Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 08:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
vps/nix/modules/wg-mesh/default.nix
Noratrieb 9121101308 some hostnames
2025-08-04 21:51:46 +02:00

49 lines
1.4 KiB
Nix
Raw Blame History

{ name, config, networkingConfig, ... }:
let
wgSettings = (builtins.getAttr name networkingConfig).wg;
listenPort = 51820;
in
{
# Map from $HOST.local to the private IP.
networking.hosts =
let
hostsEntries = map
(host:
let hostConfig = networkingConfig."${host}"; in
if builtins.hasAttr "wg" hostConfig then {
name = hostConfig.wg.privateIP;
value = [ "${host}.local" ];
} else null)
(builtins.attrNames networkingConfig);
wgHostEntries = builtins.filter (entry: entry != null) hostsEntries;
in
builtins.listToAttrs wgHostEntries;
networking.firewall.allowedUDPPorts = [
listenPort
];
age.secrets.wg_private.file = ../../secrets/wg_private_${name}.age;
networking.wg-quick.interfaces = {
wg0 = {
address = [ "${wgSettings.privateIP}/24" ];
inherit listenPort;
privateKeyFile = config.age.secrets.wg_private.path;
peers = map
(peer:
let peerConfig = (builtins.getAttr peer networkingConfig).wg;
in {
inherit (peerConfig) publicKey;
endpoint = "${peer}.infra.noratrieb.dev:${toString listenPort}";
allowedIPs = [ "${peerConfig.privateIP}/32" ];
# sometimes there's some weirdness....??
persistentKeepalive = 25;
}
)
wgSettings.peers;
};
};
deployment.tags = [ "wg-mesh" ];
}
Reference in a new issue View git blame Copy permalink