diff options
| author | Franck Cuny <franck@fcuny.net> | 2022-06-09 09:40:02 -0700 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2022-06-09 10:59:05 -0700 |
| commit | 6d25860b08178432a294197dd72eccaf733016d8 (patch) | |
| tree | 47b04f7f14943df3260f788d2ffc6c21dd0914f9 /lib/private-wireguard.nix | |
| parent | ref(profiles): get rid of all the profiles (diff) | |
| download | infra-6d25860b08178432a294197dd72eccaf733016d8.tar.gz | |
ref(nix): rename lib/ to nix/
Change-Id: If1e608b89b39bd5a53a37b873833a7ea881cb418
Reviewed-on: https://cl.fcuny.net/c/world/+/298
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to 'lib/private-wireguard.nix')
| -rw-r--r-- | lib/private-wireguard.nix | 41 |
1 files changed, 0 insertions, 41 deletions
diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix deleted file mode 100644 index 706dfd8..0000000 --- a/lib/private-wireguard.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib, hostname, config, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf types; - inherit (builtins) readFile fromTOML fromJSON; - secrets = config.age.secrets; - cfg = config.networking.private-wireguard; - port = 51871; - wgcfg = fromTOML (readFile ./../configs/wireguard.toml); - allPeers = wgcfg.peers; - thisPeer = allPeers."${hostname}" or null; - otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in { - options.networking.private-wireguard = { - enable = mkEnableOption "Enable private wireguard vpn connection"; - }; - - config = lib.mkIf cfg.enable { - networking = { - wireguard.interfaces.wg0 = { - listenPort = port; - privateKeyFile = secrets."wireguard_privatekey".path; - ips = [ - "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" - ]; - - peers = lib.mapAttrsToList (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) otherPeers; - }; - }; - }; -} |