pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / wg-netmanager.nix
at 23.11-pre 1.1 kB view raw
1{ config, lib, pkgs, ... }: 2 3with lib; 4 5let 6 cfg = config.services.wg-netmanager; 7in 8{ 9 10 options = { 11 services.wg-netmanager = { 12 enable = mkEnableOption (lib.mdDoc "Wireguard network manager"); 13 }; 14 }; 15 16 ###### implementation 17 config = mkIf cfg.enable { 18 # NOTE: wg-netmanager runs as root 19 systemd.services.wg-netmanager = { 20 description = "Wireguard network manager"; 21 wantedBy = [ "multi-user.target" ]; 22 after = [ "network.target" ]; 23 path = with pkgs; [ wireguard-tools iproute2 wireguard-go ]; 24 serviceConfig = { 25 Type = "simple"; 26 Restart = "on-failure"; 27 ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager"; 28 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 29 ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 30 31 ReadWritePaths = [ 32 "/tmp" # wg-netmanager creates files in /tmp before deleting them after use 33 ]; 34 }; 35 unitConfig = { 36 ConditionPathExists = ["/etc/wg_netmanager/network.yaml" "/etc/wg_netmanager/peer.yaml"]; 37 }; 38 }; 39 }; 40 41 meta.maintainers = with maintainers; [ gin66 ]; 42}