chore(os): drop wireguard

author: sinanmohd <sinan@sinanmohd.com> 2025-10-20 21:30:24 +0530
committer: sinanmohd <sinan@sinanmohd.com> 2025-10-20 21:43:54 +0530
commit: 3107c3d5f435f551219f000b14538691908067e9 (patch)
tree: 2c0ab4243bd3f441d4cc84cf698fbf7ad1b7bf74 /os/kay
parent: 299038b8b0c7de7b713f66cee206d019d60586e3 (diff)
4 files changed, 2 insertions, 78 deletions
diff --git a/os/kay/modules/network/default.nix b/os/kay/modules/network/default.nix
index 56371c7..019ee24 100644
--- a/os/kay/modules/network/default.nix
+++ b/os/kay/modules/network/default.nix
@@ -12,7 +12,6 @@ in
   imports = [
     ./router.nix
     ./hurricane.nix
-    ./wireguard.nix
     ./headscale.nix
   ];
 
diff --git a/os/kay/modules/network/wireguard.nix b/os/kay/modules/network/wireguard.nix
deleted file mode 100644
index fd00804..0000000
--- a/os/kay/modules/network/wireguard.nix
+++ /dev/null
@@ -1,71 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-let
-  wgInterface = "wg";
-  wanInterface = "ppp0";
-  port = 51820;
-
-  wgConf = pkgs.writeText "wg.conf" ''
-    [interface]
-    Address = 10.0.1.1/24
-    MTU = 1412
-    ListenPort = 51820
-    PostUp = ${
-      lib.getExe (
-        pkgs.writeShellApplication {
-          name = "wg_set_key";
-          runtimeInputs = with pkgs; [ wireguard-tools ];
-          text = ''
-            wg set ${wgInterface} private-key <(cat ${config.sops.secrets."misc/wireguard".path})
-          '';
-        }
-      )
-    }
-
-    [Peer]
-    # friendly_name = cez
-    PublicKey = IcMpAs/D0u8O/AcDBPC7pFUYSeFQXQpTqHpGOeVpjS8=
-    AllowedIPs = 10.0.1.2/32
-
-    [Peer]
-    # friendly_name = exy
-    PublicKey = bJ9aqGYD2Jh4MtWIL7q3XxVHFuUdwGJwO8p7H3nNPj8=
-    AllowedIPs = 10.0.1.3/32
-
-    [Peer]
-    # friendly_name = dad
-    PublicKey = q70IyOS2IpubIRWqo5sL3SeEjtUy2V/PT8yqVExiHTQ=
-    AllowedIPs = 10.0.1.4/32
-  '';
-in
-{
-  sops.secrets."misc/wireguard" = { };
-
-  networking = {
-    nat = {
-      enable = true;
-      externalInterface = wanInterface;
-      internalInterfaces = [ wgInterface ];
-    };
-
-    firewall.allowedUDPPorts = [ port ];
-    wg-quick.interfaces.${wgInterface}.configFile = builtins.toString wgConf;
-  };
-
-  services.dnsmasq.settings = {
-    no-dhcp-interface = wgInterface;
-    interface = [ wgInterface ];
-  };
-
-  services.prometheus.exporters.wireguard = {
-    enable = true;
-    withRemoteIp = true;
-    wireguardConfig = builtins.toString wgConf;
-    singleSubnetPerField = true;
-    listenAddress = "127.0.0.1";
-  };
-}
diff --git a/os/kay/modules/observability/prometheus.nix b/os/kay/modules/observability/prometheus.nix
index 1810f9e..9ca73da 100644
--- a/os/kay/modules/observability/prometheus.nix
+++ b/os/kay/modules/observability/prometheus.nix
@@ -13,9 +13,6 @@
             targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
           }
