{ self, inputs, ... }: { flake.modules.nixos.wireguard = { config, pkgs, lib, ... }: let wgInterface = "platform"; in { imports = [ inputs.sops-nix.nixosModules.sops ]; environment.systemPackages = with pkgs; [ wireguard-tools # https://github.com/WireGuard/wireguard-tools # wg-netmanager # https://github.com/gin66/wg_netmanager ]; sops.secrets.wireguard_private_key = { }; networking.wg-quick.interfaces = { ${wgInterface} = { autostart = false; # Managed by dispatcher postUp = "echo 'Post up command'"; address = [ "192.168.3.5/32" ]; dns = [ "192.168.1.150" ]; privateKeyFile = config.sops.secrets.wireguard_private_key.path; peers = [ { publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic="; allowedIPs = [ "192.168.0.0/16" ]; endpoint = "wg.john-stream.com:51830"; persistentKeepalive = 25; } ]; }; }; }; perSystem = { system, pkgs, lib, ... }: let connect = pkgs.writeShellApplication { name = "wg-platform-connect"; text = '' sudo systemctl start wg-quick-platform.service START_TIME=$(sudo systemctl show -p ActiveEnterTimestamp wg-quick-platform | cut -d= -f2) journalctl -u wg-quick-platform --since "$START_TIME" --no-pager ''; }; disconnect = pkgs.writeShellApplication { name = "wg-platform-disconnect"; text = '' STOP_TIME=$(date '+%Y-%m-%d %H:%M:%S') systemctl stop wg-quick-platform.service journalctl -u wg-quick-platform.service --since "$STOP_TIME" --no-pager ''; }; in { packages.wg-platform = inputs.wrappers.lib.wrapPackage { inherit pkgs; runtimeInputs = with pkgs; [ coreutils systemd wireguard-tools ]; package = pkgs.symlinkJoin { name = "wg-platform"; meta.mainProgram = "wg-platform-connect"; paths = [ connect disconnect ]; }; }; }; }