commit 0b4213b0d234b4b683cbac0cc4e132ca5a6489bb · ryan.freumh.org/eilean-nix

+29 -12

modules/wireguard/default.nix

···

       5
       5
        
       let cfg = config.wireguard; in

     

       6
       6
        
       {

     

       7
       7
        
         options.wireguard = {

     

       8
       8
       -
           enable = lib.mkEnableOption "wireguard";

     

       8
       8
       +
           enable = mkEnableOption "wireguard";

     

       9
       9
        
           server = mkOption {

     

       10
       10
        
             type = with types; bool;

     

       11
       11
        
             default = cfg.hosts.${config.networking.hostName}.server;

     
···

       22
       22
        
                 server = mkOption {

     

       23
       23
        
                   type = types.bool;

     

       24
       24
        
                   default = false;

     

       25
       25
       +
                 };

     

       26
       26
       +
                 endpoint = mkOption {

     

       27
       27
       +
                   type = with types; nullOr str;

     

       28
       28
       +
                   default = null;

     

       29
       29
       +
                   # should not be null when server = true

     

       30
       30
       +
                 };

     

       31
       31
       +
                 persistentKeepalive = mkOption {

     

       32
       32
       +
                   type = with types; nullOr int;

     

       33
       33
       +
                   default = null;

     

       25
       34
        
                 };

     

       26
       35
        
               };

     

       27
       36
        
             };

     
···

       47
       56
        
       

     

       48
       57
        
             wireguard = {

     

       49
       58
        
               enable = true;

     

       50
       50
       -
               interfaces.wg0 = {

     

       51
       51
       -
                 ips = [ "${cfg.hosts.${config.networking.hostName}.ip}/24" ];

     

       59
       59
       +
               interfaces.wg0 = let hostName = config.networking.hostName; in {

     

       60
       60
       +
                 ips = [ "${cfg.hosts."${hostName}".ip}/24" ];

     

       52
       61
        
                 listenPort = 51820;

     

       53
       53
       -
                 privateKeyFile = "${config.custom.secretsDir}/wireguard-key-${config.networking.hostName}";

     

       54
       54
       -
                 peers = mkIf (!cfg.server) [

     

       55
       55
       -
                   {

     

       56
       56
       -
                     allowedIPs = [ "10.0.0.0/24" ];

     

       57
       57
       -
                     publicKey = "${cfg.hosts.vps.publicKey}";

     

       58
       58
       -
                     endpoint = "${config.hosting.serverIpv4}:51820";

     

       59
       59
       -
                     persistentKeepalive = mkIf (config.networking.hostName == "rasp-pi") 25;

     

       60
       60
       -
                   }

     

       61
       61
       -
                 ];

     

       62
       62
       +
                 privateKeyFile = "${config.custom.secretsDir}/wireguard-key-${hostName}";

     

       63
       63
       +
                 peers =

     

       64
       64
       +
                   let

     

       65
       65
       +
                     serverPeers = attrsets.mapAttrsToList

     

       66
       66
       +
                       (hostName: values:

     

       67
       67
       +
                         if values.server then

     

       68
       68
       +
                         {

     

       69
       69
       +
                           allowedIPs = [ "10.0.0.0/24" ];

     

       70
       70
       +
                           publicKey = values.publicKey;

     

       71
       71
       +
                           endpoint = "${values.endpoint}:51820";

     

       72
       72
       +
                           persistentKeepalive = values.persistentKeepalive;

     

       73
       73
       +
                         }

     

       74
       74
       +
                       else {})

     

       75
       75
       +
                       cfg.hosts;

     

       76
       76
       +
                     # remove empty elements

     

       77
       77
       +
                     cleanedServerPeers = lists.remove { } serverPeers;

     

       78
       78
       +
                   in mkIf (!cfg.server) cleanedServerPeers; 

     

       62
       79
        
               };

     

       63
       80
        
             };

     

       64
       81
        
           };

+1 -1

modules/wireguard/server.nix

···

       31
       31
        
                 hostName: values: {

     

       32
       32
        
                   allowedIPs = [ "${values.ip}/32" ];

     

       33
       33
        
                   publicKey = values.publicKey;

     

       34
       34
       -
                   persistentKeepalive = lib.mkIf (hostName == "rasp-pi") 25;

     

       34
       34
       +
                   persistentKeepalive = values.persistentKeepalive;

     

       35
       35
        
                 }

     

       36
       36
        
               ) cfg.hosts;

     

       37
       37
        
           };