feat: add wireguard, make options with nullOr

modules/cloonar-assistant/default.nix

@@ -74,7 +74,7 @@ in {
         description = "Enable updns";
       };
       key = lib.mkOption {
-        type = lib.types.str;
+        type = with types; nullOr str;
         example = "example";
         description = "key for updns";
       };
@@ -85,6 +85,11 @@ in {
         default = false;
         description = "Enable VPN";
       };
+      privateKeyFile = lib.mkOption {
+        type = with types; nullOr str;
+        example = "/private/wireguard_private_key";
+        description = "File pointing to private key as generated by {command}`wg genkey`.";
+      };
       clients = mkOption {
         default = [ ];
         description = "VPN Clients";
@@ -111,7 +116,7 @@ in {
           description = "Network interface for WAN";
         };
         internal = lib.mkOption {
-          type = lib.types.str;
+          type = with types; nullOr str;
           example = "enp3s0";
           description = "Internal network interface";
         };

modules/cloonar-assistant/networking/default.nix

@@ -3,5 +3,6 @@
     ./interfaces.nix
     ./dhcp.nix
     ./firewall.nix
+    ./wireguard.nix
   ];
 }

modules/cloonar-assistant/networking/wireguard.nix

@@ -0,0 +1,10 @@
+{ config, lib, ... }: {
+  networking.wireguard.interfaces = lib.mkIf config.cloonar-assistant.vpn.enable {
+    wg_cloonar = {
+      ips = [ "${config.networkPrefix}.98.1/24" ];
+      listenPort = 51820;
+      privateKeyFile = config.cloonar-assistant.vpn.privateKeyFile;
+      peers = config.cloonar-assistant.vpn.clients;
+    };
+  };
+}