diff options
author | azahi <azat@bahawi.net> | 2024-12-17 02:04:27 +0300 |
---|---|---|
committer | azahi <azat@bahawi.net> | 2024-12-17 02:04:27 +0300 |
commit | 1ae038a0a86348074b422ea87c03836b0962af67 (patch) | |
tree | ae56c73c01b4777e3e24a22c2d67943706997cf0 /modules/wireguard.nix | |
parent | 2024-12-02 (diff) |
Diffstat (limited to 'modules/wireguard.nix')
-rw-r--r-- | modules/wireguard.nix | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 5138946..633ec5b 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -10,7 +10,7 @@ with lib; let cfg = config.nixfiles.modules.wireguard; - DNSSetup = + DNSSetup = optionalString config.services.resolved.enable ( let resolvectl = "${config.systemd.package}/bin/resolvectl"; in @@ -19,14 +19,19 @@ let ${resolvectl} domain ${cfg.interface} local ${my.domain.shire} ${resolvectl} dnssec ${cfg.interface} no ${resolvectl} dnsovertls ${cfg.interface} no - ''; + '' + ); extraOptions = { - jc = 228; - jmin = 42; - jmax = 420; - s1 = 69; - s2 = 96; + jc = 23; + jmin = 58; + jmax = 1021; + s1 = 49; + s2 = 87; + h1 = 1264154357; + h2 = 462401493; + h3 = 737329836; + h4 = 1039929807; }; in { @@ -137,7 +142,8 @@ in } // mkMerge [ (mkIf (cfg.client.enable || cfg.server.enable) { - secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; + secrets."wireguard-private-key-${this.hostname}".file = + "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; networking.firewall.trustedInterfaces = [ cfg.interface ]; |