76 lines
1.8 KiB
Nix
76 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
wg-keys = config.fudo.secrets.files.wireguard.keys;
|
|
|
|
has-key = hostname: _: hasAttr hostname wg-keys;
|
|
|
|
keyed-hosts = filterAttrs has-key config.fudo.hosts;
|
|
|
|
sites = config.fudo.sites;
|
|
|
|
generatePublicKeyPkg = hostname: privkey-file: pkgs.stdenv.mkDerivation {
|
|
name = "wireguard-${hostname}-key.pub";
|
|
phases = "installPhase";
|
|
buildInputs = [ pkgs.wireguard ];
|
|
installPhase = ''
|
|
wg pubkey < ${privkey-file} > $out
|
|
'';
|
|
};
|
|
|
|
generatePublicKey = hostname: privkey-file:
|
|
readFile "${generatePublicKeyPkg hostname privkey-file}";
|
|
|
|
in {
|
|
config = {
|
|
fudo.services.wireguard.networks = {
|
|
fudo-local = {
|
|
network = "10.0.0.0/8";
|
|
captured-network = "10.192.0.0/10";
|
|
|
|
external-peers = {
|
|
niten-phone = {
|
|
public-key = "";
|
|
assigned-ip = "10.192.0.100";
|
|
};
|
|
};
|
|
|
|
hosts = mapAttrs (hostname: hostOpts: let
|
|
private-key-file = wg-keys.${hostname};
|
|
in {
|
|
inherit private-key-file;
|
|
public-key = generatePublicKey hostname private-key-file;
|
|
}) keyed-hosts;
|
|
|
|
sites = {
|
|
seattle = {
|
|
network = sites.seattle.private-network;
|
|
gateway = sites.seattle.local-gateway;
|
|
};
|
|
|
|
nuttyclub = {
|
|
network = sites.nuttyclub.private-network;
|
|
gateway = "nutboy3";
|
|
};
|
|
|
|
portage = {
|
|
network = sites.portage.private-network;
|
|
gateway = "france";
|
|
};
|
|
|
|
worldstream = {
|
|
network = sites.worldstream.private-network;
|
|
gateway = "legatus";
|
|
};
|
|
|
|
russell = {
|
|
network = sites.russell.private-network;
|
|
gateway = sites.russell.local-gateway;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|