about summary refs log tree commit diff
path: root/nix
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-05-08 19:33:35 -0700
committerFranck Cuny <franck@fcuny.net>2023-05-08 19:33:35 -0700
commit4ec55bc970a48ef49763b6b4768da3ed95c71e0d (patch)
treeec7d019b2378d1127e41b76e2e3061e3f88b0d3d /nix
parentprofile/acme: default DNS provider is gandi (diff)
downloadworld-4ec55bc970a48ef49763b6b4768da3ed95c71e0d.tar.gz
modules/wireguard: move the module to the right location
Diffstat (limited to 'nix')
-rw-r--r--nix/mkSystem.nix2
-rw-r--r--nix/private-wireguard.nix44
2 files changed, 1 insertions, 45 deletions
diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix
index 1403538..d2e7ebf 100644
--- a/nix/mkSystem.nix
+++ b/nix/mkSystem.nix
@@ -10,7 +10,7 @@ inputs.nixpkgs.lib.nixosSystem {
     "${self}/modules"
     "${self}/hosts/${hostname}"
     "${self}/modules/homelab"
-    ./private-wireguard.nix
+    "${self}/modules/private-wireguard.nix"
     {
       networking.hostName = hostname;
       nixpkgs = {
diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix
deleted file mode 100644
index 8e5d74c..0000000
--- a/nix/private-wireguard.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ lib, hostname, config, ... }:
-
-let
-  inherit (lib) mkEnableOption mkOption mkIf types;
-  inherit (builtins) readFile fromTOML fromJSON;
-  secrets = config.age.secrets;
-  cfg = config.networking.private-wireguard;
-  port = 51871;
-  wgcfg = fromTOML (readFile ./../configs/wireguard.toml);
-  allPeers = wgcfg.peers;
-  thisPeer = allPeers."${hostname}" or null;
-  otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers;
-in
-{
-  options.networking.private-wireguard = {
-    enable = mkEnableOption "Enable private wireguard vpn connection";
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking = {
-      wireguard.interfaces.wg0 = {
-        listenPort = port;
-        privateKeyFile = secrets."wireguard_privatekey".path;
-        ips = [
-          "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
-        ];
-
-        peers = lib.mapAttrsToList
-          (name: peer:
-            {
-              allowedIPs = [
-                "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}"
-              ];
-              publicKey = peer.key;
-            } // lib.optionalAttrs (peer ? externalIp) {
-              endpoint = "${peer.externalIp}:${toString port}";
-            } // lib.optionalAttrs (!(thisPeer ? externalIp)) {
-              persistentKeepalive = 10;
-            })
-          otherPeers;
-      };
-    };
-  };
-}