66 lines
1.6 KiB
Nix
66 lines
1.6 KiB
Nix
{
|
|
config,
|
|
flake,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
let
|
|
cfg = config.momo-cloud.wireguard;
|
|
wireguardDevicesForUsers = import ../../lib/wireguardDevicesForUsers.nix { inherit lib; };
|
|
in
|
|
{
|
|
options.momo-cloud.wireguard = with lib; {
|
|
enable = mkEnableOption "Enable wireguard network";
|
|
openFirewall = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
};
|
|
privateKeyFile = mkOption { type = types.str; };
|
|
listenPort = mkOption {
|
|
type = types.int;
|
|
default = 51820;
|
|
};
|
|
mtu = mkOption {
|
|
type = types.int;
|
|
default = 1300;
|
|
};
|
|
additionalPeers = mkOption {
|
|
type = types.listOf types.attrs;
|
|
default = [ ];
|
|
};
|
|
ipv4.address = mkOption { type = types.str; };
|
|
ipv6.address = mkOption { type = types.str; };
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ cfg.listenPort ];
|
|
|
|
networking.wireguard.interfaces = {
|
|
wg-ssh = {
|
|
listenPort = cfg.listenPort;
|
|
mtu = cfg.mtu;
|
|
ips = [
|
|
"${config.momo-cloud.wireguard.ipv4.address}/32"
|
|
"${config.momo-cloud.wireguard.ipv6.address}/96"
|
|
];
|
|
privateKeyFile = config.momo-cloud.wireguard.privateKeyFile;
|
|
peers =
|
|
(wireguardDevicesForUsers config.momo-cloud.authentication.users)
|
|
++ cfg.additionalPeers;
|
|
};
|
|
};
|
|
|
|
services.openssh.openFirewall = true;
|
|
#services.openssh.listenAddresses = [
|
|
# {
|
|
# addr = config.momo-cloud.wireguard.ipv4.address;
|
|
# port = 22;
|
|
# }
|
|
# {
|
|
# addr = "[${config.momo-cloud.wireguard.ipv6.address}]";
|
|
# port = 22;
|
|
# }
|
|
#];
|
|
};
|
|
}
|