From 0b31b91c69f2bef25404272b2aa75e260d00b2a9 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Fri, 27 Dec 2024 15:44:00 -0500
Subject: [PATCH] Set up wireguard.

---
 nix/configuration/configuration.nix           |  1 +
 nix/configuration/network.nix                 |  2 +-
 nix/configuration/roles/wireguard/default.nix | 26 +++++++++++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)
 create mode 100644 nix/configuration/roles/wireguard/default.nix

diff --git a/nix/configuration/configuration.nix b/nix/configuration/configuration.nix
index 3eedd6a..8d0e68d 100644
--- a/nix/configuration/configuration.nix
+++ b/nix/configuration/configuration.nix
@@ -35,6 +35,7 @@
     ./roles/gpg
     ./roles/waybar
     ./roles/qemu
+    ./roles/wireguard
   ];
 
   nix.settings.experimental-features = [
diff --git a/nix/configuration/network.nix b/nix/configuration/network.nix
index 562e560..21dc2a8 100644
--- a/nix/configuration/network.nix
+++ b/nix/configuration/network.nix
@@ -16,7 +16,7 @@
   ];
   services.resolved = {
     enable = true;
-    dnssec = "true";
+    # dnssec = "true";
     domains = [ "~." ];
     fallbackDns = [ ];
     dnsovertls = "true";
diff --git a/nix/configuration/roles/wireguard/default.nix b/nix/configuration/roles/wireguard/default.nix
new file mode 100644
index 0000000..350486d
--- /dev/null
+++ b/nix/configuration/roles/wireguard/default.nix
@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  networking.firewall.allowedUDPPorts = [ 51821 ];
+  networking.wireguard.enable = true;
+  networking.wg-quick.interfaces.wg0.configFile = "/persist/manual/wireguard/drmario.conf";
+  systemd.services."wg-quick-wg0".after = [
+    "nss-lookup.target"
+    "systemd-resolved.service"
+    "multi-user.target"
+  ];
+
+  systemd.services."wg-quick-wg0".preStart = "${pkgs.toybox}/bin/sleep 10";
+
+  # environment.systemPackages = with pkgs; [
+  #   wireguard-tools
+  # ];
+
+}