os/modules/home-controller/wireguard.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

36 lines
833 B
Nix
Raw Normal View History

2023-03-07 15:48:46 +00:00
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
2023-03-07 15:48:46 +00:00
in {
config = mkIf cfg.enable {
systemd.services.wireguard-wghome.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wghome.serviceConfig.RestartSec = "5s";
2023-03-07 15:48:46 +00:00
networking.firewall.allowedUDPPorts = [51899];
networking.wireguard.interfaces = {
wghome = {
2023-03-07 15:48:46 +00:00
ips = [cfg.ownIp];
listenPort = 51899;
privateKeyFile = cfg.wireguardPrivateKeyFile;
2023-10-28 00:56:04 +00:00
mtu = 1400;
2023-03-07 15:48:46 +00:00
peers = [
{
# chonk
publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
allowedIPs = ["10.0.1.0/24"];
endpoint = "vpn.gssws.de:51899";
persistentKeepalive = 25;
}
];
};
};
};
}