wg-home: auto-generate peer list from hosts.nix config
This commit is contained in:
parent
094b7223c7
commit
708cb841fe
|
@ -27,6 +27,13 @@ let
|
|||
e.g. "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=".
|
||||
'';
|
||||
};
|
||||
wg-home.ip = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
description = ''
|
||||
IP address to use on the wg-home VPN.
|
||||
e.g. "10.0.10.5";
|
||||
'';
|
||||
};
|
||||
lan-ip = mkOption {
|
||||
type = types.str;
|
||||
description = ''
|
||||
|
@ -61,6 +68,7 @@ in
|
|||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpmFdNSVPRol5hkbbCivRhyeENzb9HVyf9KutGLP2Zu";
|
||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSJnqmVl9/SYQ0btvGb0REwwWY8wkdkGXQZfn/1geEc";
|
||||
wg-home.pubkey = "FTUWGw2p4/cEcrrIE86PWVnqctbv8OYpw8Gt3+dC/lk=";
|
||||
wg-home.ip = "10.0.10.20";
|
||||
lan-ip = "192.168.0.20";
|
||||
};
|
||||
|
||||
|
@ -74,6 +82,7 @@ in
|
|||
ssh.user_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPS1qFzKurAdB9blkWomq8gI1g0T3sTs9LsmFOj5VtqX";
|
||||
ssh.host_pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
|
||||
wg-home.pubkey = "roAw+IUFVtdpCcqa4khB385Qcv9l5JAB//730tyK4Wk=";
|
||||
wg-home.ip = "10.0.10.5";
|
||||
lan-ip = "192.168.0.5";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
inherit (builtins) mapAttrsToList;
|
||||
inherit (lib) mkIf mkMerge mkOption optionalAttrs types;
|
||||
cfg = config.sane.services.wg-home;
|
||||
server-cfg = config.sane.hosts.by-name."servo".wg-home;
|
||||
in
|
||||
{
|
||||
options = {
|
||||
|
@ -48,7 +50,7 @@ in
|
|||
peers = [
|
||||
{
|
||||
# server pubkey
|
||||
publicKey = config.sane.hosts.by-name."servo".wg-home.pubkey;
|
||||
publicKey = server-cfg.pubkey;
|
||||
|
||||
# accept traffic from any IP addr on the other side of the tunnel
|
||||
# allowedIPs = [ "0.0.0.0/0" ];
|
||||
|
@ -68,30 +70,14 @@ in
|
|||
ips = [
|
||||
"10.0.10.5/24"
|
||||
];
|
||||
peers = [
|
||||
{
|
||||
# lappy
|
||||
publicKey = config.sane.hosts.by-name."lappy".wg-home.pubkey;
|
||||
allowedIPs = [ "10.0.10.20/32" ];
|
||||
# allowedIPs = [ "10.0.10.0/24" "192.168.0.0/24" ];
|
||||
# allowedIPs = [ "0.0.0.0/0" ];
|
||||
}
|
||||
# {
|
||||
# # lappy
|
||||
# publicKey = "TODO";
|
||||
# allowedIPs = [ "10.0.10.20/32" ];
|
||||
# }
|
||||
# {
|
||||
# # desko
|
||||
# publicKey = "TODO";
|
||||
# allowedIPs = [ "10.0.10.22/32" ];
|
||||
# }
|
||||
# {
|
||||
# # moby
|
||||
# publicKey = "TODO";
|
||||
# allowedIPs = [ "10.0.10.48/32" ];
|
||||
# }
|
||||
];
|
||||
peers = mapAttrsToList
|
||||
(name: hostcfg:
|
||||
lib.mkIf (hostcfg.wg-home.ip or server-cfg.ip != server-cfg.ip) {
|
||||
publicKey = hostcfg.wg-home.pubkey;
|
||||
allowedIPs = [ "${hostcfg.wg-home.ip}/32" ];
|
||||
}
|
||||
)
|
||||
config.sane.hosts.by-name;
|
||||
};
|
||||
}
|
||||
]);
|
||||
|
|
Loading…
Reference in New Issue
Block a user