cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

system/wireguard: use wg-quick for clients

Browse source
This commit is contained in:
LavaDesu 2025-05-20 11:51:42 +10:00
parent 0fe62078fa
commit 3ebd082be2
Signed by: cilly
GPG key ID: 6500251E087653C9
1 changed files with 16 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

17
modules/system/wireguard.nix
View file

@ -112,6 +112,20 @@ let
peers = [ serverPeer ]; peers = [ serverPeer ];
}; };
}; };
clientQuickConfig = {
wg-quick.interfaces =
let
client = clients."${config.networking.hostName}";
in {
wg0 = {
address = client.allowedIPs;
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
peers = [ serverPeer ];
};
};
};
in { in {
boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({ boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({
"net.ipv6.conf.all.forwarding" = true; "net.ipv6.conf.all.forwarding" = true;
@ -120,6 +134,7 @@ in {
networking = networking =
lib.mkMerge [ lib.mkMerge [
(lib.mkIf (config.networking.hostName == serverName) serverConfig) (lib.mkIf (config.networking.hostName == serverName) serverConfig)
(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig) #(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig)
(lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientQuickConfig)
]; ];
} }