universe/host/services/vpn.nix

{
  lib,
  config,
  inputs,
  pkgs,
  ...
}: let
  cfg = config.universe.services.amneziawg;
in {
  imports = [
    inputs.sops-nix.nixosModules.sops
  ];
  config = lib.mkIf cfg.enable {
    sops = {
      age.keyFile = "/home/tx0/.age-key.txt";

      secrets."${cfg.IfName}.conf" = {
        format = "binary";
        sopsFile = cfg.secret-config;
        path = "/run/secrets.d/{IfName}.conf";
        restartUnits = ["awg-${cfg.IfName}.service"];
      };
    };

    systemd.services."awg-${cfg.IfName}" = {
      enable = true;
      description = "AmneziaWG Interface awg0";
      after = ["network.target"];
      wantedBy = ["multi-user.target"];

      unitConfig = {
        ConditionPathExists = "/run/secrets.d/${cfg.IfName}.conf";
      };

      serviceConfig = {
        Type = "oneshot";
        RemainAfterExit = true;
        ExecStart = "${pkgs.amneziawg-tools}/bin/awg-quick up /run/secrets.d/${cfg.IfName}.conf";
        ExecStop = "${pkgs.amneziawg-tools}/bin/awg-quick down /run/secrets.d/${cfg.IfName}.conf";
        Restart = "on-failure";
      };
    };
  };
}
some changes 2025-03-14 16:40:36 +00:00			`{`
			`lib,`
			`config,`
			`inputs,`
			`pkgs,`
			`...`
			`}: let`
			`cfg = config.universe.services.amneziawg;`
			`in {`
			`imports = [`
			`inputs.sops-nix.nixosModules.sops`
			`];`
			`config = lib.mkIf cfg.enable {`
			`sops = {`
			`age.keyFile = "/home/tx0/.age-key.txt";`

			`secrets."${cfg.IfName}.conf" = {`
			`format = "binary";`
			`sopsFile = cfg.secret-config;`
			`path = "/run/secrets.d/{IfName}.conf";`
			`restartUnits = ["awg-${cfg.IfName}.service"];`
			`};`
			`};`

			`systemd.services."awg-${cfg.IfName}" = {`
			`enable = true;`
			`description = "AmneziaWG Interface awg0";`
			`after = ["network.target"];`
			`wantedBy = ["multi-user.target"];`

			`unitConfig = {`
			`ConditionPathExists = "/run/secrets.d/${cfg.IfName}.conf";`
			`};`

			`serviceConfig = {`
			`Type = "oneshot";`
			`RemainAfterExit = true;`
			`ExecStart = "${pkgs.amneziawg-tools}/bin/awg-quick up /run/secrets.d/${cfg.IfName}.conf";`
			`ExecStop = "${pkgs.amneziawg-tools}/bin/awg-quick down /run/secrets.d/${cfg.IfName}.conf";`
			`Restart = "on-failure";`
			`};`
			`};`
			`};`
			`}`