nixos-laptop/nixos/wireguard.nix

{ lib, config, ... }: {
  networking = {
    useDHCP = lib.mkDefault true;
    networkmanager.unmanaged = [ "tailscale0" ];

    wg-quick.interfaces = {
      home = {
        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
        address = [ "10.225.191.4/24" ];
        dns = [ "192.168.30.131" ];
        autostart = false;
        mtu = 1412;
        peers = [{
          presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
          endpoint = "wg.kun.is:51820";
          publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
          allowedIPs = [ "0.0.0.0/0" ];
        }];
      };

      home-no-pihole = {
        privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;
        address = [ "10.225.191.4/24" ];
        dns = [ "192.168.10.1" ];
        autostart = false;
        mtu = 1412;
        peers = [{
          presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;
          endpoint = "wg.kun.is:51820";
          publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
          allowedIPs = [ "0.0.0.0/0" ];
        }];
      };
    };
  };

  sops.secrets = {
    "wireguard/home/presharedKey" = { };
    "wireguard/home/privateKey" = { };
  };
}
Move some stuff to modules 2024-10-26 18:24:13 +00:00			`{ lib, config, ... }: {`
			`networking = {`
			`useDHCP = lib.mkDefault true;`
			`networkmanager.unmanaged = [ "tailscale0" ];`

			`wg-quick.interfaces = {`
			`home = {`
			`privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;`
			`address = [ "10.225.191.4/24" ];`
			`dns = [ "192.168.30.131" ];`
			`autostart = false;`
			`mtu = 1412;`
			`peers = [{`
			`presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;`
			`endpoint = "wg.kun.is:51820";`
			`publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";`
			`allowedIPs = [ "0.0.0.0/0" ];`
			`}];`
			`};`

			`home-no-pihole = {`
			`privateKeyFile = config.sops.secrets."wireguard/home/privateKey".path;`
			`address = [ "10.225.191.4/24" ];`
			`dns = [ "192.168.10.1" ];`
			`autostart = false;`
			`mtu = 1412;`
			`peers = [{`
			`presharedKeyFile = config.sops.secrets."wireguard/home/presharedKey".path;`
			`endpoint = "wg.kun.is:51820";`
			`publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";`
			`allowedIPs = [ "0.0.0.0/0" ];`
			`}];`
			`};`
			`};`
			`};`

			`sops.secrets = {`
			`"wireguard/home/presharedKey" = { };`
			`"wireguard/home/privateKey" = { };`
			`};`
			`}`