wireguard & other stuff

2025-05-26 22:13:03 +02:00 · 2025-05-26 22:13:03 +02:00 · 16f491a6ca
commit 16f491a6ca
parent c45f9f7f46
12 changed files with 174 additions and 103 deletions
--- a/host/roam/modules/services.nix
+++ b/host/roam/modules/services.nix
@ -4,36 +4,8 @@ let
 in
 {
  services = {
-    # TODO: maybe just use wireguard...
-    /*
-      headscale = {
-        enable = true;
-        address = "127.0.0.1";
-        port = 8080;
-        settings = {
-          server_url = "https://${headscale-domain}";
-          prefixes.v4 = "100.10.11.0/24";
-          prefixes.v6 = "fd7a:115c:1011::/48";
-          dns = {
-            magic_dns = true;
-            base_domain = "net.hdohmen.de";
-          };
-        };
-      };
-    */
-
    nginx = {
      enable = true;
-      /*
-        virtualHosts.${headscale-domain} = {
-          forceSSL = true;
-          enableACME = true;
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
-            proxyWebsockets = true;
-          };
-        };
-      */
    };
  };

--- a/host/roam/modules/wireguard.nix
+++ b/host/roam/modules/wireguard.nix
@ -1,7 +1,6 @@
-{ ... }:
+{ var, lib, ... }:
 let
  wireguard-port = 51820;
-  wireguard-subnet = "100.10.11.0/24";
 in
 {
  networking = {
@ -16,9 +15,10 @@ in
    wireguard = {
      enable = true;
      interfaces."wg0" = {
-        ips = [ wireguard-subnet ];
+        ips = var.wg.wireguard-network."roam".ips;
        listenPort = wireguard-port;
-        privateKeyFile = "/var/secrets/wg0.key";
+        privateKeyFile = var.wg.keyFile;
+        peers = var.wg.peers-for "roam";
      };
    };
  };