diff options
Diffstat (limited to '')
-rw-r--r-- | nix/private-wireguard.nix | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix index 706dfd8..8e5d74c 100644 --- a/nix/private-wireguard.nix +++ b/nix/private-wireguard.nix @@ -10,7 +10,8 @@ let allPeers = wgcfg.peers; thisPeer = allPeers."${hostname}" or null; otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in { +in +{ options.networking.private-wireguard = { enable = mkEnableOption "Enable private wireguard vpn connection"; }; @@ -24,17 +25,19 @@ in { "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" ]; - peers = lib.mapAttrsToList (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) otherPeers; + peers = lib.mapAttrsToList + (name: peer: + { + allowedIPs = [ + "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" + ]; + publicKey = peer.key; + } // lib.optionalAttrs (peer ? externalIp) { + endpoint = "${peer.externalIp}:${toString port}"; + } // lib.optionalAttrs (!(thisPeer ? externalIp)) { + persistentKeepalive = 10; + }) + otherPeers; }; }; }; |