diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-03-17 14:08:57 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-03-17 14:08:57 +0530 |
| commit | 5f6fb81e1c4e06f54a5c54b7191a2c1541bedc1a (patch) | |
| tree | 20089e8cd5453af1b3fdb71bfb7ceac5b40ca358 | |
| parent | 7a9bed2f9aa41cb02783c58696055005d7a17e81 (diff) | |
kay/wireguard: add friendly_name support for github:MindFlavor/prometheus_wireguard_exporter
| -rw-r--r-- | os/kay/modules/wireguard.nix | 64 |
1 files changed, 38 insertions, 26 deletions
diff --git a/os/kay/modules/wireguard.nix b/os/kay/modules/wireguard.nix index 4707015..7532280 100644 --- a/os/kay/modules/wireguard.nix +++ b/os/kay/modules/wireguard.nix @@ -1,9 +1,43 @@ -{ config, ... }: let +{ config, pkgs, lib, ... }: let wgInterface = "wg"; wanInterface = "ppp0"; subnet = "10.0.1.0"; prefix = 24; port = 51820; + + wgConf = pkgs.writeText "wg.conf" '' + [interface] + Address = 10.0.1.1/24 + MTU = 1412 + ListenPort = 51820 + PostUp = ${lib.getExe (pkgs.writeShellApplication { + name = "wg_set_key"; + runtimeInputs = with pkgs; [ wireguard-tools ]; + text = '' + wg set ${wgInterface} private-key <(cat ${config.sops.secrets."misc/wireguard".path}) + ''; + })} + + [Peer] + # friendly_name = cez + PublicKey = IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8= + AllowedIPs = 10.0.1.2/32 + + [Peer] + # friendly_name = veu + PublicKey = bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8= + AllowedIPs = 10.0.1.3/32 + + [Peer] + # friendly_name = dad + PublicKey = q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ= + AllowedIPs = 10.0.1.4/32 + + [Peer] + # friendly_name = pradeep + PublicKey = BAOdbgUd53ZmQWkZP3N+zAsxdBpqv6icEwmmjRFEmxI= + AllowedIPs = 10.0.1.5/32 + ''; in { sops.secrets."misc/wireguard" = {}; @@ -23,31 +57,7 @@ in { ''; }; - wireguard.interfaces.${wgInterface} = { - ips = [ "10.0.1.1/${toString prefix}" ]; - listenPort = port; - mtu = 1412; # 1492 (ppp0) - 80 - privateKeyFile = config.sops.secrets."misc/wireguard".path; - - peers = [ - { # cez - publicKey = "IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8="; - allowedIPs = [ "10.0.1.2/32" ]; - } - { # veu - publicKey = "bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8="; - allowedIPs = [ "10.0.1.3/32" ]; - } - { # dad - publicKey = "q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ="; - allowedIPs = [ "10.0.1.4/32" ]; - } - { # pradeep - dad fren - publicKey = "BAOdbgUd53ZmQWkZP3N+zAsxdBpqv6icEwmmjRFEmxI="; - allowedIPs = [ "10.0.1.5/32" ]; - } - ]; - }; + wg-quick.interfaces.${wgInterface}.configFile = builtins.toString wgConf; }; services.dnsmasq.settings = { @@ -58,6 +68,8 @@ in { services.prometheus.exporters.wireguard = { enable = true; withRemoteIp = true; + wireguardConfig = builtins.toString wgConf; + singleSubnetPerField = true; listenAddress = "127.0.0.1"; }; } |