pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / wg-netmanager.nix
at 25.11-pre 1.2 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8with lib; 9 10let 11 cfg = config.services.wg-netmanager; 12in 13{ 14 15 options = { 16 services.wg-netmanager = { 17 enable = mkEnableOption "Wireguard network manager"; 18 }; 19 }; 20 21 ###### implementation 22 config = mkIf cfg.enable { 23 # NOTE: wg-netmanager runs as root 24 systemd.services.wg-netmanager = { 25 description = "Wireguard network manager"; 26 wantedBy = [ "multi-user.target" ]; 27 after = [ "network.target" ]; 28 path = with pkgs; [ 29 wireguard-tools 30 iproute2 31 wireguard-go 32 ]; 33 serviceConfig = { 34 Type = "simple"; 35 Restart = "on-failure"; 36 ExecStart = "${pkgs.wg-netmanager}/bin/wg_netmanager"; 37 ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 38 ExecStop = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; 39 40 ReadWritePaths = [ 41 "/tmp" # wg-netmanager creates files in /tmp before deleting them after use 42 ]; 43 }; 44 unitConfig = { 45 ConditionPathExists = [ 46 "/etc/wg_netmanager/network.yaml" 47 "/etc/wg_netmanager/peer.yaml" 48 ]; 49 }; 50 }; 51 }; 52 53 meta.maintainers = with maintainers; [ gin66 ]; 54}