diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-08 19:33:35 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-08 19:33:35 -0700 |
commit | 4ec55bc970a48ef49763b6b4768da3ed95c71e0d (patch) | |
tree | ec7d019b2378d1127e41b76e2e3061e3f88b0d3d /nix | |
parent | profile/acme: default DNS provider is gandi (diff) | |
download | world-4ec55bc970a48ef49763b6b4768da3ed95c71e0d.tar.gz |
modules/wireguard: move the module to the right location
Diffstat (limited to 'nix')
-rw-r--r-- | nix/mkSystem.nix | 2 | ||||
-rw-r--r-- | nix/private-wireguard.nix | 44 |
2 files changed, 1 insertions, 45 deletions
diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix index 1403538..d2e7ebf 100644 --- a/nix/mkSystem.nix +++ b/nix/mkSystem.nix @@ -10,7 +10,7 @@ inputs.nixpkgs.lib.nixosSystem { "${self}/modules" "${self}/hosts/${hostname}" "${self}/modules/homelab" - ./private-wireguard.nix + "${self}/modules/private-wireguard.nix" { networking.hostName = hostname; nixpkgs = { diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix deleted file mode 100644 index 8e5d74c..0000000 --- a/nix/private-wireguard.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, hostname, config, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf types; - inherit (builtins) readFile fromTOML fromJSON; - secrets = config.age.secrets; - cfg = config.networking.private-wireguard; - port = 51871; - wgcfg = fromTOML (readFile ./../configs/wireguard.toml); - allPeers = wgcfg.peers; - thisPeer = allPeers."${hostname}" or null; - otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in -{ - options.networking.private-wireguard = { - enable = mkEnableOption "Enable private wireguard vpn connection"; - }; - - config = lib.mkIf cfg.enable { - networking = { - wireguard.interfaces.wg0 = { - listenPort = port; - privateKeyFile = secrets."wireguard_privatekey".path; - ips = [ - "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" - ]; - - peers = lib.mapAttrsToList - (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) - otherPeers; - }; - }; - }; -} |