From 4ec55bc970a48ef49763b6b4768da3ed95c71e0d Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 8 May 2023 19:33:35 -0700 Subject: modules/wireguard: move the module to the right location --- modules/private-wireguard.nix | 44 +++++++++++++++++++++++++++++++++++++++++++ nix/mkSystem.nix | 2 +- nix/private-wireguard.nix | 44 ------------------------------------------- 3 files changed, 45 insertions(+), 45 deletions(-) create mode 100644 modules/private-wireguard.nix delete mode 100644 nix/private-wireguard.nix diff --git a/modules/private-wireguard.nix b/modules/private-wireguard.nix new file mode 100644 index 0000000..d4ad676 --- /dev/null +++ b/modules/private-wireguard.nix @@ -0,0 +1,44 @@ +{ lib, hostname, config, self, ... }: + +let + inherit (lib) mkEnableOption mkOption mkIf types; + inherit (builtins) readFile fromTOML; + secrets = config.age.secrets; + cfg = config.networking.private-wireguard; + port = 51871; + wgcfg = fromTOML (readFile "${self}/configs/wireguard.toml"); + allPeers = wgcfg.peers; + thisPeer = allPeers."${hostname}" or null; + otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; +in +{ + options.networking.private-wireguard = { + enable = mkEnableOption "Enable private wireguard vpn connection"; + }; + + config = lib.mkIf cfg.enable { + networking = { + wireguard.interfaces.wg0 = { + listenPort = port; + privateKeyFile = secrets."wireguard_privatekey".path; + ips = [ + "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" + ]; + + peers = lib.mapAttrsToList + (name: peer: + { + allowedIPs = [ + "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" + ]; + publicKey = peer.key; + } // lib.optionalAttrs (peer ? externalIp) { + endpoint = "${peer.externalIp}:${toString port}"; + } // lib.optionalAttrs (!(thisPeer ? externalIp)) { + persistentKeepalive = 10; + }) + otherPeers; + }; + }; + }; +} diff --git a/nix/mkSystem.nix b/nix/mkSystem.nix index 1403538..d2e7ebf 100644 --- a/nix/mkSystem.nix +++ b/nix/mkSystem.nix @@ -10,7 +10,7 @@ inputs.nixpkgs.lib.nixosSystem { "${self}/modules" "${self}/hosts/${hostname}" "${self}/modules/homelab" - ./private-wireguard.nix + "${self}/modules/private-wireguard.nix" { networking.hostName = hostname; nixpkgs = { diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix deleted file mode 100644 index 8e5d74c..0000000 --- a/nix/private-wireguard.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ lib, hostname, config, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf types; - inherit (builtins) readFile fromTOML fromJSON; - secrets = config.age.secrets; - cfg = config.networking.private-wireguard; - port = 51871; - wgcfg = fromTOML (readFile ./../configs/wireguard.toml); - allPeers = wgcfg.peers; - thisPeer = allPeers."${hostname}" or null; - otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in -{ - options.networking.private-wireguard = { - enable = mkEnableOption "Enable private wireguard vpn connection"; - }; - - config = lib.mkIf cfg.enable { - networking = { - wireguard.interfaces.wg0 = { - listenPort = port; - privateKeyFile = secrets."wireguard_privatekey".path; - ips = [ - "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" - ]; - - peers = lib.mapAttrsToList - (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) - otherPeers; - }; - }; - }; -} -- cgit 1.4.1