System Gen36 @ 2025-05-13-22:51:15 by jonas@monolith

2025-05-13 22:51:15 +02:00
parent 1049e826ba
commit 532af9900f
6 changed files with 72 additions and 15 deletions
--- a/modules/networking/wireguard/client.nix
+++ b/modules/networking/wireguard/client.nix
@@ -4,7 +4,7 @@
  ...
 }: let
  cfg = config.hive.wg.client;
-  peers = import ./peers.nix {};
+  peers = import ./peers.nix {inherit lib;};
 in {
  options.hive.wg.client = {
    enable = lib.mkEnableOption "Enable WireGuard client";
@@ -13,6 +13,11 @@ in {
      default = false;
      description = "Automatically connect to the WireGuard server with systemd";
    };
+    peer = lib.mkOption {
+      type = lib.types.singleLineStr;
+      example = "comfy-station";
+      description = "The name of the peer defined in peers.nix to incarnate";
+    };
    privateKeyFile = lib.mkOption {
      type = lib.types.path;
      description = "Path to the private key file for the WireGuard client";
@@ -21,12 +26,10 @@ in {

  config = lib.mkIf cfg.enable {
    networking.wg-quick.interfaces.wg0 = {
-      inherit (peers.jonas) address;
+      address = peers.clientAddress cfg.peer;
      inherit (cfg) privateKeyFile;
      autostart = cfg.autoConnect;
-      peers = [
-        peers.harbor
-      ];
+      peers = peers.forClient cfg.peer;
    };
  };
 }
--- a/modules/networking/wireguard/peers.nix
+++ b/modules/networking/wireguard/peers.nix
@@ -1,4 +1,4 @@
-{}: {
+{lib, ...}: rec {
  harbor = {
    publicKey = "se1SYdSuu+e8FLqHJO0Fk+kWV3WlrVj9qeCPOhAqsmA=";

@@ -12,9 +12,29 @@
    persistentKeepalive = 25;
  };

-  jonas = {
-    publicKey = "OsP5tyyYq2B9K8kcDJRLMVE/XuFk57aEhzhQcJc+e3M=";
-    address = ["10.10.10.2/24"];
-    allowedIPs = ["10.10.10.2/32"];
+  clients = {
+    comfy-station = {
+      publicKey = "OsP5tyyYq2B9K8kcDJRLMVE/XuFk57aEhzhQcJc+e3M=";
+      address = ["10.10.10.2/24"];
+      allowedIPs = ["10.10.10.2/32"];
+    };
+
+    monolith = {
+      publicKey = "r60a6TyR2jV6ePvZgtznd3H4hQPE3sjznoiE8vx3+iI=";
+      address = ["10.10.10.3/24"];
+      allowedIPs = ["10.10.10.3/32"];
+    };
  };
+
+  forServer =
+    builtins.mapAttrs (_: v: {
+      inherit (v) publicKey allowedIPs;
+    })
+    clients;
+  forClient = c:
+    (lib.mapAttrsToList (_: v: {
+      inherit (v) publicKey allowedIPs;
+    }) (builtins.removeAttrs clients [c]))
+    ++ [harbor];
+  clientAddress = c: clients.${c}.address;
 }
--- a/modules/networking/wireguard/server.nix
+++ b/modules/networking/wireguard/server.nix
@@ -30,11 +30,7 @@ in {

      inherit (cfg) privateKeyFile;

-      peers = [
-        {
-          inherit (peers.jonas) publicKey allowedIPs;
-        }
-      ];
+      peers = peers.forServer;
    };
  };
 }