botalex/nixos-server
1
0
Fork 0
mirror of https://github.com/MagicBOTAlex/nixos-server.git synced 2026-05-06 10:02:30 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-server/networking/wireguard-kube.nix
BOTAlex f2bb1de7d8 sync
2026-04-01 22:53:54 +02:00

30 lines
884 B
Nix
Raw Blame History

{ config, pkgs, ... }:
{
# Ensure the necessary tools are installed
environment.systemPackages = [ pkgs.wireguard-tools ];
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
systemd.services.wireguard-kube = {
description = "WireGuard VPN Service for kube-wg";
# Ensure the service starts after the network is up
after = [
"network.target"
"network-online.target"
];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
# Use wg-quick to setup and teardown the interface
ExecStart = "${pkgs.wireguard-tools}/bin/wg-quick up /etc/wireguard/wireguard-kube.conf";
ExecStop = "${pkgs.wireguard-tools}/bin/wg-quick down /etc/wireguard/wireguard-kube.conf";
CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
};
};
}
Reference in a new issue View git blame Copy permalink