2024-10-26 18:33:47 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
2024-10-27 11:23:20 +00:00
|
|
|
}: let
|
|
|
|
cfg = config.pim.wireguard;
|
|
|
|
in {
|
|
|
|
options.pim.wireguard.enable = lib.mkEnableOption "wireguard";
|
2024-10-26 18:24:13 +00:00
|
|
|
|
2024-10-27 11:23:20 +00:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
networking = {
|
|
|
|
useDHCP = lib.mkDefault true;
|
|
|
|
networkmanager.unmanaged = ["tailscale0"];
|
|
|
|
|
|
|
|
wg-quick.interfaces = {
|
|
|
|
home = {
|
|
|
|
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
|
|
|
address = ["10.225.191.4/24"];
|
|
|
|
dns = ["192.168.30.131"];
|
|
|
|
autostart = false;
|
|
|
|
mtu = 1412;
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
|
|
|
endpoint = "wg.kun.is:51820";
|
|
|
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
|
|
|
allowedIPs = ["0.0.0.0/0"];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2024-10-26 18:24:13 +00:00
|
|
|
|
2024-10-27 11:23:20 +00:00
|
|
|
home-no-pihole = {
|
|
|
|
privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
|
|
|
|
address = ["10.225.191.4/24"];
|
|
|
|
dns = ["192.168.10.1"];
|
|
|
|
autostart = false;
|
|
|
|
mtu = 1412;
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
|
|
|
|
endpoint = "wg.kun.is:51820";
|
|
|
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
|
|
|
allowedIPs = ["0.0.0.0/0"];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2024-10-26 18:24:13 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2024-10-27 11:23:20 +00:00
|
|
|
sops.secrets = {
|
|
|
|
"wireguard/home/presharedKey" = {};
|
|
|
|
"wireguard/home/privateKey" = {};
|
|
|
|
};
|
2024-10-26 18:24:13 +00:00
|
|
|
};
|
|
|
|
}
|