nixos-config/config/wireguard.nix

{ config, lib, pkgs, ... }:

with lib;
let
  wg-keys = config.fudo.secrets.files.wireguard.keys;

  has-key = hostname: _: hasAttr hostname wg-keys;

  keyed-hosts = filterAttrs has-key config.fudo.hosts;

  sites = config.fudo.sites;

  generatePublicKeyPkg = hostname: privkey-file: pkgs.stdenv.mkDerivation {
    name = "wireguard-${hostname}-key.pub";
    phases = "installPhase";
    buildInputs = [ pkgs.wireguard ];
    installPhase = ''
      wg pubkey < ${privkey-file} > $out
    '';
  };

  generatePublicKey = hostname: privkey-file:
    readFile "${generatePublicKeyPkg hostname privkey-file}";

in {
  config = {
    fudo.services.wireguard.networks = {
      fudo-local = {
        network = "10.0.0.0/8";
        captured-network = "10.192.0.0/10";

        external-peers = {
          niten-phone = {
            public-key = "";
            assigned-ip = "10.192.0.100";
          };
        };

        hosts = mapAttrs (hostname: hostOpts: let
          private-key-file = wg-keys.${hostname};
        in {
          inherit private-key-file;
          public-key = generatePublicKey hostname private-key-file;
        }) keyed-hosts;

        sites = {
          seattle = {
            network = sites.seattle.private-network;
            gateway = sites.seattle.local-gateway;
          };

          nuttyclub = {
            network = sites.nuttyclub.private-network;
            gateway = "nutboy3";
          };

          portage = {
            network = sites.portage.private-network;
            gateway = "france";
          };

          worldstream = {
            network = sites.worldstream.private-network;
            gateway = "legatus";
          };

          russell = {
            network = sites.russell.private-network;
            gateway = sites.russell.local-gateway;
          };
        };
      };
    };
  };
}
Added live disk flake file 2022-03-16 09:49:54 -07:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`wg-keys = config.fudo.secrets.files.wireguard.keys;`

			`has-key = hostname: _: hasAttr hostname wg-keys;`

			`keyed-hosts = filterAttrs has-key config.fudo.hosts;`

			`sites = config.fudo.sites;`

			`generatePublicKeyPkg = hostname: privkey-file: pkgs.stdenv.mkDerivation {`
			`name = "wireguard-${hostname}-key.pub";`
			`phases = "installPhase";`
			`buildInputs = [ pkgs.wireguard ];`
			`installPhase = ''`
			`wg pubkey < ${privkey-file} > $out`
			`'';`
			`};`

			`generatePublicKey = hostname: privkey-file:`
			`readFile "${generatePublicKeyPkg hostname privkey-file}";`

			`in {`
			`config = {`
			`fudo.services.wireguard.networks = {`
			`fudo-local = {`
			`network = "10.0.0.0/8";`
			`captured-network = "10.192.0.0/10";`

			`external-peers = {`
			`niten-phone = {`
			`public-key = "";`
			`assigned-ip = "10.192.0.100";`
			`};`
			`};`

			`hosts = mapAttrs (hostname: hostOpts: let`
			`private-key-file = wg-keys.${hostname};`
			`in {`
			`inherit private-key-file;`
			`public-key = generatePublicKey hostname private-key-file;`
			`}) keyed-hosts;`

			`sites = {`
			`seattle = {`
			`network = sites.seattle.private-network;`
			`gateway = sites.seattle.local-gateway;`
			`};`

			`nuttyclub = {`
			`network = sites.nuttyclub.private-network;`
			`gateway = "nutboy3";`
			`};`

			`portage = {`
			`network = sites.portage.private-network;`
			`gateway = "france";`
			`};`

			`worldstream = {`
			`network = sites.worldstream.private-network;`
			`gateway = "legatus";`
			`};`

			`russell = {`
			`network = sites.russell.private-network;`
			`gateway = sites.russell.local-gateway;`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`