diff options
Diffstat (limited to 'nixos/modules/services/networking/wg-netmanager.nix')
-rw-r--r-- | nixos/modules/services/networking/wg-netmanager.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/wg-netmanager.nix b/nixos/modules/services/networking/wg-netmanager.nix new file mode 100644 index 0000000000000..493ff7ceba9f1 --- /dev/null +++ b/nixos/modules/services/networking/wg-netmanager.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.wg-netmanager; +in +{ + + options = { + services.wg-netmanager = { + enable = mkEnableOption "Wireguard network manager"; + }; + }; + + ###### implementation + config = mkIf cfg.enable { + # NOTE: wg-netmanager runs as root + systemd.services.wg-netmanager = { + description = "Wireguard network manager"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + path = with pkgs; [ wireguard-tools iproute2 wireguard-go ]; + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + + ReadWritePaths = [ + "/tmp" # wg-netmanager creates files in /tmp before deleting them after use + ]; + }; + unitConfig = { + ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"]; + }; + }; + }; + + meta.maintainers = with maintainers; [ gin66 ]; +} |