]> Git — Sourcephile - sourcephile-nix.git/blob - networking/wireguard/wg-intra.nix
losurdo: sourcehut: sync config with module changes
[sourcephile-nix.git] / networking / wireguard / wg-intra.nix
1 { pkgs, lib, config, hostName, ... }:
2 let hosts = {
3 mermet = rec {
4 ipv4 = "192.168.42.1";
5 ips = ["${ipv4}/24"];
6 listenPort = 43642;
7 peersAnnouncing.enable = true;
8 peer = {
9 publicKey = "XbTEP2X71LBTjmdmySdiOpQJ+uIomcXvg1aiQGUtWBI=";
10 allowedIPs = [ "${ipv4}/32" ];
11 endpoint = "80.67.180.129:${toString listenPort}";
12 endpointsUpdater.enable = true;
13 };
14 };
15 losurdo = rec {
16 ipv4 = "192.168.42.2";
17 ips = ["${ipv4}/24"];
18 listenPort = 43643;
19 persistentKeepalive = 10;
20 peer = {
21 publicKey = "xsFFep3k8z0pXgUOz4aryOF8l/KPBSOd4WQA26BkXy0=";
22 allowedIPs = [ "${ipv4}/32" ];
23 };
24 };
25 oignon = rec {
26 ipv4 = "192.168.42.3";
27 ips = ["${ipv4}/24"];
28 #persistentKeepalive = 10;
29 peer = {
30 publicKey = "tE4fzqDrr7BgfOo9tWgGnpu3v0JRDEUZbJnm9e2F/GA=";
31 allowedIPs = [ "${ipv4}/32" ];
32 #persistentKeepalive = 25;
33 #dynamicEndpointRefreshSeconds = 60;
34 };
35 };
36 patate = rec {
37 ipv4 = "192.168.42.4";
38 ips = ["${ipv4}/24"];
39 #persistentKeepalive = 10;
40 peer = {
41 publicKey = "gaEz7nvJTk4h3DGOpeZXSWmYDDrc5xQkuJ28sGrksx4=";
42 allowedIPs = [ "${ipv4}/32" ];
43 #persistentKeepalive = 25;
44 #dynamicEndpointRefreshSeconds = 60;
45 };
46 };
47 }; in
48 {
49 networking.wireguard.interfaces.wg-intra = lib.recursiveUpdate
50 (removeAttrs hosts.${hostName} ["ipv4" "persistentKeepalive" "peer"])
51 {
52 peers =
53 lib.mapAttrsToList (peerName: peer: lib.recursiveUpdate
54 { persistentKeepalive = hosts.${hostName}.persistentKeepalive or null; }
55 peer.peer
56 ) (removeAttrs hosts [hostName]);
57 };
58 networking.hosts = lib.mapAttrs' (hostName: host:
59 lib.nameValuePair host.ipv4 [ "${hostName}.wg" ]) hosts;
60 services.fail2ban.ignoreIP = lib.concatMap
61 (host: host.peer.allowedIPs)
62 (lib.attrValues hosts);
63 }