           {
-            targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}" ];
-          }
-          {
             targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.dnsmasq.port}" ];
           }
           {
diff --git a/os/kay/secrets.yaml b/os/kay/secrets.yaml
index e11bbd0..5f8c16d 100644
--- a/os/kay/secrets.yaml
+++ b/os/kay/secrets.yaml
@@ -25,7 +25,6 @@ headscale:
     derp_private_key: ENC[AES256_GCM,data:EMt3RtQzqIY4i5S2S1kK0kxu0wMt3/bBcpaEc3YP0Cmj8F4yZECOaDUYk4dM2QsfmoP84plktAqIrM4MSiY94lQpqRoCvTru,iv:NU/nVFQxBQTou0mf5xvLmlda8hzJfoCRiU1vCgJGyyc=,tag:IEDCDy6ifL+ulYzp7qr3vg==,type:str]
     pre_auth_key: ENC[AES256_GCM,data:ItKBknycoP9AcUN1OyTK/OQCUQzkpJfho5Rfm2o0u8g6WGo0F/awC07MQ4pL2lfM,iv:hfOj72ZUP4F28+0vuEXucMUzeL3FAx0rF2quyWTACYw=,tag:zGdtJakxXUOolvJMOCevvg==,type:str]
 misc:
-    wireguard: ENC[AES256_GCM,data:zwctPH+ScqRWUD4Jjcu/dTTGwxGl6rCEsp5D4+EfXPEIhECL2vjyTtcy5cM=,iv:yfv6fV5zxAbsVf+veTJYLmAwhJbaqFt89s3jlU+HO2k=,tag:vZldtANCKvMWW5pXRUv+vA==,type:str]
     default_password: ENC[AES256_GCM,data:xON6jifcv8k8tKA=,iv:Kk3Ax/GGvCvAbTAhNnlkoNh1BzsrZVptchRuQi+vqhc=,tag:9vYn1Gslr+1pAYdKvwRhnA==,type:str]
     nixbin.sinanmohd.com: ENC[AES256_GCM,data:iPYrZvEcg8WRl2iRnL5Z3Gxzpu1NWqgobdYuhFj3Ria/zZ+WL6LzSYMKtxxRaCbqXIacjIJKGpsZcesaJjcx6wmLR8EW8GRPPhHO9AjbZSLeBV2h6XwHbe6PD8y/Kjx2fBbIpDDTF2YwstvFqQ==,iv:AYv4Vnog+dlhKlZV8S3D/q7JiY2l2mVxLC/gWuI5MtA=,tag:dzZ8octvGcuuh9TXv0U88A==,type:str]
     alina: ENC[AES256_GCM,data:KGSr5fLkngJvZRAGoTK0XfxJCgWQBJ8xd0oelU5j15yOooBctUQjQekmf9GiVnmZbU5OoxdraO6nUssZXEIfKKsCtCps+D2MkDDchL/+gbc+A3Q=,iv:LszKLO5CeultjHbSLUqz9Or9X5K7u9VCzuz9fBPFgmM=,tag:DONP4smkrTTsY0sJ8qyKIQ==,type:str]
@@ -49,7 +48,7 @@ sops:
             bGRaOE1Mc3VqVnYyd0xIVGl5ckpqRFkKpT2gTC4lf9HRQNJDykdGjPdfH+V8og7X
             XHq1XqIRoRbulZifuZlmzN/RWMPIoBYkXeHfqaMjmTz5HIBcnO/t9g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-17T04:31:52Z"
-    mac: ENC[AES256_GCM,data:0nN0kAbdMFNgzCa1ocn7EHDNV7SFH/9/P2EgwDQG37AyAxUJtZ5kxyobAPRAbApgtrlnDhCrdsV9ltGqk35TTiNK6qhx8gfdzK0MiMI0wYnhvoAyci1Hsg32Fv/vuZv1AWf1yAMaDMQXmzt0AiG9hJy9FdZO0oU8U2RbmFRMO3k=,iv:P4m/owrYllj+8R2Pm+iLAerbnmOCy3TzBgmGCxS65C4=,tag:mNEHL3kBMuFeSYfY6xnweQ==,type:str]
+    lastmodified: "2025-10-20T15:38:52Z"
+    mac: ENC[AES256_GCM,data:n0ShTAQ5ft5o38Y53MmSHzOyxEKwKT4TwELfj5kZ2rvZVI4o1jH+kcYnlYKcwPDCXNuIayFRVYRZ7KPEftPuTRgaKK74uCjYyrZh/hQP+pyFRg2va2Jkn5vymzsm2036DIPo2K2JkZtSlWgYG/BNuLVQZioghkKZ5pe23YyJqQs=,iv:NSQCmN081ZoGa2yfU8Bu0H2tfvWrOennYPWjtpRJ8G0=,tag:HDl78o8CmFviEqQWntvrQw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0
author	sinanmohd <sinan@sinanmohd.com>	2025-10-20 21:30:24 +0530
committer	sinanmohd <sinan@sinanmohd.com>	2025-10-20 21:43:54 +0530
commit	3107c3d5f435f551219f000b14538691908067e9 (patch)
tree	2c0ab4243bd3f441d4cc84cf698fbf7ad1b7bf74 /os/kay
parent	299038b8b0c7de7b713f66cee206d019d60586e3 (diff)