diff options
| -rw-r--r-- | modules/vpn.nix | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/modules/vpn.nix b/modules/vpn.nix index 0b532de..635bcd4 100644 --- a/modules/vpn.nix +++ b/modules/vpn.nix @@ -23,28 +23,26 @@ let firelink = mkConfig "firelink" "2001"; pincer = mkConfig "pincer" "2002"; steamdeck = mkConfig "steamdeck" "2003" // { - ips = [ - "${vpn-prefix}::2003/128" - "${vpn-prefix}::2004/128" - ]; + ips = [ "${vpn-prefix}::2003/128" "${vpn-prefix}::2004/128" ]; }; }; mkPeer = hostConfig: { inherit (hostConfig) publicKey endpoint; - allowedIPs = if hostConfig.router && !cfg.is_server then [ "${vpn-prefix}::/64" ] else hostConfig.ips; + allowedIPs = if hostConfig.router && !cfg.is_server then + [ "${vpn-prefix}::/64" ] + else + hostConfig.ips; }; getPeers = host: - if - host == "dragon" - then - builtins.map mkPeer (builtins.attrValues (builtins.removeAttrs hosts [host])) + if host == "dragon" then + builtins.map mkPeer + (builtins.attrValues (builtins.removeAttrs hosts [ host ])) else - builtins.map mkPeer [hosts.dragon]; + builtins.map mkPeer [ hosts.dragon ]; -in -{ +in { options = { orbekk.vpn = { enable = lib.mkEnableOption "Enable VPN"; @@ -66,7 +64,8 @@ in orbekk.simple-firewall.allowedUDPPorts = [ cfg.listenPort ]; age.secrets = { - "${config.networking.hostName}-wireguard-key".file = ./. + "/../secrets/${config.networking.hostName}-wireguard-key.age"; + "${config.networking.hostName}-wireguard-key".file = ./. + + "/../secrets/${config.networking.hostName}-wireguard-key.age"; }; networking.networkmanager.unmanaged = [ "vpn" ]; @@ -75,7 +74,8 @@ in enable = true; interfaces.vpn = { ips = hosts.${config.networking.hostName}.ips; - privateKeyFile = "${config.age.secrets."${config.networking.hostName}-wireguard-key".path}"; + privateKeyFile = + "${config.age.secrets."${config.networking.hostName}-wireguard-key".path}"; allowedIPsAsRoutes = true; listenPort = cfg.listenPort; peers = getPeers config.networking.hostName; |