colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

wg-home: refactor: don't 'use' lib/builtins

Browse Source
This commit is contained in:
Colin 2023-09-19 12:09:21 +00:00
parent 201bfb922d
commit bbe633ef2e
1 changed files with 8 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/modules/wg-home.nix
View File

@ -1,14 +1,12 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
inherit (builtins) filter map;
inherit (lib) concatMap mapAttrsToList mkIf mkMerge mkOption optionalAttrs types;
cfg = config.sane.services.wg-home; cfg = config.sane.services.wg-home;
server-cfg = config.sane.hosts.by-name."servo".wg-home; server-cfg = config.sane.hosts.by-name."servo".wg-home;
mkPeer = { ips, pubkey, endpoint }: { mkPeer = { ips, pubkey, endpoint }: {
publicKey = pubkey; publicKey = pubkey;
allowedIPs = map (k: "${k}/32") ips; allowedIPs = builtins.map (k: "${k}/32") ips;
} // (optionalAttrs (endpoint != null) { } // (lib.optionalAttrs (endpoint != null) {
inherit endpoint; inherit endpoint;
# send keepalives every 25 seconds to keep NAT routes live. # send keepalives every 25 seconds to keep NAT routes live.
# only need to do this from client -> server though, i think. # only need to do this from client -> server though, i think.
@ -17,18 +15,18 @@ let
dynamicEndpointRefreshSeconds = 600; dynamicEndpointRefreshSeconds = 600;
}); });
# make separate peers to route each given host # make separate peers to route each given host
mkClientPeers = hosts: map (p: mkPeer { mkClientPeers = hosts: builtins.map (p: mkPeer {
inherit (p) pubkey endpoint; inherit (p) pubkey endpoint;
ips = [ p.ip ]; ips = [ p.ip ];
}) hosts; }) hosts;
# make a single peer which routes all the given hosts # make a single peer which routes all the given hosts
mkServerPeer = hosts: mkPeer { mkServerPeer = hosts: mkPeer {
inherit (server-cfg) pubkey endpoint; inherit (server-cfg) pubkey endpoint;
ips = map (h: h.ip) hosts; ips = builtins.map (h: h.ip) hosts;
}; };
in in
{ {
options = { options = with lib; {
sane.services.wg-home.enable = mkOption { sane.services.wg-home.enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -51,7 +49,7 @@ in
}; };
}; };
config = mkIf cfg.enable { config = lib.mkIf cfg.enable {
# generate a (deterministic) wireguard private key # generate a (deterministic) wireguard private key
sane.derived-secrets."/run/wg-home.priv" = { sane.derived-secrets."/run/wg-home.priv" = {
len = 32; len = 32;
@ -84,8 +82,8 @@ in
peers = peers =
let let
all-peers = mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name; all-peers = lib.mapAttrsToList (_: hostcfg: hostcfg.wg-home) config.sane.hosts.by-name;
peer-list = filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers; peer-list = builtins.filter (p: p.ip != null && p.ip != cfg.ip && p.pubkey != null) all-peers;
in in
if cfg.routeThroughServo then if cfg.routeThroughServo then
# if acting as a client, then maintain a single peer -- the server -- which does the actual routing # if acting as a client, then maintain a single peer -- the server -- which does the actual routing