machines/sternenseemann/wireguard.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

{ config, pkgs, ... }:

let
  keyDir = "/home/lukas/files/crypto/wireguard";
in

{
  config = {
    networking.wg-quick = {
      interfaces = {
        wg1 = {
          address = [
            "fd03:1337::216/64"
            "10.13.37.216/24"
          ];
          dns = [
            "95.215.19.53"
            "2001:67c:2354:2::53"
          ];
          privateKeyFile = "${keyDir}/njalla-private";

          peers = [
            {
              endpoint = "wg009.njalla.no:51820";
              publicKey = "5qO6a8iN7eU7/vQkG/0I31Aks1WNbAeJHwJ+ds1llGY=";
              allowedIPs = [
                "0.0.0.0/0"
                "::/0"
              ];
              persistentKeepalive = 25;
            }
          ];
        };
      };
    };

    vuizvui.user.sternenseemann.services.sway.extraStatus = builtins.listToAttrs (
      builtins.concatLists (
        builtins.map (
          iface:
          builtins.map (
            ip:
            {
              name = "path_exists ${iface}${ip}";
              value = ''
                path = "/proc/sys/net/ip${ip}/conf/${iface}"
              '';
            }
          ) [ "v4" "v6" ]
        ) (builtins.attrNames config.networking.wg-quick.interfaces)
      )
    );
  };
}