From 8ca92b0e113e70faf4108f89ba7fa63a9cba15b3 Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Mon, 6 May 2024 14:56:13 +0200
Subject: [PATCH] add wireguard client

---
 modules/collections/laptop.nix        |  1 +
 modules/services/wireguard-client.nix | 30 ++++++++++++++++
 secrets/secrets.nix                   |  1 +
 secrets/wireguard-client.age          |  6 ++++
 systems/laptop/configuration.nix      |  1 +
 systems/laptop/modules/wireguard.nix  | 52 ---------------------------
 6 files changed, 39 insertions(+), 52 deletions(-)
 create mode 100644 modules/services/wireguard-client.nix
 create mode 100644 secrets/wireguard-client.age
 delete mode 100644 systems/laptop/modules/wireguard.nix

diff --git a/modules/collections/laptop.nix b/modules/collections/laptop.nix
index 6483421..fb060ba 100644
--- a/modules/collections/laptop.nix
+++ b/modules/collections/laptop.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ../kernel.nix # use latest kernel
+    ../services/wireguard-client.nix
   ];
   custom = {
     cli-tools.enable = true;
diff --git a/modules/services/wireguard-client.nix b/modules/services/wireguard-client.nix
new file mode 100644
index 0000000..8ea9c78
--- /dev/null
+++ b/modules/services/wireguard-client.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+
+  age.secrets.wireguard-client = {
+    file = ../../secrets/wireguard-client.age;
+  };
+
+  systemd.network.networks.wg0 = {
+    dns = [ "192.168.2.1"];
+  };
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      # General Settings
+      autostart = true;
+      privateKeyFile = config.age.secrets.wireguard-client.path;
+      listenPort = 51820;
+      dns = [ "192.168.2.1" ];
+      address = ["192.168.2.22/24"];
+      peers = [
+        {
+          #allowedIPs = [ "192.168.2.0/24" "192.168.0.0/24" ];
+          allowedIPs = [ "0.0.0.0/0" ];
+          endpoint = "kopatz.ddns.net:51820";
+          publicKey = "vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=";
+          persistentKeepalive = 30;
+        }
+      ];
+    };
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 55b6e50..6b31f85 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -16,6 +16,7 @@ in
   "restic-s3.age".publicKeys = [ mini-pc server kop ];
   "restic-gdrive.age".publicKeys = [ mini-pc server kop ];
   "wireguard-private.age".publicKeys = [ mini-pc server kop ];
+  "wireguard-client.age".publicKeys = [ kop ];
   "coturn-secret.age".publicKeys = [ mini-pc server kop ];
   "matrix-registration.age".publicKeys = [ mini-pc server kop ];
   "paperless.age".publicKeys = [ mini-pc server kop ];
diff --git a/secrets/wireguard-client.age b/secrets/wireguard-client.age
new file mode 100644
index 0000000..319a86b
--- /dev/null
+++ b/secrets/wireguard-client.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 DCzi1A VhZl7NnRgPwQq+TXnrL8o+E4bcwDOv4jEiXq5t7QnUE
+BGGn5ICYtFhU01Hs7+BABlCKg5DFw6It5gl16IkXDi0
+--- ab+S9cD/NXFgvte/rhe6MwZ0zwffoxMaGPFzzNvWBl4
+€âÌÕ¤=Í'ò¸B(ÙªVFÕ÷	öÝëâDö„—D°ØiÒÿ¦m
+o©Ê¦£G¡Uª}Ãn'™_Î7ýy'=VíÓÝùv¥[±JÜ
\ No newline at end of file
diff --git a/systems/laptop/configuration.nix b/systems/laptop/configuration.nix
index b512b96..93c3398 100644
--- a/systems/laptop/configuration.nix
+++ b/systems/laptop/configuration.nix
@@ -10,6 +10,7 @@
 	#<home-manager/nixos>
     ];
 
+  age.identityPaths = [ /home/kopatz/.ssh/id_ed25519 ];
   mainUser.layout = "at";
   mainUser.variant = "";
   # Bootloader.
diff --git a/systems/laptop/modules/wireguard.nix b/systems/laptop/modules/wireguard.nix
deleted file mode 100644
index 4a68515..0000000
--- a/systems/laptop/modules/wireguard.nix
+++ /dev/null
@@ -1,52 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-{
-
-  age.secrets.wireguard-private = {
-    file = ../secrets/wireguard-private.age;
-  };
-
-  systemd.network = {
-    enable = true;
-    netdevs."10-wg0" = {
-      enable = true;
-      netdevConfig = {
-        Kind = "wireguard";
-        Name = "wg0";
-        MTUBytes = "1300";
-      };
-      wireguardConfig = {
-        PrivateKeyFile = config.age.secrets.wireguard-private.path;
-      };
-      wireguardPeers = [
-        {
-          wireguardPeerConfig = {
-            AllowedIPs = [
-              "192.168.2.0/24"
-            ];
-            Endpoint = "kopatz.ddns.net:51820";
-            PersistentKeepalive = 25;
-            PublicKey = "vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=";
-          };
-        }
-      ];
-    };
-    networks.wg0 = {
-      # See also man systemd.network
-      matchConfig.Name = "wg0";
-      # IP addresses the client interface will have
-      address = [
-        "192.168.2.22/24"
-      ];
-      #DHCP = "no";
-      #dns = [ "fc00::53" ];
-      #ntp = [ "fc00::123" ];
-      #gateway = [
-      #  "fc00::1"
-      #  "10.100.0.1"
-      #];
-      networkConfig = {
-        IPv6AcceptRA = false;
-      };
-    };
-  };
-}