John Lancaster
58 lines
1.9 KiB
Nix
58 lines
1.9 KiB
Nix
{ self, inputs, ... }: {
|
|
flake.modules.nixos.wireguard = { config, pkgs, lib, ... }:
|
|
let
|
|
wgInterface = "platform";
|
|
systemctl = lib.getExe' pkgs.systemd "systemctl";
|
|
journalctl = lib.getExe' pkgs.systemd "journalctl";
|
|
|
|
mkConnect = interface:
|
|
let
|
|
serviceName = "wg-quick-${interface}";
|
|
service = "${serviceName}.service";
|
|
in
|
|
pkgs.writeShellScriptBin "wg-connect-${interface}" ''
|
|
${systemctl} start ${service}
|
|
start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
|
|
${journalctl} -u ${service} --since "$start_time" --no-pager
|
|
'';
|
|
mkDisconnect = interface:
|
|
let
|
|
serviceName = "wg-quick-${interface}";
|
|
service = "${serviceName}.service";
|
|
in
|
|
pkgs.writeShellScriptBin "wg-disconnect-${interface}" ''
|
|
${systemctl} stop ${service}
|
|
start_time=$(${systemctl} show -p ActiveEnterTimestamp ${serviceName} | cut -d= -f2)
|
|
${journalctl} -u ${service} --since "$start_time" --no-pager
|
|
'';
|
|
in
|
|
{
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard-tools
|
|
wg-netmanager
|
|
(mkConnect "platform")
|
|
(mkDisconnect "platform")
|
|
];
|
|
|
|
sops.secrets.wireguard_private_key = { };
|
|
networking.wg-quick.interfaces = {
|
|
${wgInterface} = {
|
|
autostart = false; # Managed by dispatcher
|
|
postUp = "echo 'Post up command'";
|
|
address = [ "192.168.3.5/32" ];
|
|
dns = [ "192.168.1.150" ];
|
|
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
|
|
peers = [
|
|
{
|
|
publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
|
|
allowedIPs = [ "192.168.0.0/16" ];
|
|
endpoint = "wg.john-stream.com:51830";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
} |