2020-12-05 14:39:36 +01:00
|
|
|
{ lib, config, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.sbruder.wireguard.home;
|
|
|
|
|
in
|
2020-08-22 17:44:39 +02:00
|
|
|
{
|
2020-12-05 14:39:36 +01:00
|
|
|
options = {
|
|
|
|
|
sbruder.wireguard.home = {
|
|
|
|
|
enable = lib.mkEnableOption "WireGuard tunnel wg-home";
|
|
|
|
|
address = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "IP(v4) address of the host";
|
|
|
|
|
example = "10.80.0.1";
|
|
|
|
|
};
|
|
|
|
|
privateKeyFile = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = "Private key file";
|
2020-12-12 16:50:25 +01:00
|
|
|
default = toString <secrets/wg-home-private-key>;
|
2020-08-22 17:44:39 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2020-12-05 14:39:36 +01:00
|
|
|
|
|
|
|
|
config.networking.wireguard.interfaces.wg-home = lib.mkIf cfg.enable {
|
|
|
|
|
privateKeyFile = cfg.privateKeyFile;
|
|
|
|
|
ips = [ "${cfg.address}/24" ];
|
|
|
|
|
peers = [
|
|
|
|
|
{
|
|
|
|
|
allowedIPs = [ "10.80.0.0/24" ];
|
|
|
|
|
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
|
|
|
|
|
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
|
|
|
|
|
persistentKeepalive = 25;
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
2020-08-22 17:44:39 +02:00
|
|
|
}
|
