Modularize stuff better

2024-10-27 12:23:20 +01:00 · 2024-10-27 12:23:20 +01:00 · d427be6e4a
commit d427be6e4a
parent 5b92ddde89
20 changed files with 417 additions and 321 deletions
--- a/nixos/wireguard.nix
+++ b/nixos/wireguard.nix
@ -2,48 +2,54 @@
  lib,
  config,
  ...
-}: {
-  networking = {
-    useDHCP = lib.mkDefault true;
-    networkmanager.unmanaged = ["tailscale0"];
+}: let
+  cfg = config.pim.wireguard;
+in {
+  options.pim.wireguard.enable = lib.mkEnableOption "wireguard";

-    wg-quick.interfaces = {
-      home = {
-        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
-        address = ["10.225.191.4/24"];
-        dns = ["192.168.30.131"];
-        autostart = false;
-        mtu = 1412;
-        peers = [
-          {
-            presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
-            endpoint = "wg.kun.is:51820";
-            publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
-            allowedIPs = ["0.0.0.0/0"];
-          }
-        ];
-      };
+  config = lib.mkIf cfg.enable {
+    networking = {
+      useDHCP = lib.mkDefault true;
+      networkmanager.unmanaged = ["tailscale0"];

-      home-no-pihole = {
-        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
-        address = ["10.225.191.4/24"];
-        dns = ["192.168.10.1"];
-        autostart = false;
-        mtu = 1412;
-        peers = [
-          {
-            presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
-            endpoint = "wg.kun.is:51820";
-            publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
-            allowedIPs = ["0.0.0.0/0"];
-          }
-        ];
+      wg-quick.interfaces = {
+        home = {
+          privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
+          address = ["10.225.191.4/24"];
+          dns = ["192.168.30.131"];
+          autostart = false;
+          mtu = 1412;
+          peers = [
+            {
+              presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
+              endpoint = "wg.kun.is:51820";
+              publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+              allowedIPs = ["0.0.0.0/0"];
+            }
+          ];
+        };
+
+        home-no-pihole = {
+          privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
+          address = ["10.225.191.4/24"];
+          dns = ["192.168.10.1"];
+          autostart = false;
+          mtu = 1412;
+          peers = [
+            {
+              presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
+              endpoint = "wg.kun.is:51820";
+              publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
+              allowedIPs = ["0.0.0.0/0"];
+            }
+          ];
+        };
      };
    };
-  };

-  sops.secrets = {
-    "wireguard/home/presharedKey" = {};
-    "wireguard/home/privateKey" = {};
+    sops.secrets = {
+      "wireguard/home/presharedKey" = {};
+      "wireguard/home/privateKey" = {};
+    };
  };
 }