infrastructure/hosts/neodymium/system/networking/wireguard.nix

{ lib, ... }: {
  networking.wg-quick.interfaces = {
    wg0 = {
      # client
      privateKeyFile = "/root/wireguard-keys/private";
      address = [ "10.0.0.3/24" "fd02:002:002::3/64" ];
      dns = [ "10.0.0.1" ];

      # server
      peers = [{
        publicKey = "y36/EpLUerwM6NSGsVDCkb37Wj/Z3CI0mPFGatVa0Ws=";
        allowedIPs = [ "0.0.0.0/0" "::0/0" ];
        endpoint = "fainsin.bzh:5553";
        persistentKeepalive = 30;
      }];
    };
  };

  # modify the systemd service to restart on failure every 10 seconds
  systemd.services.wg-quick-wg0 = {
    serviceConfig = {
      Type = lib.mkForce "simple";
      Restart = "on-failure";
      RestartSec = "10s";
    };
    unitConfig = {
      # ensures Restart= is always honoured
      StartLimitIntervalSec = 0;
    };
  };
}
♻️ modularize neodymium system config 2023-05-16 19:10:41 +00:00			`{ lib, ... }: {`
			`networking.wg-quick.interfaces = {`
			`wg0 = {`
			`# client`
			`privateKeyFile = "/root/wireguard-keys/private";`
			`address = [ "10.0.0.3/24" "fd02:002:002::3/64" ];`
			`dns = [ "10.0.0.1" ];`

			`# server`
			`peers = [{`
			`publicKey = "y36/EpLUerwM6NSGsVDCkb37Wj/Z3CI0mPFGatVa0Ws=";`
			`allowedIPs = [ "0.0.0.0/0" "::0/0" ];`
			`endpoint = "fainsin.bzh:5553";`
			`persistentKeepalive = 30;`
			`}];`
			`};`
			`};`

			`# modify the systemd service to restart on failure every 10 seconds`
			`systemd.services.wg-quick-wg0 = {`
			`serviceConfig = {`
			`Type = lib.mkForce "simple";`
			`Restart = "on-failure";`
			`RestartSec = "10s";`
			`};`
			`unitConfig = {`
			`# ensures Restart= is always honoured`
			`StartLimitIntervalSec = 0;`
			`};`
			`};`
			`}`