3 files changed, 15 insertions, 0 deletions

diff --git a/nix/programs/sops/default.nix b/nix/programs/sops/default.nix
index c8dec69..7fb5841 100644
--- a/nix/programs/sops/default.nix
+++ b/nix/programs/sops/default.nix
@@ -24,6 +24,7 @@ in
 
       secrets = {
         freyanetWg = {};
+        tinternetWg = {};
       };
     };
 }
diff --git a/nix/programs/wireguard/default.nix b/nix/programs/wireguard/default.nix
index 7e4ab7a..3bddc22 100644
--- a/nix/programs/wireguard/default.nix
+++ b/nix/programs/wireguard/default.nix
@@ -18,5 +18,18 @@
         persistentKeepalive = 25;
       }];
     };
+
+    tinternet = {
+      address = [ "69.0.0.2/32" "cafe::2/128" "fe80::2/128" ];
+      dns = [ "1.1.1.1" ];
+      privateKeyFile = config.sops.secrets.tinternetWg.path;
+
+      peers = [{
+        publicKey = "8Ice49Yc7N75OYJW59ohDbfUjgrkwIuGWKWocJQGgzI=";
+        allowedIPs = [ "0.0.0.0/0" "::/0" ];
+        endpoint = "freya.cat:51282";
+        persistentKeepalive = 25;
+      }];
+    };
   };
 }
diff --git a/nix/system/default.nix b/nix/system/default.nix
index 2338fe4..b54f8a5 100644
--- a/nix/system/default.nix
+++ b/nix/system/default.nix
@@ -96,6 +96,7 @@
   # certs
   security.pki.certificateFiles = [
     ../../files/certs/freyanet.crt
+    ../../files/certs/tinternet.crt
   ];
 
   # fonts