feat: add preliminary wireguard module

2025-10-11 07:10:39 +02:00 · 2023-04-11 01:27:58 +02:00 · 2023-04-11 01:27:58 +02:00 · ea48c316cc
commit ea48c316cc
parent 83a543b266
8 changed files with 207 additions and 93 deletions
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -1,7 +1,8 @@
-{nodeSecrets, ...}: let
-  wgName = "wg-vms";
-  wgPort = 51820;
-in {
+{
+  lib,
+  nodeSecrets,
+  ...
+}: {
  networking.hostId = "49ce3b71";

  systemd.network.networks = {
@ -21,41 +22,14 @@ in {
    };
  };

-  #systemd.network.netdevs."20-${wgName}" = {
-  #  netdevConfig = {
-  #    Kind = "wireguard";
-  #    Name = "${wgName}";
-  #    Description = "Wireguard network ${wgName}";
-  #  };
-  #  wireguardConfig = {
-  #    PrivateKeyFile = wireguardPrivateKey wgName nodeMeta.name;
-  #    ListenPort = wgPort;
-  #  };
-  #  wireguardPeers = [
-  #  {
-  #    wireguardPeerConfig = {
-  #      PublicKey = wireguardPublicKey wgName nodeMeta.name;;
-  #      PresharedKey = wireguardPresharedKey wgName nodeMeta.name;;
-  #      AllowedIPs = [ "10.66.66.10/32" ];
-  #      PersistentKeepalive = 25;
-  #    };
-  #  }
-  #  {
-  #    wireguardPeerConfig = {
-  #      AllowedIPs = [ "10.66.66.100/32" ];
-  #      PersistentKeepalive = 25;
-  #    };
-  #  }
-  #  ];
-  #};
-  #networks."20-${wgName}" = {
-  #  matchConfig.Name = wgName;
-  #  networkConfig = {
-  #    Address = "10.66.66.1/24";
-  #    IPForward = "ipv4";
-  #  };
-  #};
-
-  #extra.wireguard.servers.home = {
-  #};
+  imports = [../../modules/wireguard.nix];
+  extra.wireguard.networks.vms = {
+    address = ["10.0.0.1/24"];
+    listen = true;
+    listenPort = 51822;
+    openFirewall = true;
+    externalPeers = {
+      test = ["10.0.0.91/32"];
+    };
+  };
 }