{ lib, config, pkgs, ... }: with lib; let psCfg = config.pub-solar; cfg = config.pub-solar.wireguard-client; in { options.pub-solar.wireguard-client = { ownIPs = mkOption { description = '' Internal ips in wireguard used for cluster control-plane communication. ''; type = types.listOf types.str; }; wireguardPrivateKeyFile = mkOption { description = '' Location of private key file ''; type = types.path; }; }; config = { networking.firewall.allowedUDPPorts = [51899]; networking.wg-quick.interfaces = { wg0 = { listenPort = 51899; address = cfg.ownIPs; dns = [ "10.0.1.2" "fd00:acab:1312:acab:2::" ]; privateKeyFile = cfg.wireguardPrivateKeyFile; peers = [ { # pie-server publicKey = "8M/+y6AqbSsbK0JENkjRXqlRR56iiM/QRjGGtEM+Uj8="; allowedIPs = [ "10.0.1.0/32" "fd00:acab:1312:acab:0::/128" ]; endpoint = "[2a02:908:5b1:e3c0:3077:4e39:7763:2]:51898"; persistentKeepalive = 25; } ]; }; }; }; }