tstarr/dotfiles
1
0
Fork 0
mirror of https://github.com/starr-dusT/dotfiles.git synced 2025-05-19 02:46:06 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix wireguard setup

Browse Source
This commit is contained in:
Tyler Starr 2024-10-21 10:51:21 -07:00
parent 856352f045
commit 86d4170178
3 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
provision/hosts/kestrel/configuration.nix
View File

@ -64,7 +64,7 @@
terminal.enable = true; terminal.enable = true;
wireguard-client = { wireguard-client = {
enable = true; enable = true;
privateKeyFile = "/run/agenix/wireguard/kestrel"; host = "kestrel";
address = [ "192.168.3.3/24" ]; address = [ "192.168.3.3/24" ];
publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ="; publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
endpoint = "66.218.43.87"; endpoint = "66.218.43.87";

4
provision/hosts/osprey/configuration.nix
View File

@ -51,8 +51,8 @@
terminal.enable = true; terminal.enable = true;
wireguard-client = { wireguard-client = {
enable = true; enable = true;
privateKeyFile = "/run/agenix/wireguard/osprey"; host = "osprey";
address = [ "192.168.3.3/24" ]; address = [ "192.168.3.5/24" ];
publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ="; publicKey = "bd7bbZOngl/FTdBlnbIhgCLNf6yx5X8WjiRB7E1NEQQ=";
endpoint = "66.218.43.87"; endpoint = "66.218.43.87";
}; };

6
provision/modules/system/wireguard-client.nix
View File

@ -5,7 +5,7 @@ let cfg = config.modules.system.wireguard-client;
in { in {
options.modules.system.wireguard-client = with lib; { options.modules.system.wireguard-client = with lib; {
enable = lib.mkEnableOption "wireguard-client"; enable = lib.mkEnableOption "wireguard-client";
privateKeyFile = lib.mkOption { type = with types; str; }; host = lib.mkOption { type = with types; str; };
address = lib.mkOption { type = with types; listOf str; }; address = lib.mkOption { type = with types; listOf str; };
publicKey = lib.mkOption { type = with types; str; }; publicKey = lib.mkOption { type = with types; str; };
endpoint = lib.mkOption { type = with types; str; }; endpoint = lib.mkOption { type = with types; str; };
@ -24,11 +24,13 @@ in {
networking.firewall = { networking.firewall = {
allowedUDPPorts = [ 51820 ]; allowedUDPPorts = [ 51820 ];
}; };
# deploy needed secrets
age.secrets."wireguard/${cfg.host}".file = ../../secrets/wireguard/${cfg.host}.age;
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
wg0 = { wg0 = {
address = cfg.address; address = cfg.address;
listenPort = 51820; listenPort = 51820;
privateKeyFile = cfg.privateKeyFile; privateKeyFile = "/run/agenix/wireguard/${cfg.host}";
autostart = cfg.autostart; autostart = cfg.autostart;
peers = [{ peers = [{
publicKey = cfg.publicKey; publicKey = cfg.publicKey;