feat: added wireguard

2025-06-16 01:55:13 -05:00 · 2025-03-31 22:53:08 -05:00 · 2025-03-31 22:53:08 -05:00 · a7ed1629e8
commit a7ed1629e8
parent a635237125
6 changed files with 105 additions and 5 deletions
--- a/modules/config/instances/config/wireGuard.nix
+++ b/modules/config/instances/config/wireGuard.nix
@ -0,0 +1,18 @@
+{ instancesFunctions }:
+let
+  inherit (instancesFunctions)
+    sopsPath
+    ;
+
+  wireGuardLabel = "WireGuard";
+  wireGuardName = "wireguard";
+in
+{
+  label = wireGuardLabel;
+  name = wireGuardName;
+  sops = {
+    path0 = "${sopsPath}/${wireGuardName}";
+  };
+  ports = {
+  };
+}
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@ -62,6 +62,7 @@ in
            theming
            polychromatic
            dolphin
+            espanso
            ;
        };
      };
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -17,6 +17,7 @@ in
          flatpak
          plasma
          sddm
+          wireGuard
          ;
      };
    };
--- a/modules/nixos/services/wireGuard/default.nix
+++ b/modules/nixos/services/wireGuard/default.nix
@ -0,0 +1,67 @@
+{ config, flake, ... }:
+let
+  inherit (flake.config.services.instances) wireGuard;
+  service = wireGuard;
+
+  wireGuardInterface =
+    {
+      secret,
+      publicKey,
+      endpoint,
+    }:
+    {
+      name = "Proton-${secret}";
+      value = {
+        autostart = false;
+        address = [ "10.2.0.2/32" ];
+        dns = [ "10.2.0.1" ];
+        privateKeyFile = config.sops.secrets."${service.name}-${secret}".path;
+        peers = [
+          {
+            inherit publicKey endpoint;
+            allowedIPs = [ "0.0.0.0/0,::/0" ];
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+    };
+
+  interfaces = [
+    {
+      secret = "CA363";
+      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
+      endpoint = "149.88.97.110:51820";
+    }
+    {
+      secret = "CA220";
+      publicKey = "UR8vjVYrrWYadCwLKiAabKTIdxM4yikmCXnvKWm89D8=";
+      endpoint = "139.28.218.130:51820";
+    }
+    {
+      secret = "CA358";
+      publicKey = "9mTDh5Tku0gxDdzqxnpnzItHQBm2h2B2hXnUHvhGCFw=";
+      endpoint = "149.88.97.110:51820";
+    }
+    {
+      secret = "CA627";
+      publicKey = "xLFgU430Tt7PdHJydVbIKvtjXJodoPpGKW7fhF7XE2k=";
+      endpoint = "139.28.218.130:51820";
+    }
+  ];
+
+  sopsPath = secret: {
+    path = "${service.sops.path0}/${service.name}-${secret}";
+    owner = "root";
+    mode = "600";
+  };
+in
+{
+  networking.wg-quick.interfaces = builtins.listToAttrs (map wireGuardInterface interfaces);
+
+  sops.secrets = builtins.listToAttrs (
+    map (interface: {
+      name = "${service.name}-${interface.secret}";
+      value = sopsPath interface.secret;
+    }) interfaces
+  );
+}