40 lines
954 B
Nix
40 lines
954 B
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.networking.wg.client;
|
|
peers = import ./peers.nix {};
|
|
in {
|
|
options.networking.wg.client = {
|
|
enable = lib.mkEnableOption "Enable WireGuard client";
|
|
port = lib.mkOption {
|
|
type = lib.types.port;
|
|
default = 51820;
|
|
description = "Port for WireGuard client";
|
|
};
|
|
autoConnect = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "Automatically connect to the WireGuard server with systemd";
|
|
};
|
|
privateKeyFile = lib.mkOption {
|
|
type = lib.types.path;
|
|
description = "Path to the private key file for the WireGuard client";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
networking.firewall.allowedUDPPorts = [cfg.port];
|
|
networking.wireguard.interfaces.wg0 = {
|
|
inherit (peers.jonas) ips;
|
|
inherit (cfg) privateKeyFile;
|
|
listenPort = cfg.port;
|
|
|
|
peers = [
|
|
peers.harbor
|
|
];
|
|
};
|
|
};
|
|
}
|