From 2318855dd31a12f13354da99db418b1886b979ad Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Fri, 25 Apr 2025 23:40:06 +0200
Subject: [PATCH] feat: add wireguard, make options with nullOr

---
 modules/cloonar-assistant/default.nix              |  9 +++++++--
 modules/cloonar-assistant/networking/default.nix   |  1 +
 modules/cloonar-assistant/networking/wireguard.nix | 10 ++++++++++
 3 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 modules/cloonar-assistant/networking/wireguard.nix

diff --git a/modules/cloonar-assistant/default.nix b/modules/cloonar-assistant/default.nix
index 55fc5f0..aa1d3c3 100644
--- a/modules/cloonar-assistant/default.nix
+++ b/modules/cloonar-assistant/default.nix
@@ -74,7 +74,7 @@ in {
         description = "Enable updns";
       };
       key = lib.mkOption {
-        type = lib.types.str;
+        type = with types; nullOr str;
         example = "example";
         description = "key for updns";
       };
@@ -85,6 +85,11 @@ in {
         default = false;
         description = "Enable VPN";
       };
+      privateKeyFile = lib.mkOption {
+        type = with types; nullOr str;
+        example = "/private/wireguard_private_key";
+        description = "File pointing to private key as generated by {command}`wg genkey`.";
+      };
       clients = mkOption {
         default = [ ];
         description = "VPN Clients";
@@ -111,7 +116,7 @@ in {
           description = "Network interface for WAN";
         };
         internal = lib.mkOption {
-          type = lib.types.str;
+          type = with types; nullOr str;
           example = "enp3s0";
           description = "Internal network interface";
         };
diff --git a/modules/cloonar-assistant/networking/default.nix b/modules/cloonar-assistant/networking/default.nix
index 10558bd..d71cc2a 100644
--- a/modules/cloonar-assistant/networking/default.nix
+++ b/modules/cloonar-assistant/networking/default.nix
@@ -3,5 +3,6 @@
     ./interfaces.nix
     ./dhcp.nix
     ./firewall.nix
+    ./wireguard.nix
   ];
 }
diff --git a/modules/cloonar-assistant/networking/wireguard.nix b/modules/cloonar-assistant/networking/wireguard.nix
new file mode 100644
index 0000000..a356fef
--- /dev/null
+++ b/modules/cloonar-assistant/networking/wireguard.nix
@@ -0,0 +1,10 @@
+{ config, lib, ... }: {
+  networking.wireguard.interfaces = lib.mkIf config.cloonar-assistant.vpn.enable {
+    wg_cloonar = {
+      ips = [ "${config.networkPrefix}.98.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = config.cloonar-assistant.vpn.privateKeyFile;
+      peers = config.cloonar-assistant.vpn.clients;
+    };
+  };
+}