# Module for setting up the shared part of my home wireguard network.
# Every machine using this still has to set the `ips` for the `wg-home`
# interface and place the private key in their secrets directory as
# `wg-home_private_key`
#
# Example:
#
#     networking.wireguard.interfaces.wg-home.ips = [ "10.80.0.4/24" ];
{ config, ... }:

{
  networking.wireguard = {
    enable = true;
    interfaces = {
      wg-home = {
        privateKeyFile = toString (../../machines/. + "/${config.networking.hostName}" + /secrets/wg-home_private_key);
        peers = [
          {
            allowedIPs = [ "10.80.0.0/24" ];
            publicKey = "UyZRAVTIc/RMs/J+591wrA8lHU0e8dwDJJwcpRb3xQA=";
            endpoint = "87.140.16.73:51820"; # IPv6 is tunneled so legacy is preferred
            persistentKeepalive = 25;
          }
        ];
      };
    };
  };
}