{ lib, config, pkgs, ... }: let psCfg = config.pub-solar; cfg = config.pub-solar.wireguard-client; inherit (lib) mkOption types; in { options.pub-solar.wireguard-client = { ownIPs = mkOption { description = '' Internal ips in wireguard used for cluster control-plane communication. ''; type = types.listOf types.str; }; wireguardPrivateKeyFile = mkOption { description = '' Location of private key file ''; type = types.path; }; }; config = { networking.firewall.allowedUDPPorts = [ 51899 ]; networking.wg-quick.interfaces = { wg0 = { listenPort = 51899; address = cfg.ownIPs; dns = [ "10.0.1.2" "fd00:b12f:acab:1312:acab:2::" ]; privateKeyFile = cfg.wireguardPrivateKeyFile; peers = [ { # frikandel publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; allowedIPs = [ "10.0.1.0/24" "fd00:b12f:acab:1312::/64" ]; endpoint = "[2a01:4f8:c2c:b60::]:51899"; persistentKeepalive = 25; } ]; }; }; }; }