46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.yorick.lumi-vpn;
|
|
addresses = import
|
|
"${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix" {
|
|
lib.ip4.ip = a: b: c: d: x:
|
|
lib.concatStringsSep "." (map toString [ a b c d ]);
|
|
};
|
|
in {
|
|
options.yorick.lumi-vpn = with lib; {
|
|
enable = mkEnableOption "lumi vpn";
|
|
name = mkOption {
|
|
type = types.str;
|
|
example = "yorick-homepc";
|
|
};
|
|
user = mkOption {
|
|
type = types.str;
|
|
default = "yorick";
|
|
};
|
|
mtu = mkOption {
|
|
type = types.int;
|
|
default = 1371; # 1408 at home
|
|
};
|
|
ip = mkOption {
|
|
type = types.str;
|
|
example = "10.109.0.1";
|
|
default = addresses.workstations."${cfg.name}";
|
|
};
|
|
};
|
|
config = lib.mkIf cfg.enable {
|
|
networking.wireguard.interfaces = {
|
|
wg-lumi = {
|
|
privateKeyFile =
|
|
"/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
|
|
ips = [ cfg.ip ];
|
|
peers = [{
|
|
publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
|
|
endpoint = "wg.lumi.guide:31727";
|
|
allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
|
|
}];
|
|
postSetup = "ip link set dev wg-lumi mtu ${toString cfg.mtu}";
|
|
};
|
|
};
|
|
};
|
|
}
|