{ pkgs, lib, config, hostName, private, ... }:
-let
- inherit (config.services) wireguard;
- domain = "sourcephile.fr";
- iface = "wg-intra";
- peer = {
- publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA=";
- allowedIPs = [ "192.168.42.3/32" ];
- };
-in
{
+networking.wireguard.wg-intra.peers.mermet.enable = true;
+networking.wireguard.wg-intra.peers.losurdo.enable = true;
+networking.hosts."192.168.42.2" = [
+ "sourcephile.wg"
+ "builds.sourcephile.wg"
+ "dispatch.sourcephile.wg"
+ "git.sourcephile.wg"
+ "hg.sourcephile.wg"
+ "hub.sourcephile.wg"
+ "lists.sourcephile.wg"
+ "man.sourcephile.wg"
+ "meta.sourcephile.wg"
+ "pages.sourcephile.wg"
+ "paste.sourcephile.wg"
+ "todo.sourcephile.wg"
+];
+/*
+systemd.services =
+ {
+ openssh = {
+ after = ["wireguard-${iface}.service"];
+ serviceConfig.Restart = "on-failure";
+ };
+ };
services.openssh.listenAddresses = map (ip: {addr=lib.removeSuffix "/32" ip;}) peer.allowedIPs;
-networking.firewall.extraCommands = ''
- ip46tables -A nixos-fw -i ${iface} -p tcp -m tcp --dport 22 -j ACCEPT
-'';
-networking.hosts = builtins.listToAttrs (lib.concatMap (peer:
- let host = lib.removeSuffix ".${domain}:43642" peer.endpoint + ".wg"; in
- map (ip: lib.nameValuePair (lib.removeSuffix "/32" ip) [host]) peer.allowedIPs
- ) config.networking.wireguard.interfaces.${iface}.peers);
-networking.wireguard.interfaces.${iface} = {
- ips = peer.allowedIPs;
- privateKeyFile = "${private}/${hostName}/wireguard/${iface}/privateKey";
- peers = [
- {
- publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0=";
- endpoint = "losurdo.${domain}:43642";
- allowedIPs = [ "192.168.42.2/32" ];
- persistentKeepalive = 25;
- }
- ];
-};
+*/
}