Move some stuff to modules

2024-10-26 20:24:13 +02:00 · 2024-10-26 20:24:13 +02:00 · 08b0fbcd0c
commit 08b0fbcd0c
parent 61640c0580
30 changed files with 427 additions and 406 deletions
--- a/nixos/wireguard.nix
+++ b/nixos/wireguard.nix
@ -0,0 +1,41 @@
+{ lib, config, ... }: {
+  networking = {
+    useDHCP = lib.mkDefault true;
+    networkmanager.unmanaged = [ "tailscale0" ];
+
+    wg-quick.interfaces = {
+      home = {
+        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
+        address = [ "10.225.191.4/24" ];
+        dns = [ "192.168.30.131" ];
+        autostart = false;
+        mtu = 1412;
+        peers = [{
+          presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
+          endpoint = "wg.kun.is:51820";
+          publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+          allowedIPs = [ "0.0.0.0/0" ];
+        }];
+      };
+
+      home-no-pihole = {
+        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
+        address = [ "10.225.191.4/24" ];
+        dns = [ "192.168.10.1" ];
+        autostart = false;
+        mtu = 1412;
+        peers = [{
+          presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
+          endpoint = "wg.kun.is:51820";
+          publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+          allowedIPs = [ "0.0.0.0/0" ];
+        }];
+      };
+    };
+  };
+
+  sops.secrets = {
+    "wireguard/home/presharedKey" = { };
+    "wireguard/home/privateKey" = { };
+  };
+}