fmt

configs/peerix.nix

@@ -0,0 +1,35 @@
+{ config, lib, ... }:
+with lib; {
+  options = {
+    peerix = {
+      enable = mkOption {
+        description = "Enable peerix";
+        default = false;
+        example = true;
+        type = lib.types.bool;
+      };
+      privateKeyFile = mkOption {
+        description = "Private key file for signing";
+        default = "";
+        example = "./private_key";
+        type = lib.types.path;
+      };
+    };
+  };
+
+  config = mkIf config.peerix.enable {
+    services = {
+      peerix = {
+        enable = true;
+        openFirewall = false; # UDP/12304
+        privateKeyFile = "${config.peerix.privateKeyFile}";
+        publicKeyFile = ../../configs/peerix.pubs;
+      };
+    };
+    networking.firewall.interfaces = {
+      "tailscale0" = {
+        allowedUDPPorts = 12304;
+      };
+    };
+  };
+}

configs/peerix.pubs

@@ -0,0 +1,2 @@
+peerix-europa:FpjwUsYBl+I/SEr5JuO676oVhtUvY2zjyIr2VAVbmfs=
+peerix-stan:3wdu3RBNCIVdgVRFt7bPQuoNH1liYsndLL0pI8mZCbg=

gui/kde.nix

@@ -1,5 +1,6 @@
 { config, lib, pkgs, ... }:
-let inherit (pkgs.libsForQt5) callPackage; in {
+let inherit (pkgs.libsForQt5) callPackage;
+in {
   options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; };
 
   config = lib.mkIf config.kde.enable {