Parameterise wireguard

This commit is contained in:
Simon Bruder 2020-12-05 14:39:36 +01:00
parent 8a63f8aac4
commit 74ddf83617
No known key found for this signature in database
GPG key ID: 6F03E0000CC5B62F
6 changed files with 46 additions and 37 deletions

View file

@ -16,6 +16,10 @@
sbruder = {
gui = true;
restic.enable = true;
wireguard.home = {
enable = true;
address = "10.80.0.4";
};
};
boot.loader.grub.device = "/dev/disk/by-id/ata-INTEL_SSDSC2KB480G7_PHYS749202D6480BGN";
@ -30,6 +34,4 @@
};
networking.hostName = "nunotaba";
networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
}

View file

@ -16,6 +16,10 @@
sbruder = {
gui = true;
restic.enable = true;
wireguard.home = {
enable = true;
address = "10.80.0.5";
};
};
boot.loader.grub.device = "/dev/disk/by-id/ata-MTFDDAK256TBN-1AR15ABHA_UFZMQ01ZR50NMM";
@ -41,6 +45,4 @@
};
networking.hostName = "sayuri";
networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.5/24" ];
}

View file

@ -27,6 +27,7 @@
./tools.nix
./udev.nix
./web.nix
./wireguard
];
config = {

View file

@ -1,17 +1,8 @@
{ config, ... }:
let
vpnNetRanges = config.networking.wireguard.interfaces.wg-home.ips;
vpnNetRange = builtins.elemAt vpnNetRanges 0;
vpnAddress = builtins.elemAt (builtins.split "/" vpnNetRange) 0;
in
{
imports = [
../wireguard/home.nix
];
services.prometheus.exporters.node = {
enable = true;
listenAddress = vpnAddress;
listenAddress = config.sbruder.wireguard.home.address;
enabledCollectors = [ "systemd " ];
};

View file

@ -0,0 +1,7 @@
{
imports = [
./home.nix
];
networking.wireguard.enable = true;
}

View file

@ -1,28 +1,34 @@
# Module for setting up the shared part of my home wireguard network.
# Every machine using this still has to set the `ips` for the `wg-home`
# interface and place the private key in their secrets directory as
# `wg-home_private_key`
#
# Example:
#
# networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
{ config, ... }:
{ lib, config, ... }:
let
cfg = config.sbruder.wireguard.home;
in
{
networking.wireguard = {
enable = true;
interfaces = {
wg-home = {
privateKeyFile = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key);
peers = [
{
allowedIPs = [ "10.80.0.0/24" ];
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
persistentKeepalive = 25;
}
];
options = {
sbruder.wireguard.home = {
enable = lib.mkEnableOption "WireGuard tunnel wg-home";
address = lib.mkOption {
type = lib.types.str;
description = "IP(v4) address of the host";
example = "10.80.0.1";
};
privateKeyFile = lib.mkOption {
type = lib.types.str;
description = "Private key file";
default = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key);
};
};
};
config.networking.wireguard.interfaces.wg-home = lib.mkIf cfg.enable {
privateKeyFile = cfg.privateKeyFile;
ips = [ "${cfg.address}/24" ];
peers = [
{
allowedIPs = [ "10.80.0.0/24" ];
publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
persistentKeepalive = 25;
}
];
};
}