about summary refs log tree commit diff
path: root/modules/wireguard.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/wireguard.nix')
-rw-r--r--modules/wireguard.nix22
1 files changed, 14 insertions, 8 deletions
diff --git a/modules/wireguard.nix b/modules/wireguard.nix
index 5138946..633ec5b 100644
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@@ -10,7 +10,7 @@ with lib;
 let
   cfg = config.nixfiles.modules.wireguard;
 
-  DNSSetup =
+  DNSSetup = optionalString config.services.resolved.enable (
     let
       resolvectl = "${config.systemd.package}/bin/resolvectl";
     in
@@ -19,14 +19,19 @@ let
       ${resolvectl} domain ${cfg.interface} local ${my.domain.shire}
       ${resolvectl} dnssec ${cfg.interface} no
       ${resolvectl} dnsovertls ${cfg.interface} no
-    '';
+    ''
+  );
 
   extraOptions = {
-    jc = 228;
-    jmin = 42;
-    jmax = 420;
-    s1 = 69;
-    s2 = 96;
+    jc = 23;
+    jmin = 58;
+    jmax = 1021;
+    s1 = 49;
+    s2 = 87;
+    h1 = 1264154357;
+    h2 = 462401493;
+    h3 = 737329836;
+    h4 = 1039929807;
   };
 in
 {
@@ -137,7 +142,8 @@ in
     }
     // mkMerge [
       (mkIf (cfg.client.enable || cfg.server.enable) {
-        secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}";
+        secrets."wireguard-private-key-${this.hostname}".file =
+          "${inputs.self}/secrets/wireguard-private-key-${this.hostname}";
 
         networking.firewall.trustedInterfaces = [ cfg.interface ];

Consider giving Nix/NixOS a try! <3