{ config, lib, pkgs, nodes, builtins, ... }: with lib; { options = { wireguard = { enable = mkOption { type = types.bool; default = false; description = "Enable wireguard"; }; roaming = mkOption { type = types.bool; description = "Deploy roaming peers to this host"; default = false; }; endpoint = mkOption { type = types.str; description = "Public endpoint of wireguard interface"; }; port = mkOption { type = types.int; description = "Port of the wireguard interface (51820)"; default = 51820; }; publicKey = mkOption { type = types.str; description = "Public key of the wireguard interface"; }; natInterface = mkOption { type = types.str; description = "Interface to use for outgoing NAT connections"; default = "eth0"; }; v4 = { address = mkOption { type = types.str; description = "IP of the wireguard interface (10.10.0.1)"; }; network = mkOption { type = types.str; description = "The Network CIDR of the wireguard network (10.10.0.0)"; default = "10.10.0.0"; }; prefixLength = mkOption { type = types.int; description = "Prefix Length of the wireguard interface IP (24)"; default = 24; }; }; v6 = { address = mkOption { type = types.str; description = "IP of the wireguard interface ()"; }; prefixLength = mkOption { type = types.int; description = "Prefix Length of the wireguard interface IP (24)"; default = 64; }; ula = mkOption { type = types.str; description = "Unique Local Alloctation for IPv6 net"; default = "fd15:3d8c:d429:beef"; }; gua = mkOption { type = types.str; description = "Global Unique Allocation for IPv6 net, used as base for hosts"; default = "2a0f:9400:8020:beef"; }; }; allowedIPs = mkOption { type = types.listOf types.str; description = "Extra allowedIPs"; default = [ ]; }; }; }; }