VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions
nixos-conf/personal/networking/home-wg.nix

69 lines
1.9 KiB
Nix
Raw Blame History

{ config, lib, ... }:
{
options.custom.home_wg_suffix = lib.mkOption {
type = with lib.types; nullOr (strMatching "^[0-9a-zA-Z:]+$");
default = null;
description = "IPv6 GUA Suffix for Home WireGuard config";
};
config =
let
host = config.networking.hostName;
in
{
sops = {
secrets = {
priv-home-wg = {
sopsFile = ../../secrets/${host}/home-wg.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
psk-home-wg = {
sopsFile = ../../secrets/${host}/home-wg.yaml;
restartUnits = [ "wg-quick-wg0.service" ];
};
};
};
networking = {
networkmanager.settings."connection"."ipv4.dhcp-ipv6-only-preferred" = 1;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "${config.custom.gua_pref}ff::${config.custom.home_wg_suffix}/64" ];
dns = [
"${config.custom.gua_pref}ff::1"
"vsinerva.fi"
];
privateKeyFile = config.sops.secrets.priv-home-wg.path;
listenPort = 51820;
peers = [
{
publicKey = "f9QoYPxyaxylUcOI9cE9fE9DJoEX4c6GUtr4p+rsd34=";
presharedKeyFile = config.sops.secrets.psk-home-wg.path;
allowedIPs = [ "::/0" ];
endpoint = "home.vsinerva.fi:51820";
}
];
};
};
};
services.clatd = {
enable = true;
settings.clat-v6-addr = "${config.custom.gua_pref}ff::c${config.custom.home_wg_suffix}";
};
systemd.services = {
"wg-quick-wg0" = {
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
};
clatd = {
wants = [ "wg-quick-wg0.service" ];
after = [ "wg-quick-wg0.service" ];
};
};
};
}
View git blame Copy permalink