nixos-laptop/nixos/wireguard.nix

{
  lib,
  config,
  ...
}: {
  networking = {
    useDHCP = lib.mkDefault true;
    networkmanager.unmanaged = ["tailscale0"];

    wg-quick.interfaces = {
      home = {
        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
        address = ["10.225.191.4/24"];
        dns = ["192.168.30.131"];
        autostart = false;
        mtu = 1412;
        peers = [
          {
            presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
            endpoint = "wg.kun.is:51820";
            publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
            allowedIPs = ["0.0.0.0/0"];
          }
        ];
      };

      home-no-pihole = {
        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
        address = ["10.225.191.4/24"];
        dns = ["192.168.10.1"];
        autostart = false;
        mtu = 1412;
        peers = [
          {
            presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
            endpoint = "wg.kun.is:51820";
            publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
            allowedIPs = ["0.0.0.0/0"];
          }
        ];
      };
    };
  };

  sops.secrets = {
    "wireguard/home/presharedKey" = {};
    "wireguard/home/privateKey" = {};
  };
}
Format repo 2024-10-26 18:33:47 +00:00			`{`
			`lib,`
			`config,`
			`...`
			`}: {`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`networking = {`
			`useDHCP = lib.mkDefault true;`
Format repo 2024-10-26 18:33:47 +00:00			`networkmanager.unmanaged = ["tailscale0"];`
Move some stuff to modules 2024-10-26 18:24:13 +00:00
			`wg-quick.interfaces = {`
			`home = {`
			`privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;`
Format repo 2024-10-26 18:33:47 +00:00			`address = ["10.225.191.4/24"];`
			`dns = ["192.168.30.131"];`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`autostart = false;`
			`mtu = 1412;`
Format repo 2024-10-26 18:33:47 +00:00			`peers = [`
			`{`
			`presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;`
			`endpoint = "wg.kun.is:51820";`
			`publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";`
			`allowedIPs = ["0.0.0.0/0"];`
			`}`
			`];`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`};`

			`home-no-pihole = {`
			`privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;`
Format repo 2024-10-26 18:33:47 +00:00			`address = ["10.225.191.4/24"];`
			`dns = ["192.168.10.1"];`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`autostart = false;`
			`mtu = 1412;`
Format repo 2024-10-26 18:33:47 +00:00			`peers = [`
			`{`
			`presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;`
			`endpoint = "wg.kun.is:51820";`
			`publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";`
			`allowedIPs = ["0.0.0.0/0"];`
			`}`
			`];`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`};`
			`};`
			`};`

			`sops.secrets = {`
Format repo 2024-10-26 18:33:47 +00:00			`"wireguard/home/presharedKey" = {};`
			`"wireguard/home/privateKey" = {};`
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`};`
			`}`