johno/nixos-configs
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(wireguard): add WireGuard VPN role
All checks were successful
CI / check (push) Successful in 2m35s
Details
CI / build-and-cache (push) Successful in 1m25s
Details

Browse Source 
Replace inline wg-quick config in nix-book with a reusable role that
uses inline config instead of configFile, fixing the world-readable
/tmp key leak. Adds network-online.target dependency to prevent boot
failures from DNS not being ready.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
John Ogle
2026-02-26 16:57:55 -08:00
parent 60888a4901
commit 72b78ab25f
3 changed files with 86 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
machines/nix-book/configuration.nix
View File

@@ -42,6 +42,20 @@
enable = true;
waydroid = true;
};
wireguard = {
enable = true;
autostart = true;
interfaceName = "ogleNet";
address = [ "192.168.4.2/32" ];
privateKeyFile = "/etc/wireguard/oglehome-private-key";
dns = [ "192.168.4.1" ];
peers = [{
publicKey = "AWkmtaz0poyyKJGnRcabO5ecd6ESh1lKu+XRb3ObxBc=";
endpoint = "pi.johnogle.info:6666";
allowedIPs = [ "0.0.0.0/0" ];
persistentKeepalive = 25;
}];
};
};
# Bootloader.
@@ -61,13 +75,6 @@
# Enable networking
networking.networkmanager.enable = true;
# WireGuard setup
networking.wg-quick.interfaces = {
ogleNet = {
configFile = "/root/Oglehome-VPN-johno-nixbook.conf";
};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [