diff options
Diffstat (limited to 'modules/private-wireguard.nix')
-rw-r--r-- | modules/private-wireguard.nix | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/modules/private-wireguard.nix b/modules/private-wireguard.nix deleted file mode 100644 index d4ad676..0000000 --- a/modules/private-wireguard.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, hostname, config, self, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf types; - inherit (builtins) readFile fromTOML; - secrets = config.age.secrets; - cfg = config.networking.private-wireguard; - port = 51871; - wgcfg = fromTOML (readFile "${self}/configs/wireguard.toml"); - allPeers = wgcfg.peers; - thisPeer = allPeers."${hostname}" or null; - otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in -{ - options.networking.private-wireguard = { - enable = mkEnableOption "Enable private wireguard vpn connection"; - }; - - config = lib.mkIf cfg.enable { - networking = { - wireguard.interfaces.wg0 = { - listenPort = port; - privateKeyFile = secrets."wireguard_privatekey".path; - ips = [ - "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" - ]; - - peers = lib.mapAttrsToList - (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) - otherPeers; - }; - }; - }; -} |