diff --git a/machines/stel-xps/default.nix b/machines/stel-xps/default.nix index 0ee2030..1ebcf26 100644 --- a/machines/stel-xps/default.nix +++ b/machines/stel-xps/default.nix @@ -36,7 +36,7 @@ }; # enable wireguard - wireguard.enable = false; + wireguard.enable = true; # user setup users = { diff --git a/modules/base.nix b/modules/base.nix index 8d8d934..1c44966 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -1,6 +1,15 @@ -{ config, lib, pkgs, ...} : +{ config, lib, pkgs, ... }: with lib; { - options.elss.base.enable = mkEnableOption "Set the base configuration for the system"; + options.elss = { + base.enable = mkEnableOption "Set the base configuration for the system"; + dns = { + wgZone = mkOption { + type = types.str; + description = "Zone for generated wireguard zones"; + default = "wg.ellmauthaler.net"; + }; + }; + }; config = mkIf config.elss.base.enable { services = { dbus = { diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 156278a..875baed 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -147,6 +147,7 @@ serverIps = name: server: mkServerAddresses prefixes server.localIp; dnsServers = lib.concatLists (lib.mapAttrsToList serverIps servers); in + lib.concatStrings ([ '' ${pkgs.systemd}/bin/resolvectl domain ${ifName} ${name}.${config.elss.dns.wgZone} @@ -179,7 +180,7 @@ peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; } else if isPeer then { peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers; - # postSetup = mkPostSetup interface value.prefixes value.servers; + postSetup = mkPostSetup interface value.prefixes value.servers; } else { })); @@ -234,6 +235,7 @@ }; services.unbound.settings.server.interface = map mkInterfaceName serverInterfaces; + services.resolved.enable = lib.mkDefault true; systemd.services = lib.listToAttrs (map (interface: { name = "wireguard-${mkInterfaceName interface}";