feat: add wireguard, make options with nullOr

2025-04-25 23:40:06 +02:00
parent 11a34aa04c
commit 2318855dd3
3 changed files with 18 additions and 2 deletions
--- a/modules/cloonar-assistant/default.nix
+++ b/modules/cloonar-assistant/default.nix
@@ -74,7 +74,7 @@ in {
        description = "Enable updns";
      };
      key = lib.mkOption {
-        type = lib.types.str;
+        type = with types; nullOr str;
        example = "example";
        description = "key for updns";
      };
@@ -85,6 +85,11 @@ in {
        default = false;
        description = "Enable VPN";
      };
+      privateKeyFile = lib.mkOption {
+        type = with types; nullOr str;
+        example = "/private/wireguard_private_key";
+        description = "File pointing to private key as generated by {command}`wg genkey`.";
+      };
      clients = mkOption {
        default = [ ];
        description = "VPN Clients";
@@ -111,7 +116,7 @@ in {
          description = "Network interface for WAN";
        };
        internal = lib.mkOption {
-          type = lib.types.str;
+          type = with types; nullOr str;
          example = "enp3s0";
          description = "Internal network interface";
        };
--- a/modules/cloonar-assistant/networking/default.nix
+++ b/modules/cloonar-assistant/networking/default.nix
@@ -3,5 +3,6 @@
    ./interfaces.nix
    ./dhcp.nix
    ./firewall.nix
+    ./wireguard.nix
  ];
 }
--- a/modules/cloonar-assistant/networking/wireguard.nix
+++ b/modules/cloonar-assistant/networking/wireguard.nix
@@ -0,0 +1,10 @@
+{ config, lib, ... }: {
+  networking.wireguard.interfaces = lib.mkIf config.cloonar-assistant.vpn.enable {
+    wg_cloonar = {
+      ips = [ "${config.networkPrefix}.98.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = config.cloonar-assistant.vpn.privateKeyFile;
+      peers = config.cloonar-assistant.vpn.clients;
+    };
+  };
+}