Switch to wg-quick for WireGuard

machines/loki/configuration.nix

@@ -140,19 +140,19 @@
       # };
     };
 
-    wireguard.interfaces = {
+    wg-quick.interfaces = {
       wghorus = {
-        ips = [ "10.10.4.2/24" ];
+        address = [ "10.10.4.2/24" ];
+        autostart = false;
+        dns = [ "192.168.4.1" ];
         listenPort = 51820;
 
         privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
 
-        postSetup = ''
+        postUp = ''
-          ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1
           ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu
         '';
-        postShutdown = ''
+        postDown = ''
-          ${pkgs.systemd}/bin/resolvectl dns wghorus ""
           ${pkgs.systemd}/bin/resolvectl domain wghorus ""
         '';
 
@@ -166,6 +166,33 @@
         ];
       };
     };
+
+    # wireguard.interfaces = {
+    #   wghorus = {
+    #     ips = [ "10.10.4.2/24" ];
+    #     listenPort = 51820;
+
+    #     privateKeyFile = config.sops.secrets.wireguard-horus-privkey.path;
+
+    #     postSetup = ''
+    #       ${pkgs.systemd}/bin/resolvectl dns wghorus 192.168.4.1
+    #       ${pkgs.systemd}/bin/resolvectl domain wghorus bedum.horus.nu internal.horus.nu
+    #     '';
+    #     postShutdown = ''
+    #       ${pkgs.systemd}/bin/resolvectl dns wghorus ""
+    #       ${pkgs.systemd}/bin/resolvectl domain wghorus ""
+    #     '';
+
+    #     peers = [
+    #       {
+    #         publicKey = "6faxlUG8+F7uVrKk/OJqqy5k2+OzrhXc/cV6Zsfbl0c=";
+    #         allowedIPs = [ "192.168.4.0/23" "192.168.6.0/24" "192.168.7.0/24" "192.168.8.0/24" ];
+    #         endpoint = "212.45.34.195:51820";
+    #         persistentKeepalive = 25;
+    #       }
+    #     ];
+    #   };
+    # };
   };
 
   systemd.network = {