{ pkgs, lib, config, ... }: { options.mods = { tailscale.enable = lib.mkEnableOption "enables tailscale"; wireguard.enable = lib.mkEnableOption "enables wireguard client"; openvpn.enable = lib.mkEnableOption "enables openvpn config"; openvpn.config = let username = "${config.mods.user.name}"; folder = "${config.users.users.${username}.home}/documents/openvpn/"; file = "${config.mods.user.name}.ovpn"; in lib.mkOption { description = "the config location"; default = "${folder}${file}"; }; }; config = { networking.networkmanager.enable = true; services.resolved.enable = true; services.tailscale.enable = config.mods.tailscale.enable; services.openvpn.servers = lib.mkIf config.mods.openvpn.enable { remote.config = ''config ${config.mods.openvpn.config}''; }; networking.firewall = lib.mkIf config.mods.wireguard.enable { allowedUDPPorts = [ 51820 ]; # Clients and peers can use the same port, see listenport }; networking.wg-quick.interfaces = lib.mkIf config.mods.wireguard.enable { wg0 = { address = [ "10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64" ]; dns = [ "10.0.0.1" "fdc9:281f:04d7:9ee9::1" ]; mtu = 1500; privateKeyFile = "/home/muon/wireguard-keys/private"; peers = [ { publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; presharedKeyFile = "/home/muon/wireguard-keys/psk-muon"; allowedIPs = [ "0.0.0.0/0" "::/0" ]; # ip route add 93.95.230.11 via 192.168.0.1 endpoint = "93.95.230.11:51820"; persistentKeepalive = 25; } ]; }; }; # networking.wireguard.interfaces = lib.mkIf config.mods.wireguard.enable { # wg0 = { # ips = [ "10.100.0.2/24" ]; # listenPort = 51820; # privateKeyFile = "/home/muon/wireguard-keys/private"; # peers = [ # { # publicKey = "2RF8GmTZwQdzVm2l2piYy6U0qiMU3wSxC7Lt8urAjwA="; # allowedIPs = [ "0.0.0.0/0" ]; # # ip route add 93.95.230.11 via 192.168.0.1 # endpoint = "93.95.230.11:51820"; # persistentKeepalive = 25; # } # ]; # }; # }; }; }