[malobeo/vpn] use wg-quick instead wireguard

this is compatible with systemd network (also in the future)

machines/modules/malobeo/peers.nix

@@ -2,7 +2,7 @@
   "vpn" = {
     role = "server";
     publicIp = "5.9.153.217";
-    ips = [ "10.100.0.1/24" ];
+    address = [ "10.100.0.1/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
     listenPort = 51821;
     publicKey = "hF9H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
@@ -10,15 +10,15 @@
 
   "fanny" = {
     role = "client";
-    ips = [ "10.100.0.2/24" ];
+    address = [ "10.100.0.2/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
-    publicKey = "";
+    publicKey = "hF8H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
   };
 
   "test" = {
     role = "client";
-    ips = [ "10.100.0.3/24" ];
+    address = [ "10.100.0.3/24" ];
     allowedIPs = [ "10.100.0.0/24" ];
-    publicKey = "";
+    publicKey = "hF7H10Y8Ar7zvZXFoNM8LSoaYFgPCXv30c54SSEucX4=";
   };
 }

machines/modules/malobeo/wireguard.nix

@@ -16,7 +16,7 @@ let
   ) peerList;
   filteredPeerlist = map (host: builtins.removeAttrs host [ 
     "role" 
-    "ips" 
+    "address" 
     "listenPort" 
     "publicIp" 
   ] ) peerListWithEndpoint;
@@ -38,7 +38,7 @@ in
         '';
       };
 
-      privateKey = mkOption {
+      privateKeyFile = mkOption {
         default = "";
         type = types.str;
         description = ''
@@ -48,43 +48,44 @@ in
     };
   };
 
-  imports = [
-    inputs.microvm.nixosModules.host
-  ];
-
   config = mkIf cfg.enable { 
     assertions = [
-      #{
+      {
-      #  assertion = !(myPeer != "client" && cfg.role != "server");
+        assertion = !(myPeer.role != "client" && myPeer.role != "server");
-      #  message = ''
+        message = ''
-      #    VPN Role must be either client or server, nothing else!
+          VPN Role must be either client or server, nothing else!
-      #  '';
+        '';
-      #}
+      }
     ];
 
-    networking.wireguard = {
+    networking.wg-quick = {
-      enable = true;
       interfaces = {
         malovpn = {
-          ips = myPeer.ips;
+          address = myPeer.address;
           listenPort = mkIf (myPeer.role == "server") myPeer.listenPort;
 
           # This allows the wireguard server to route your traffic to the internet and hence be like a VPN
           # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
-          postSetup = mkIf (myPeer.role == "server") ''
+          postUp = mkIf (myPeer.role == "server") ''
-            ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+            ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o enp0s3 -j MASQUERADE
           '';
 
           # This undoes the above command
-          postShutdown = mkIf (myPeer.role == "server") ''
+          postDown = mkIf (myPeer.role == "server") ''
-            ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j MASQUERADE
+            ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o enp0s3 -j MASQUERADE
           '';
 
-          privateKey = cfg.privateKey;
+          privateKeyFile = cfg.privateKeyFile;
 
           peers = filteredPeerlist;
         };
       };
     };
+
+    #networking.nat = mkIf (myPeer.role == "server"){
+    #  enable = true;
+    #  internalInterfaces = [ "microvm" ];
+    #  externalInterface = "eth0"; #change to your interface name
+    #};
   };
 }

machines/vpn/configuration.nix

@@ -21,7 +21,7 @@ with lib;
   services.malobeo.vpn = {
     enable = true;
     name = "vpn";
-    privateKey = config.sops.secrets.wg_private.path;
+    privateKeyFile = config.sops.secrets.wg_private.path;
   };
 
   system.stateVersion = "22.11"; # Did you read the comment?