stigtsp/wireguard.nix

## wireguard.nix
{ stdenv, pkgs, lib, ... }:
{
  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "10.0.0.1/32" "fc00:bbbb:bbbb:bbbb::bbbb/128" ];
      privateKeyFile = "/private/wireguard-pk";
      table = "51820";
      postSetup = ''
          wg set wg0 fwmark 51820
          ip -6 rule add not fwmark 51820 table 51820
          ip -6 rule add table main suppress_prefixlength 0
          ip -4 rule add not fwmark 51820 table 51820
          ip -4 rule add table main suppress_prefixlength 0
          '';
      postShutdown = ''
          ip -4 rule delete table 51820
          ip -4 rule delete table main suppress_prefixlength 0
          ip -6 rule delete table 51820
          ip -6 rule delete table main suppress_prefixlength 0
       '';
      peers = [
        {
          publicKey = "ABCDEFABCDEF";
          allowedIPs = [ "0.0.0.0/0" "::0/0" ];
          endpoint = "10.0.0.1:51820";
          persistentKeepalive = 25;
        }
      ];
    };
  };
}
	{ stdenv, pkgs, lib, ... }:
	{
	networking.wireguard.interfaces = {
	wg0 = {
	ips = [ "10.0.0.1/32" "fc00:bbbb:bbbb:bbbb::bbbb/128" ];
	privateKeyFile = "/private/wireguard-pk";
	table = "51820";
	postSetup = ''
	wg set wg0 fwmark 51820
	ip -6 rule add not fwmark 51820 table 51820
	ip -6 rule add table main suppress_prefixlength 0
	ip -4 rule add not fwmark 51820 table 51820
	ip -4 rule add table main suppress_prefixlength 0
	'';
	postShutdown = ''
	ip -4 rule delete table 51820
	ip -4 rule delete table main suppress_prefixlength 0
	ip -6 rule delete table 51820
	ip -6 rule delete table main suppress_prefixlength 0
	'';
	peers = [
	{
	publicKey = "ABCDEFABCDEF";
	allowedIPs = [ "0.0.0.0/0" "::0/0" ];
	endpoint = "10.0.0.1:51820";
	persistentKeepalive = 25;
	}
	];
	};
	};
	}