| .gitignore | ||
| flake.nix | ||
| hosts.nix | ||
| LICENSE | ||
| module.nix | ||
| peering.nix | ||
| README.md | ||
birdsong
A private WireGuard VPN.
Connecting a new host
-
Generate a new WireGuard keypair with the
wgbinary (packaged on many distros aswireguard-tools.) There are instructions on the Arch wiki. -
Add the host to
hosts.nix, being sure to read the documentation carefully. -
For a NixOS host:
- Install the NixOS module as described below.
- Enable the
birdsongservice in your NixOS configuration:
birdsong.peering = { enable = true; privateKeyFile = /path/to/wireguard/private.key; # This is the bare minimum - check peering.nix for other options. # In particular, quick fix for issues with NAT or dynamic public IPs: # persistentKeepalive = 23 }; -
For a non-NixOS host:
- TODO
Installing the NixOS module
With plain Nix fetching
{ config, lib, pkgs, ... }:
{
imports = [
# ...
(let
birdsong = fetchgit {
url = "https://git.qenya.tel/qenya/birdsong";
hash = "sha256-pPrREPA7kJdfMXk0hJLbq6UGOiq+KtJo1LR4vC69vxM=";
rev = "04e5519bf363388debfafc31285851c7816d087a";
# This shows an example commit ID; update to the most recent and
# recalculate the hash
};
in import "${birdsong}/module.nix"
)
];
}
With npins
$ npins add --name birdsong git --branch main "https://git.qenya.tel/qenya/birdsong.git"
{ config, lib, pkgs, ... }:
let sources = import ./npins;
in {
imports = [
# ...
(import "${sources.birdsong}/module.nix")
];
}
With flakes
{
inputs.birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"
outputs = { self, nixpkgs, birdsong, ... }: {
# Tweak as appropriate for your hostname, platform, architecture etc.
nixosConfigurations.your-box = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"
modules = [
# ...
birdsong.nixosModules.default
];
};
};
}