2020-12-05 14:39:36 +01:00
|
|
|
{ lib, config, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.sbruder.wireguard.home;
|
|
|
|
in
|
2020-08-22 17:44:39 +02:00
|
|
|
{
|
2020-12-05 14:39:36 +01:00
|
|
|
options = {
|
|
|
|
sbruder.wireguard.home = {
|
|
|
|
enable = lib.mkEnableOption "WireGuard tunnel wg-home";
|
|
|
|
address = lib.mkOption {
|
|
|
|
type = lib.types.str;
|
|
|
|
description = "IP(v4) address of the host";
|
|
|
|
example = "10.80.0.1";
|
|
|
|
};
|
2020-08-22 17:44:39 +02:00
|
|
|
};
|
|
|
|
};
|
2020-12-05 14:39:36 +01:00
|
|
|
|
2021-01-06 13:09:29 +01:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
krops.secrets.wg-home-private-key = { };
|
|
|
|
|
|
|
|
networking.wireguard.interfaces.wg-home = {
|
|
|
|
privateKeyFile = config.krops.secrets.wg-home-private-key.path;
|
|
|
|
ips = [ "${cfg.address}/24" ];
|
|
|
|
peers = [
|
|
|
|
{
|
|
|
|
allowedIPs = [ "10.80.0.0/24" ];
|
|
|
|
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
|
|
|
|
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
|
|
|
|
persistentKeepalive = 25;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
2021-01-18 00:05:18 +01:00
|
|
|
|
|
|
|
networking.firewall.trustedInterfaces = [ "wg-home" ];
|
2020-12-05 14:39:36 +01:00
|
|
|
};
|
2020-08-22 17:44:39 +02:00
|
|
|
}
|