colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

wg-home: refactor: don't 'use' lib/builtins

Browse Source
This commit is contained in:
Colin 2023-09-19 12:09:21 +00:00
parent 201bfb922d
commit bbe633ef2e
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/modules/wg-home.nix
View File

@ -1,14 +1,12 @@
{ config, lib, pkgs, ... }:
let
inherit (builtins) filter map;
inherit (lib) concatMap mapAttrsToList mkIf mkMerge mkOption optionalAttrs types;
cfg = config.sane.services.wg-home;
server-cfg = config.sane.hosts.by-name."servo".wg-home;
mkPeer = { ips, pubkey, endpoint }: {
publicKey = pubkey;
allowedIPs = map (k: "${k}/32") ips;
} // (optionalAttrs (endpoint != null) {
allowedIPs = builtins.map (k: "${k}/32") ips;
} // (lib.optionalAttrs (endpoint != null) {
inherit endpoint;
# send keepalives every 25 seconds to keep NAT routes live.
# only need to do this from client -> server though, i think.
@ -17,18 +15,18 @@ let
dynamicEndpointRefreshSeconds = 600;
});
# make separate peers to route each given host
mkClientPeers = hosts: map (p: mkPeer {
mkClientPeers = hosts: builtins.map (p: mkPeer {
inherit (p) pubkey endpoint;
ips = [ p.ip ];
}) hosts;
# make a single peer which routes all the given hosts
mkServerPeer = hosts: mkPeer {
inherit (server-cfg) pubkey endpoint;
ips = map (h: h.ip) hosts;
ips = builtins.map (h: h.ip) hosts;
};
in
{
options = {
options = with lib; {
sane.services.wg-home.enable = mkOption {
type = types.bool;
default = false;
@ -51,7 +49,7 @@ in
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
# generate a (deterministic) wireguard private key
sane.derived-secrets."/run/wg-home.priv" = {
len = 32;
@ -84,8 +82,8 @@ in
peers =
let
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
all-peers = lib.mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
peer-list = builtins.filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
in
if cfg.routeThroughServo then
# if acting as a client, then maintain a single peer -- the server -- which does the actual routing