2025-07-06 12:09:21 +03:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.custom.networking.netflixWg;
|
|
|
|
|
host = config.networking.hostName;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.custom.networking = {
|
|
|
|
|
netflixWg = {
|
2025-07-25 13:12:41 +03:00
|
|
|
enable = lib.mkEnableOption "Netflix WireGuard";
|
2025-07-06 12:09:21 +03:00
|
|
|
suffix = lib.mkOption {
|
|
|
|
|
type = with lib.types; nullOr (strMatching "^[0-9.]+$");
|
|
|
|
|
default = null;
|
|
|
|
|
description = "IPv4 Suffix for Netflix WireGuard config";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
sops.secrets.priv-netflix-wg.sopsFile = ../../secrets/${host}/netflix-wg.yaml;
|
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
wg-quick.interfaces = {
|
|
|
|
|
wg1 = {
|
|
|
|
|
autostart = false;
|
|
|
|
|
address = [ "10.100.0.${cfg.suffix}/24" ];
|
|
|
|
|
dns = [ "1.1.1.1" ];
|
|
|
|
|
privateKeyFile = config.sops.secrets.priv-netflix-wg.path;
|
|
|
|
|
listenPort = 51820;
|
|
|
|
|
|
|
|
|
|
peers = [
|
|
|
|
|
{
|
|
|
|
|
publicKey = "XSYHg0utIR1j7kRsWFwuWNo4RPD47KP53cVa6qDPtRE=";
|
|
|
|
|
allowedIPs = [
|
|
|
|
|
"0.0.0.0/0"
|
|
|
|
|
"192.168.0.0/24"
|
|
|
|
|
];
|
|
|
|
|
endpoint = "netflix.vsinerva.fi:51821";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
