patate: fix errors from copying from oignon
[julm/julm-nix.git] / hosts / oignon / wireguard.nix
index ee5ceb2c21fce21627d3041da33f6937cf1cb41b..97bdb5cb1a5ad411455daf199772009d83f4331a 100644 (file)
@@ -1,32 +1,29 @@
 { pkgs, lib, config, hostName, private, ... }:
-let
-  inherit (config.services) wireguard;
-  domain = "sourcephile.fr";
-  iface = "wg-intra";
-  peer = {
-    publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA=";
-    allowedIPs = [ "192.168.42.3/32" ];
-  };
-in
 {
+networking.wireguard.wg-intra.peers.mermet.enable = true;
+networking.wireguard.wg-intra.peers.losurdo.enable = true;
+networking.hosts."192.168.42.2" = [
+  "sourcephile.wg"
+  "builds.sourcephile.wg"
+  "dispatch.sourcephile.wg"
+  "git.sourcephile.wg"
+  "hg.sourcephile.wg"
+  "hub.sourcephile.wg"
+  "lists.sourcephile.wg"
+  "man.sourcephile.wg"
+  "meta.sourcephile.wg"
+  "pages.sourcephile.wg"
+  "paste.sourcephile.wg"
+  "todo.sourcephile.wg"
+];
+/*
+systemd.services =
+  {
+    openssh = {
+      after = ["wireguard-${iface}.service"];
+      serviceConfig.Restart = "on-failure";
+    };
+  };
 services.openssh.listenAddresses = map (ip: {addr=lib.removeSuffix "/32" ip;}) peer.allowedIPs;
-networking.firewall.extraCommands = ''
-  ip46tables -A nixos-fw -i ${iface} -p tcp -m tcp --dport 22 -j ACCEPT
-'';
-networking.hosts = builtins.listToAttrs (lib.concatMap (peer:
-  let host = lib.removeSuffix ".${domain}:43642" peer.endpoint + ".wg"; in
-  map (ip: lib.nameValuePair (lib.removeSuffix "/32" ip) [host]) peer.allowedIPs
-  ) config.networking.wireguard.interfaces.${iface}.peers);
-networking.wireguard.interfaces.${iface} = {
-  ips = peer.allowedIPs;
-  privateKeyFile = "${private}/${hostName}/wireguard/${iface}/privateKey";
-  peers = [
-    {
-      publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0=";
-      endpoint = "losurdo.${domain}:43642";
-      allowedIPs = [ "192.168.42.2/32" ];
-      persistentKeepalive = 25;
-    }
-  ];
-};
+*/
 }