]> Git — Sourcephile - sourcephile-nix.git/blob - networking/wireguard/wg-intra.nix
sourcehut: WIP
[sourcephile-nix.git] / networking / wireguard / wg-intra.nix
1 { pkgs, lib, config, hostName, ... }:
2 let hosts = import wg-intra/hosts.nix; in
3 {
4 networking.wireguard.interfaces.wg-intra = lib.recursiveUpdate
5 (removeAttrs hosts.${hostName} ["ipv4" "persistentKeepalive" "peer"])
6 {
7 peers =
8 lib.mapAttrsToList (peerName: peer: lib.recursiveUpdate
9 { persistentKeepalive = hosts.${hostName}.persistentKeepalive or null; }
10 peer.peer
11 ) (removeAttrs hosts [hostName]);
12 };
13 networking.hosts = lib.mkMerge [
14 (lib.mapAttrs' (hostName: host:
15 lib.nameValuePair host.ipv4 [ "${hostName}.wg" ]) hosts)
16 { "${hosts.losurdo.ipv4}" = [
17 "nix-extracache.losurdo.wg"
18 "nix-localcache.losurdo.wg"
19 ]; }
20 ];
21 services.fail2ban.ignoreIP = lib.concatMap
22 (host: host.peer.allowedIPs)
23 (lib.attrValues hosts);
24 }