John Lancaster
46 lines
1.5 KiB
Nix
46 lines
1.5 KiB
Nix
{ self, inputs, ... }: {
|
|
flake.modules.nixos.wireguard = { config, inputs, pkgs, ... }: {
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard-tools
|
|
wg-netmanager
|
|
(pkgs.writeShellScriptBin "wg-connect" ''
|
|
service="wg-quick-lola"
|
|
sudo systemctl start "$service.service"
|
|
start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
|
|
sudo journalctl -u "$service.service" --since "$start_time" --no-pager
|
|
'')
|
|
(pkgs.writeShellScriptBin "wg-disconnect" ''
|
|
service="wg-quick-lola"
|
|
sudo systemctl stop "$service.service"
|
|
start_time=$(systemctl show -p ActiveEnterTimestamp $service | cut -d= -f2)
|
|
sudo journalctl -u "$service.service" --no-pager --since "$start_time"
|
|
'')
|
|
];
|
|
|
|
networking.extraHosts = ''
|
|
192.168.1.100 john-nas
|
|
192.168.1.130 pve5070
|
|
192.168.1.201 ad-nix
|
|
'';
|
|
|
|
sops.secrets.wireguard_private_key = { };
|
|
networking.wg-quick.interfaces = {
|
|
lola = {
|
|
# autostart = true;
|
|
postUp = "echo 'Post up command'";
|
|
address = [ "192.168.3.5/32" ];
|
|
# dns = [ "192.168.1.182" ];
|
|
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
|
|
|
|
peers = [
|
|
{
|
|
publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
|
|
allowedIPs = [ "192.168.1.0/24" ];
|
|
endpoint = "wg.john-stream.com:51830";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
} |