs, ...}:
-{
-  sops.secrets.wireguard_private = {};
-
-  # enable NAT
-  networking.nat.enable = true;
-  networking.nat.externalInterface = "eth0";
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.firewall = {
-    allowedUDPPorts = [ 51820 ];
-  };
-
-
-  networking.wireguard.enable = true;
-  networking.wireguard.interfaces = {
-    # "wg0" is the network interface name. You can name the interface arbitrarily.
-    wg0 = {
-      # Determines the IP address and subnet of the server's end of the tunnel interface.
-      ips = [ "10.100.0.1/24" ];
-
-      # The port that WireGuard listens to. Must be accessible by the client.
-      listenPort = 51820;
-
-      # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
-      # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
-      postSetup = ''
-        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-      '';
-
-      # This undoes the above command
-      postShutdown = ''
-        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
-      '';
-
-      # Path to the private key file.
-      #
-      # Note: The private key can also be included inline via the privateKey option,
-      # but this makes the private key world-readable; thus, using privateKeyFile is
-      # recommended.
-      privateKey = config.sops.secrets.wireguard_private.path;
-
-      peers = [
-        # List of allowed peers.
-        { # Feel free to give a meaningfull name
-          # Public key of the peer (not a file path).
-          publicKey = "SfokXbgmvSmodgPFoVHjwmHE3nriQ3OTQ+hISU/3eW4=";
-
-          # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
-          allowedIPs = [ "10.100.0.2/32" ];
-
-        }
-      ];
-    };
-  };
-}
\ No newline at end of file