modules.services.wireguard: drop

2026-01-12 01:29:24 +08:00 · 2025-10-12 16:56:38 +08:00
parent e9cdde3d4e
commit b27e18eaa6
17 changed files with 39 additions and 355 deletions
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -1,50 +0,0 @@
-inputs:
-{
-  options.nixos.services.wireguard = let inherit (inputs.lib) mkOption types; in mkOption
-  {
-    type = types.attrsOf (types.submodule (submoduleInputs: { options =
-    {
-      # wireguard 接口的 ip，不是 wireguard 监听的 ip（它实际上监听所有 ip）
-      ip = mkOption { type = types.str; };
-      # wireguard 接口的网段
-      netmask = mkOption { type = types.int; default = 24; };
-      # 设置 wireguard 监听的端口，如果不设置则随机，同时不开放防火墙
-      listenPort = mkOption { type = types.nullOr types.int; default = null; };
-      peer = mkOption { type = types.attrsOf (types.submodule { options =
-      {
-        publicKey = mkOption { type = types.nonEmptyStr; };
-        endpoint = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-        allowedIPs = mkOption { type = types.nonEmptyListOf types.nonEmptyStr; };
-      };});};
-    };}));
-    default = {};
-  };
-  config = let inherit (inputs.config.nixos.services) wireguard; in inputs.lib.mkIf (wireguard != {})
-  {
-    networking = inputs.lib.mkMerge (builtins.map
-      (wg:
-      {
-        firewall =
-        {
-          allowedUDPPorts = inputs.lib.mkIf (wg.value.listenPort != null) [ wg.value.listenPort ];
-          trustedInterfaces = [ wg.name ];
-        };
-        wireguard.interfaces.${wg.name} =
-        {
-          inherit (wg.value) listenPort;
-          ips = [ "${wg.value.ip}/${builtins.toString wg.value.netmask}" ];
-          privateKeyFile = inputs.config.nixos.system.sops.secrets.wireguard.path;
-          peers = builtins.map
-            (peer:
-            {
-              inherit (peer) name;
-              inherit (peer.value) publicKey allowedIPs endpoint;
-              persistentKeepalive = if peer.value.endpoint != null then 10 else null;
-            })
-            (inputs.localLib.attrsToList wg.value.peer);
-        };
-      })
-      (inputs.localLib.attrsToList wireguard));
-    nixos.system.sops.secrets.wireguard = {};
-  };
-}
--- a/modules/user/chn/ssh.nix
+++ b/modules/user/chn/ssh.nix
@@ -13,7 +13,7 @@ inputs:
            xmuhk = { host = "xmuhk"; hostname = "10.26.14.64"; user = "xmuhk"; };
            xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
            jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:xterm-256color";
-            "wg0.jykang" = jykang;
+            "tinc0.jykang" = jykang;
          };
          extraConfig = inputs.lib.mkIf inputs.config.nixos.model.private
          ''