diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2025-10-20 21:30:24 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2025-10-20 21:43:54 +0530 |
| commit | 3107c3d5f435f551219f000b14538691908067e9 (patch) | |
| tree | 2c0ab4243bd3f441d4cc84cf698fbf7ad1b7bf74 /os/kay/modules/network | |
| parent | 299038b8b0c7de7b713f66cee206d019d60586e3 (diff) | |
chore(os): drop wireguard
Diffstat (limited to 'os/kay/modules/network')
| -rw-r--r-- | os/kay/modules/network/default.nix | 1 | ||||
| -rw-r--r-- | os/kay/modules/network/wireguard.nix | 71 |
2 files changed, 0 insertions, 72 deletions
diff --git a/os/kay/modules/network/default.nix b/os/kay/modules/network/default.nix index 56371c7..019ee24 100644 --- a/os/kay/modules/network/default.nix +++ b/os/kay/modules/network/default.nix @@ -12,7 +12,6 @@ in imports = [ ./router.nix ./hurricane.nix - ./wireguard.nix ./headscale.nix ]; diff --git a/os/kay/modules/network/wireguard.nix b/os/kay/modules/network/wireguard.nix deleted file mode 100644 index fd00804..0000000 --- a/os/kay/modules/network/wireguard.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - wgInterface = "wg"; - wanInterface = "ppp0"; - port = 51820; - - wgConf = pkgs.writeText "wg.conf" '' - [interface] - Address = 10.0.1.1/24 - MTU = 1412 - ListenPort = 51820 - PostUp = ${ - lib.getExe ( - pkgs.writeShellApplication { - name = "wg_set_key"; - runtimeInputs = with pkgs; [ wireguard-tools ]; - text = '' - wg set ${wgInterface} private-key <(cat ${config.sops.secrets."misc/wireguard".path}) - ''; - } - ) - } - - [Peer] - # friendly_name = cez - PublicKey = IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8= - AllowedIPs = 10.0.1.2/32 - - [Peer] - # friendly_name = exy - PublicKey = bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8= - AllowedIPs = 10.0.1.3/32 - - [Peer] - # friendly_name = dad - PublicKey = q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ= - AllowedIPs = 10.0.1.4/32 - ''; -in -{ - sops.secrets."misc/wireguard" = { }; - - networking = { - nat = { - enable = true; - externalInterface = wanInterface; - internalInterfaces = [ wgInterface ]; - }; - - firewall.allowedUDPPorts = [ port ]; - wg-quick.interfaces.${wgInterface}.configFile = builtins.toString wgConf; - }; - - services.dnsmasq.settings = { - no-dhcp-interface = wgInterface; - interface = [ wgInterface ]; - }; - - services.prometheus.exporters.wireguard = { - enable = true; - withRemoteIp = true; - wireguardConfig = builtins.toString wgConf; - singleSubnetPerField = true; - listenAddress = "127.0.0.1"; - }; -} |