Add wg-access-server
This commit is contained in:
parent
0ebf24af44
commit
b614dcf1ec
GPG key ID:
053EA6E00116533A
3 changed files with 45 additions and 0 deletions
33
machines/aresix/modules/wireguard.nix
Normal file
33
machines/aresix/modules/wireguard.nix
Normal file
|
|
@ -0,0 +1,33 @@
|
|||
{config, ...}: {
|
||||
clan.core.vars.generators.wg-access-server = {
|
||||
prompts.admin-password = {
|
||||
description = "Password for the wg-access-server admin user";
|
||||
type = "hidden";
|
||||
};
|
||||
|
||||
prompts.wireguard-private-key = {
|
||||
description = "Wireguard private key wg-access-server will use";
|
||||
type = "hidden";
|
||||
};
|
||||
|
||||
files.secrets-file.secret = true;
|
||||
script = ''
|
||||
cat <<EOL > $out/secrets-file
|
||||
adminPassword: $(<$prompts/admin-password)
|
||||
wireguard:
|
||||
privateKey: $(<$prompts/wireguard-private-key)
|
||||
EOL
|
||||
'';
|
||||
};
|
||||
|
||||
services.wg-access-server = {
|
||||
enable = true;
|
||||
|
||||
settings = {
|
||||
httpHost = "::1";
|
||||
};
|
||||
|
||||
secretsFile = config.clan.core.vars.generators.wg-access-server.files.secrets-file.path;
|
||||
};
|
||||
networking.firewall.allowedUDPPorts = [51820 53];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue