{ config, lib, pkgs, ... }: let wireguard_enable = ( (lib.attrsets.filterAttrs (name: value: value) config.me.wireguard.activated) != [ ] || (lib.attrsets.filterAttrs (name: value: value) config.me.wireguard.deactivated) != [ ] ); in { imports = [ ]; options.me = { wireguard.activated = lib.mkOption { default = { }; example = lib.literalExpression '' { wgh = true; colo = lib.mkForce false; } ''; type = lib.types.coercedTo (lib.types.listOf lib.types.str) ( enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled) ) (lib.types.attrsOf lib.types.bool); description = "List of wireguard config names that should be activated at boot."; }; wireguard.deactivated = lib.mkOption { default = { }; example = lib.literalExpression '' { wgf = true; drmario = lib.mkForce false; } ''; type = lib.types.coercedTo (lib.types.listOf lib.types.str) ( enabled: lib.listToAttrs (map (fs: lib.nameValuePair fs true) enabled) ) (lib.types.attrsOf lib.types.bool); description = "List of wireguard config names that are not activated at boot but can be manually activated later."; }; }; config = lib.mkIf wireguard_enable { networking.firewall.allowedUDPPorts = [ 51821 ]; networking.wireguard.enable = true; networking.wg-quick.interfaces = (builtins.mapAttrs ( name: value: (lib.attrsets.optionalAttrs value { configFile = "/persist/manual/wireguard/${name}.conf"; }) ) config.me.wireguard.activated) // (builtins.mapAttrs ( name: value: (lib.attrsets.optionalAttrs value { configFile = "/persist/manual/wireguard/${name}.conf"; autostart = false; }) ) config.me.wireguard.deactivated); systemd.services = lib.attrsets.mapAttrs' ( name: value: (lib.attrsets.nameValuePair "wg-quick-${name}" { after = [ "network-online.target" "nss-lookup.target" ]; preStart = "${pkgs.toybox}/bin/sleep 3"; }) ) config.me.wireguard.activated; }; }