Newer
Older
# Client section of our Monitoring VPN config
{ lib, config, ... }: let
cfg = config.services.private-storage.monitoring.vpn;
options.services.private-storage.monitoring.vpn.client = {
enable = lib.mkEnableOption "PrivateStorageio Monitoring VPN client service";
privateKeyFile = lib.mkOption {
example = /run/keys/monitoringvpn/host.key;
File with base64 private key generated by <command>wg genkey</command>.
Shorthand to create private and public key:
<command>wg genkey | tee peer_A.key | wg pubkey > peer_A.pub</command>
presharedKeyFile = lib.mkOption {
type = lib.types.path;
example = /run/keys/monitoringvpn/preshared.key;
description = ''
File with base64 preshared key generated by <command>wg genpsk</command>.
'';
};
allowedIPs = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = ''
Limits which IPs this client receives data from.
'';
};
description = ''
The IP addresses of the interface.
'';
};
example = "vpn.monitoring.private.storage:54321";
description = ''
The address and port number of the server to establish the VPN with.
'';
};
endpointPublicKeyFile = lib.mkOption {
example = ./monitoringvpn/server.pub;
description = ''
File with base64 public key generated by <command>cat private.key | wg pubkey > pubkey.pub</command>.
'';
};
};
config = lib.mkIf cfg.client.enable {
networking.wireguard.interfaces.monitoringvpn = {
publicKey = lib.fileContents(cfg.client.endpointPublicKeyFile);
presharedKeyFile = toString cfg.client.presharedKeyFile;
persistentKeepalive = 25;