nixos/roles/yggdrasil-client.nix
Ivan Bushchik 409c6c276b
Host private yggdrasil peer
Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
2023-12-17 10:57:18 +03:00

23 lines
643 B
Nix

{ config, lib, secrets, ... }:
let cfg = config.my.roles.yggdrasil-client;
in {
options.my.roles.yggdrasil-client.enable =
lib.mkEnableOption "Enable yggdrasil";
config = lib.mkIf (cfg.enable) {
my.features.secrets = lib.mkForce true;
services.yggdrasil = {
enable = true;
persistentKeys = true;
settings =
{
# Not connecting to global ygg network
Peers = lib.mkDefault [
"quic://${secrets.yggdrasil-peer}:60003?password=${secrets.yggdrasil-password}"
"tls://${secrets.yggdrasil-peer}:60002?password=${secrets.yggdrasil-password}"
];
};
};
};
}