nixos-configs/nixos/wireguard.nix

56 lines
1.5 KiB
Nix
Raw Permalink Normal View History

2024-10-26 18:33:47 +00:00
{
lib,
config,
...
2024-10-27 11:23:20 +00:00
}: let
cfg = config.pim.wireguard;
in {
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
2024-10-26 18:24:13 +00:00
2024-10-27 11:23:20 +00:00
config = lib.mkIf cfg.enable {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = ["tailscale0"];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.30.131"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
2024-10-26 18:24:13 +00:00
2024-10-27 11:23:20 +00:00
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = ["10.225.191.4/24"];
dns = ["192.168.10.1"];
autostart = false;
mtu = 1412;
peers = [
{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = ["0.0.0.0/0"];
}
];
};
2024-10-26 18:24:13 +00:00
};
};
2024-10-27 11:23:20 +00:00
sops.secrets = {
"wireguard/home/presharedKey" = {};
"wireguard/home/privateKey" = {};
};
2024-10-26 18:24:13 +00:00
};
}