John Lancaster
68 lines
2.0 KiB
Nix
68 lines
2.0 KiB
Nix
{ self, inputs, ... }: {
|
|
flake.modules.nixos.wireguard = { config, pkgs, lib, ... }:
|
|
let
|
|
wgInterface = "platform";
|
|
in
|
|
{
|
|
imports = [ inputs.sops-nix.nixosModules.sops ];
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
wireguard-tools # https://github.com/WireGuard/wireguard-tools
|
|
# wg-netmanager # https://github.com/gin66/wg_netmanager
|
|
];
|
|
|
|
sops.secrets.wireguard_private_key = { };
|
|
networking.wg-quick.interfaces = {
|
|
${wgInterface} = {
|
|
autostart = false; # Managed by dispatcher
|
|
postUp = "echo 'Post up command'";
|
|
address = [ "192.168.3.5/32" ];
|
|
dns = [ "192.168.1.150" ];
|
|
privateKeyFile = config.sops.secrets.wireguard_private_key.path;
|
|
peers = [
|
|
{
|
|
publicKey = "BD1/q18OfpoMCDusNZk9cqB1vvR8bgodZ1L7198jVic=";
|
|
allowedIPs = [ "192.168.0.0/16" ];
|
|
endpoint = "wg.john-stream.com:51830";
|
|
persistentKeepalive = 25;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
|
|
perSystem = { system, pkgs, lib, ... }:
|
|
let
|
|
connect = pkgs.writeShellApplication {
|
|
name = "wg-platform-connect";
|
|
text = ''
|
|
sudo systemctl start wg-quick-platform.service
|
|
START_TIME=$(sudo systemctl show -p ActiveEnterTimestamp wg-quick-platform | cut -d= -f2)
|
|
journalctl -u wg-quick-platform --since "$START_TIME" --no-pager
|
|
'';
|
|
};
|
|
|
|
disconnect = pkgs.writeShellApplication {
|
|
name = "wg-platform-disconnect";
|
|
text = ''
|
|
STOP_TIME=$(date '+%Y-%m-%d %H:%M:%S')
|
|
systemctl stop wg-quick-platform.service
|
|
journalctl -u wg-quick-platform.service --since "$STOP_TIME" --no-pager
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
packages.wg-platform = inputs.wrappers.lib.wrapPackage {
|
|
inherit pkgs;
|
|
runtimeInputs = with pkgs; [ coreutils systemd wireguard-tools ];
|
|
package = pkgs.symlinkJoin {
|
|
name = "wg-platform";
|
|
paths = [
|
|
connect
|
|
disconnect
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|