wireguard freyanet

2025-01-22 12:41:39 -05:00 · 2025-01-22 12:41:39 -05:00 · 5c45c2e200
commit 5c45c2e200
parent 2976e25ed5
4 changed files with 38 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+secrets
--- a/modules/default.nix
+++ b/modules/default.nix
@ -24,6 +24,11 @@
      description = "Home directory path of the user";
      default = "/home/${config.user}";
    };
+    dotfilesPath = lib.mkOption {
+      type = lib.types.str;
+      description = "Dotfiles path inside the users home dir";
+      default = "${config.homePath}/.config/nix";
+    };
    email = lib.mkOption {
      type = lib.types.str;
      description = "Primary email of the user";
--- a/modules/programs/default.nix
+++ b/modules/programs/default.nix
@ -11,6 +11,7 @@
 		./neovim
 		./starship
 		./waybar
+		./wireguard
 		./wofi
 		./zsh
 	];
--- a/modules/programs/wireguard/default.nix
+++ b/modules/programs/wireguard/default.nix
@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+{
+  config = lib.mkIf config.system.enable {
+
+    environment.systemPackages = with pkgs; [
+      wireguard-tools
+    ];
+
+    # TODO: remove this!!!
+    environment.etc = {
+      "resolv.conf".text = "nameserver 10.1.1.1\n";
+    };
+
+    networking.wireguard.enable = true;
+    networking.wireguard.interfaces = {
+      freyanet = {
+        ips = [ "10.2.0.2/32" "fd:cafe:dead:bee::2/128" "fe80::2/128" ];
+        privateKeyFile = "${config.dotfilesPath}/secrets/freyanet.key";
+
+        peers = [{
+          publicKey = "x0ykwakpYCvI/pG+nR83lNUyeOE9m54thnX3bvZ+FUk=";
+          allowedIPs = [ "10.0.0.0/12" "fd:cafe::/32" "fe80::/64" ];
+          endpoint = "freya.cat:41111";
+          persistentKeepalive = 25;
+        }];
+      };
+    };
+
+  };
+}