Skip to content

Wg access server

services.wg-access-server.enable

Whether to enable wg-access-server. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix

services.wg-access-server.package

The wg-access-server package to use. Type: package

Default

pkgs.wg-access-server

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix

services.wg-access-server.secretsFile

yaml file containing all secrets. this needs to be in the same structure as the configuration.

This must to contain the admin password and wireguard private key. As well as the secrets for your auth backend.

Example: 

adminPassword: <admin password>
wireguard:
  privateKey: <wireguard private key>
auth:
  oidc:
    clientSecret: <client secret>

Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix

services.wg-access-server.settings

See https://www.freie-netze.org/wg-access-server/2-configuration/ for possible options Type: YAML value

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix

services.wg-access-server.settings.dns.enable

Enable/disable the embedded DNS proxy server. This is enabled by default and allows VPN clients to avoid DNS leaks by sending all DNS requests to wg-access-server itself.

Type: boolean

Default

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix

services.wg-access-server.settings.storage

A storage backend connection string. See storage docs Type: string

Default

"sqlite3://db.sqlite"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/wg-access-server.nix