chore(os): drop wireguard

3 files changed, 0 insertions, 75 deletions

diff --git a/os/kay/modules/network/default.nix b/os/kay/modules/network/default.nix
index 56371c7..019ee24 100644
--- a/os/kay/modules/network/default.nix
+++ b/os/kay/modules/network/default.nix
@@ -12,7 +12,6 @@ in
   imports = [
     ./router.nix
     ./hurricane.nix
-    ./wireguard.nix
     ./headscale.nix
   ];
 
diff --git a/os/kay/modules/network/wireguard.nix b/os/kay/modules/network/wireguard.nix
deleted file mode 100644
index fd00804..0000000
--- a/os/kay/modules/network/wireguard.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  wgInterface = "wg";
-  wanInterface = "ppp0";
-  port = 51820;
-
-  wgConf = pkgs.writeText "wg.conf" ''
-    [interface]
-    Address = 10.0.1.1/24
-    MTU = 1412
-    ListenPort = 51820
-    PostUp = ${
-      lib.getExe (
-        pkgs.writeShellApplication {
-          name = "wg_set_key";
-          runtimeInputs = with pkgs; [ wireguard-tools ];
-          text = ''
-            wg set ${wgInterface} private-key <(cat ${config.sops.secrets."misc/wireguard".path})
-          '';
-        }
-      )
-    }
-
-    [Peer]
-    # friendly_name = cez
-    PublicKey = IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8=
-    AllowedIPs = 10.0.1.2/32
-
-    [Peer]
-    # friendly_name = exy
-    PublicKey = bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8=
-    AllowedIPs = 10.0.1.3/32
-
-    [Peer]
-    # friendly_name = dad
-    PublicKey = q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ=
-    AllowedIPs = 10.0.1.4/32
-  '';
-in
-{
-  sops.secrets."misc/wireguard" = { };
-
-  networking = {
-    nat = {
-      enable = true;
-      externalInterface = wanInterface;
-      internalInterfaces = [ wgInterface ];
-    };
-
-    firewall.allowedUDPPorts = [ port ];
-    wg-quick.interfaces.${wgInterface}.configFile = builtins.toString wgConf;
-  };
-
-  services.dnsmasq.settings = {
-    no-dhcp-interface = wgInterface;
-    interface = [ wgInterface ];
-  };
-
-  services.prometheus.exporters.wireguard = {
-    enable = true;
-    withRemoteIp = true;
-    wireguardConfig = builtins.toString wgConf;
-    singleSubnetPerField = true;
-    listenAddress = "127.0.0.1";
-  };
-}
diff --git a/os/kay/modules/observability/prometheus.nix b/os/kay/modules/observability/prometheus.nix
index 1810f9e..9ca73da 100644
--- a/os/kay/modules/observability/prometheus.nix
+++ b/os/kay/modules/observability/prometheus.nix
@@ -13,9 +13,6 @@
             targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
           }
           {
-            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}" ];
-          }
-          {
             targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.dnsmasq.port}" ];
           }
           {