31 lines
1,010 B
Nix
31 lines
1,010 B
Nix
{ lib }: rec {
|
|
|
|
mapHostToPeerConfig = (netname: host: hostconf: {
|
|
|
|
# Generate the preshared key with wg genpsk
|
|
presharedKeyFile = "/secrets/wireguard/preshared/${netname}-${host}";
|
|
publicKey = hostconf.publicKey;
|
|
|
|
endpoint = hostconf.endpoint;
|
|
|
|
allowedIPs = [ hostconf.v4.ip ];
|
|
persistentKeepalive = hostconf.persistentKeepalive;
|
|
});
|
|
|
|
makeInterface = (hostName: netname: netconfig:
|
|
let isHub = netconfig.server.hostname == hostName;
|
|
in {
|
|
ips = [
|
|
"${netconfig.hosts.${hostName}.v4.ip}/${toString netconfig.v4.bitmask}"
|
|
];
|
|
listenPort = if isHub then netconfig.server.port else null;
|
|
privateKeyFile = "/secrets/wireguard/private/${netname}";
|
|
generatePrivateKeyFile = true;
|
|
|
|
peers = let
|
|
reachablePeerHosts = lib.filterAttrs (host: hostconf:
|
|
host != hostName && (hostconf.endpoint != null || isHub))
|
|
netconfig.hosts;
|
|
in lib.mapAttrsToList (mapHostToPeerConfig netname) reachablePeerHosts;
|
|
});
|
|
}
|