about summary refs log tree commit diff
path: root/modules/private-wireguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/private-wireguard.nix')
-rw-r--r--modules/private-wireguard.nix44
1 files changed, 0 insertions, 44 deletions
diff --git a/modules/private-wireguard.nix b/modules/private-wireguard.nix
deleted file mode 100644
index d4ad676..0000000
--- a/modules/private-wireguard.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ lib, hostname, config, self, ... }:
-
-let
-  inherit (lib) mkEnableOption mkOption mkIf types;
-  inherit (builtins) readFile fromTOML;
-  secrets = config.age.secrets;
-  cfg = config.networking.private-wireguard;
-  port = 51871;
-  wgcfg = fromTOML (readFile "${self}/configs/wireguard.toml");
-  allPeers = wgcfg.peers;
-  thisPeer = allPeers."${hostname}" or null;
-  otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers;
-in
-{
-  options.networking.private-wireguard = {
-    enable = mkEnableOption "Enable private wireguard vpn connection";
-  };
-
-  config = lib.mkIf cfg.enable {
-    networking = {
-      wireguard.interfaces.wg0 = {
-        listenPort = port;
-        privateKeyFile = secrets."wireguard_privatekey".path;
-        ips = [
-          "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}"
-        ];
-
-        peers = lib.mapAttrsToList
-          (name: peer:
-            {
-              allowedIPs = [
-                "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}"
-              ];
-              publicKey = peer.key;
-            } // lib.optionalAttrs (peer ? externalIp) {
-              endpoint = "${peer.externalIp}:${toString port}";
-            } // lib.optionalAttrs (!(thisPeer ? externalIp)) {
-              persistentKeepalive = 10;
-            })
-          otherPeers;
-      };
-    };
-  };
-}