Modules/Network: Remove wireguard configuration options

lib/networking.nix

@@ -101,57 +101,4 @@
       dns = nameserver;
     };
   };
-
-  mkNetworkNamespace = name: ''
-    ${pkgs.iproute2}/bin/ip netns add ${name} # Create the Namespace
-    ${pkgs.iproute2}/bin/ip -n ${name} link set lo up # Enable the Loopback device
-  '';
-
-  killNetworkNamespace = name: ''
-    ${pkgs.iproute2}/bin/ip netns del ${name} # Delete the Namespace
-  '';
-
-  # VPN stuff
-  mkWireguardService = let
-    # NOTE: The interface and netns have the same name, so it's a bit confusing
-    mkWireguardTunnel = name: privatekey: publickey: endpoint: ''
-      ${pkgs.iproute2}/bin/ip link add ${name} type wireguard
-      ${pkgs.iproute2}/bin/ip link set ${name} netns ${name}
-      ${pkgs.iproute2}/bin/ip netns exec ${name} ${pkgs.wireguard-tools}/bin/wg set ${name} \
-        private-key /home/christoph/.secrets/wireguard/${privatekey} \
-        peer ${publickey} \
-        allowed-ips 0.0.0.0/0 \
-        endpoint ${endpoint}:51820
-      ${pkgs.iproute2}/bin/ip -n ${name} addr add 10.2.0.2/32 dev ${name}
-      ${pkgs.iproute2}/bin/ip -n ${name} link set ${name} up
-      ${pkgs.iproute2}/bin/ip -n ${name} route add default dev ${name}
-    '';
-
-    killWireguardTunnel = name: ''
-      ${pkgs.iproute2}/bin/ip -n ${name} link del ${name}
-    '';
-  in
-    name: privatekey: publickey: endpoint: {
-      description = "Wireguard ProtonVPN Server ${name}";
-      serviceConfig = {
-        Type = "oneshot";
-        RemainAfterExit = true;
-        ExecStart = pkgs.writeScript "${name}-up" ''
-          #! ${pkgs.bash}/bin/bash
-          ${mkNetworkNamespace "${name}"}
-          ${mkWireguardTunnel "${name}" "${privatekey}" "${publickey}" "${endpoint}"}
-        '';
-        ExecStop = pkgs.writeScript "wg0-de-115-down" ''
-          #! ${pkgs.bash}/bin/bash
-          ${killWireguardTunnel "${name}"}
-          ${killNetworkNamespace "${name}"}
-        '';
-      };
-    };
-
-  # mkOpenVPNService = let
-  #   mkOpenVPNTunnel = "";
-  #   killOpenVPNTunnel = "";
-  # in
-  #   name: {};
 }

system/modules/network/default.nix

@@ -44,38 +44,8 @@ in {
       inherit (cfg) networks;
     };
 
-    # Wireguard VPNs
-    systemd.services = mkIf (!cfg.useNetworkManager) cfg.wireguard-tunnels;
-
-    # NOTE: I can connect to TU Dortmund directly
-    # TODO: Use config with netns, like with wireguard
-    # services.openvpn.servers = {
-    #   # TODO: Can't read config file...
-    #   tu-dortmund-irb = {
-    #     autoStart = false;
-    #     config = "config ~/NixFlake/config/openvpn/tu-dortmund-irb.ovpn";
-    #   };
-    # };
-
-    # TODO: Rewrite with lib.pipe
-    # Generate list of vpns for rofi menu
-    environment.etc."rofi-vpns" = let
-      names-list = attrNames cfg.wireguard-tunnels;
-      names = concatStringsSep "\n" names-list;
-    in
-      mkIf (!cfg.useNetworkManager) {text = names;};
-
-    # Allow to enable/disable tunnels without root password
-    modules.polkit.allowedSystemServices = let
-      vpn-services = lib.pipe cfg.wireguard-tunnels [
-        attrNames
-        (map (v: "${v}.service"))
-      ];
-    in
-      mkIf (!cfg.useNetworkManager) vpn-services;
-
     modules.polkit.allowedActions = mkIf cfg.useNetworkManager [
-      # NOTE: List permissions by running "nmcli general permissions"
+      # List NM permissions by running "nmcli general permissions"
       "org.freedesktop.NetworkManager.settings.modify.system"
     ];
 

system/modules/network/options.nix

@@ -41,17 +41,6 @@ with mylib.modules; {
     '';
   };
 
-  wireguard-tunnels = mkOption {
-    type = types.attrs;
-    default = {};
-    description = "Wireguard VPN Tunnels";
-    example = ''
-      wg0-de-115 = {
-        [...]
-      };
-    '';
-  };
-
   allowedTCPPorts = mkOption {
     type = types.listOf types.int;
     default = [];

system/nixinator/default.nix

@@ -72,43 +72,6 @@
         8090 # PocketBase
         4242 # Lan-Mouse
       ];
-
-      wireguard-tunnels = {
-        wg0-de-115 =
-          mylib.networking.mkWireguardService
-          "wg0-de-115"
-          "proton-de-115.key"
-          "9+CorlxrTsQR7qjIOVKsEkk8Z7UUS5WT3R1ccF7a0ic="
-          "194.126.177.14";
-
-        wg0-de-205 =
-          mylib.networking.mkWireguardService
-          "wg0-de-205"
-          "proton-de-205.key"
-          "MOLPnnM2MSq7s7KqAgpm+AWpmzFAtuE46qBFHeLg5Tk="
-          "217.138.216.130";
-
-        wg0-lu-16 =
-          mylib.networking.mkWireguardService
-          "wg0-lu-16"
-          "proton-lu-16.key"
-          "asu9KtQoZ3iKwELsDTgjPEiFNcD1XtgGgy3O4CZFg2w="
-          "92.223.89.133";
-
-        wg0-kh-8 =
-          mylib.networking.mkWireguardService
-          "wg0-kh-8"
-          "proton-kh-8.key"
-          "D4M0O60wCBf1nYWOmXRfK7IpgG7VBBwQLeWVFLIqFG4="
-          "188.215.235.82";
-
-        wg0-ch-70 =
-          mylib.networking.mkWireguardService
-          "wg0-ch-70"
-          "proton-ch-70.key"
-          "17I34jHOMcmI7LKBqxosTfLgwGjO5OKApLcRSPlyymM="
-          "185.159.157.13";
-      };
     };
   };
 

system/nixtop/default.nix

@@ -9,21 +9,7 @@
     network = {
       useNetworkManager = true;
 
-      wireguard-tunnels = {
+      # TODO: There's probably something missing here?
-        wg0-de-74 =
-          mylib.networking.mkWireguardService
-          "wg0-de-74"
-          "proton-de-74.key"
-          "fvHmPj3wAKolN80+/KJ3a/DFjMToCsr3iPGwX8+og1g="
-          "194.126.177.7";
-
-        wg0-lu-6 =
-          mylib.networking.mkWireguardService
-          "wg0-lu-6"
-          "proton-lu-6.key"
-          "EAZS8FTE2sXm8NFD8ViqcO5PMzvnyIHD1ScxX8UxIzE="
-          "92.223.89.141";
-      };
     };
   };