diff --git a/modules/features/wireguard.nix b/modules/features/wireguard.nix new file mode 100644 index 0000000..60b9a29 --- /dev/null +++ b/modules/features/wireguard.nix @@ -0,0 +1,46 @@ +{ self, inputs, ... }: { + flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + wireguard-tools + wg-netmanager + (pkgs.writeShellScriptBin "wg-connect" '' + service="wg-quick-lola" + sudo systemctl start "$service.service" + start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2) + sudo journalctl -u "$service.service" --since "$start_time" --no-pager + '') + (pkgs.writeShellScriptBin "wg-disconnect" '' + service="wg-quick-lola" + sudo systemctl stop "$service.service" + start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2) + sudo journalctl -u "$service.service" --no-pager --since "$start_time" + '') + ]; + + networking.extraHosts = '' + 192.168.1.100 john-nas + 192.168.1.130 pve5070 + 192.168.1.201 ad-nix + ''; + + sops.secrets.wireguard_private_key = { }; + networking.wg-quick.interfaces = { + lola = { + # autostart = true; + postUp = "echo 'Post up command'"; + address = [ "192.168.3.5/32" ]; + # dns = [ "192.168.1.182" ]; + privateKeyFile = config.sops.secrets.wireguard_private_key.path; + + peers = [ + { + publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic="; + allowedIPs = [ "192.168.1.0/24" ]; + endpoint = "wg.john-stream.com:51830"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/hosts/john-p14s/default.nix b/modules/hosts/john-p14s/default.nix index 556344f..bec76f8 100644 --- a/modules/hosts/john-p14s/default.nix +++ b/modules/hosts/john-p14s/default.nix @@ -23,6 +23,7 @@ john gnome steam + wireguard # greetd # niri ]);