nixos-configs/nixos/wireguard.nix

41 lines
1.2 KiB
Nix

{ lib, config, ... }: {
networking = {
useDHCP = lib.mkDefault true;
networkmanager.unmanaged = [ "tailscale0" ];
wg-quick.interfaces = {
home = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = [ "10.225.191.4/24" ];
dns = [ "192.168.30.131" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" ];
}];
};
home-no-pihole = {
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
address = [ "10.225.191.4/24" ];
dns = [ "192.168.10.1" ];
autostart = false;
mtu = 1412;
peers = [{
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
endpoint = "wg.kun.is:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [ "0.0.0.0/0" ];
}];
};
};
};
sops.secrets = {
"wireguard/home/presharedKey" = { };
"wireguard/home/privateKey" = { };
};
}