1 { pkgs, lib, config, hostName, ... }:
7 peersAnnouncing.enable = true;
9 publicKey = "XbTEP2X71LBTjmdmySdiOpQJ+uIomcXvg1aiQGUtWBI=";
10 allowedIPs = [ "${ipv4}/32" ];
11 endpoint = "80.67.180.129:${toString listenPort}";
12 endpointReceiving.enable = true;
16 ipv4 = "192.168.42.2";
19 persistentKeepalive = 10;
21 publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0=";
22 allowedIPs = [ "${ipv4}/32" ];
26 ipv4 = "192.168.42.3";
28 #persistentKeepalive = 10;
30 publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA=";
31 allowedIPs = [ "${ipv4}/32" ];
32 #persistentKeepalive = 25;
33 #dynamicEndpointRefreshSeconds = 60;
38 networking.wireguard.interfaces.wg-intra = lib.recursiveUpdate
39 (removeAttrs hosts.${hostName} ["ipv4" "persistentKeepalive" "peer"])
42 lib.mapAttrsToList (peerName: peer: lib.recursiveUpdate
43 { persistentKeepalive = hosts.${hostName}.persistentKeepalive or null; }
45 ) (removeAttrs hosts [hostName]);
47 networking.hosts = lib.mapAttrs' (hostName: host:
48 lib.nameValuePair host.ipv4 [ "${hostName}.wg" ]) hosts;
49 services.fail2ban.ignoreIP = lib.concatMap
50 (host: host.peer.allowedIPs)
51 (lib.attrValues hosts);