add wireguard client

modules/collections/laptop.nix

@@ -2,6 +2,7 @@
 {
   imports = [
     ../kernel.nix # use latest kernel
+    ../services/wireguard-client.nix
   ];
   custom = {
     cli-tools.enable = true;

modules/services/wireguard-client.nix

@@ -0,0 +1,30 @@
+{ config, pkgs, lib, inputs, ... }:
+{
+
+  age.secrets.wireguard-client = {
+    file = ../../secrets/wireguard-client.age;
+  };
+
+  systemd.network.networks.wg0 = {
+    dns = [ "192.168.2.1"];
+  };
+  networking.wg-quick.interfaces = {
+    wg0 = {
+      # General Settings
+      autostart = true;
+      privateKeyFile = config.age.secrets.wireguard-client.path;
+      listenPort = 51820;
+      dns = [ "192.168.2.1" ];
+      address = ["192.168.2.22/24"];
+      peers = [
+        {
+          #allowedIPs = [ "192.168.2.0/24" "192.168.0.0/24" ];
+          allowedIPs = [ "0.0.0.0/0" ];
+          endpoint = "kopatz.ddns.net:51820";
+          publicKey = "vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=";
+          persistentKeepalive = 30;
+        }
+      ];
+    };
+  };
+}

secrets/secrets.nix

@@ -16,6 +16,7 @@ in
   "restic-s3.age".publicKeys = [ mini-pc server kop ];
   "restic-gdrive.age".publicKeys = [ mini-pc server kop ];
   "wireguard-private.age".publicKeys = [ mini-pc server kop ];
+  "wireguard-client.age".publicKeys = [ kop ];
   "coturn-secret.age".publicKeys = [ mini-pc server kop ];
   "matrix-registration.age".publicKeys = [ mini-pc server kop ];
   "paperless.age".publicKeys = [ mini-pc server kop ];

secrets/wireguard-client.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 DCzi1A VhZl7NnRgPwQq+TXnrL8o+E4bcwDOv4jEiXq5t7QnUE
+BGGn5ICYtFhU01Hs7+BABlCKg5DFw6It5gl16IkXDi0
+--- ab+S9cD/NXFgvte/rhe6MwZ0zwffoxMaGPFzzNvWBl4
+€âÌÕ¤=Í'ò¸B(ÙªVFÕ÷	öÝëâDö„—D°ØiÒÿ¦m
+o©Ê¦£G¡Uª}Ãn<C383>'™<>_Î7ýy'=VíÓÝùv¥[±JÜ

systems/laptop/configuration.nix

@@ -10,6 +10,7 @@
 	#<home-manager/nixos>
     ];
 
+  age.identityPaths = [ /home/kopatz/.ssh/id_ed25519 ];
   mainUser.layout = "at";
   mainUser.variant = "";
   # Bootloader.

systems/laptop/modules/wireguard.nix

@@ -1,52 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-{
-
-  age.secrets.wireguard-private = {
-    file = ../secrets/wireguard-private.age;
-  };
-
-  systemd.network = {
-    enable = true;
-    netdevs."10-wg0" = {
-      enable = true;
-      netdevConfig = {
-        Kind = "wireguard";
-        Name = "wg0";
-        MTUBytes = "1300";
-      };
-      wireguardConfig = {
-        PrivateKeyFile = config.age.secrets.wireguard-private.path;
-      };
-      wireguardPeers = [
-        {
-          wireguardPeerConfig = {
-            AllowedIPs = [
-              "192.168.2.0/24"
-            ];
-            Endpoint = "kopatz.ddns.net:51820";
-            PersistentKeepalive = 25;
-            PublicKey = "vyHNUy97R1cvqEvElznPpFQtoqm7WUHnT96UP6Dquwc=";
-          };
-        }
-      ];
-    };
-    networks.wg0 = {
-      # See also man systemd.network
-      matchConfig.Name = "wg0";
-      # IP addresses the client interface will have
-      address = [
-        "192.168.2.22/24"
-      ];
-      #DHCP = "no";
-      #dns = [ "fc00::53" ];
-      #ntp = [ "fc00::123" ];
-      #gateway = [
-      #  "fc00::1"
-      #  "10.100.0.1"
-      #];
-      networkConfig = {
-        IPv6AcceptRA = false;
-      };
-    };
-  };
-}