Newer
Older
# Server section of our Monitoring VPN config
{ lib, config, ... }: let
cfg = config.services.private-storage.monitoring.vpn;
in {
options.services.private-storage.monitoring.vpn.server = {
enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN server service";
privateKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /var/secrets/monitoringvpn/server.key;
default = /var/secrets/monitoringvpn/server.key;
description = ''
File with base64 private key generated by <command>wg genkey</command>.
'';
};
publicKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /var/secrets/monitoringvpn/server.pub;
default = /var/secrets/monitoringvpn/server.pub;
description = ''
File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
'';
};
presharedKeyFile = lib.mkOption {
type = lib.types.path;
example = lib.literalExample /var/secrets/monitoringvpn/preshared.key;
default = /var/secrets/monitoringvpn/preshared.key;
description = ''
File with base64 preshared key generated by <command>wg genpsk</command>.
'';
};
ip = lib.mkOption {
type = lib.types.str;
example = lib.literalExample [ "172.23.23.23" ];
'';
};
port = lib.mkOption {
type = lib.types.port;
example = lib.literalExample 54321;
default = 54321;
description = ''
The UDP port to listen on.
'';
};
};
config = lib.mkIf cfg.server.enable {
networking.firewall.allowedUDPPorts = [ cfg.server.port ];
networking.wireguard.interfaces.monitoringvpn = {
listenPort = cfg.server.port;
privateKeyFile = toString cfg.server.privateKeyFile;
peers = [
{ # node1
publicKey = "tZ295cvD98ixt/VH4dwPKNgHf9MuhuzsossOWBOOoGU=";
presharedKeyFile = toString cfg.server.presharedKeyFile;
publicKey = "zDxWTejJDXRRmUiMZPC7eVSCDdyFikN9VI6cqapQ6RY=";
presharedKeyFile = toString cfg.server.presharedKeyFile;