wireguard & other stuff

2025-05-26 22:13:03 +02:00 · 2025-05-26 22:13:03 +02:00 · 16f491a6ca
commit 16f491a6ca
parent c45f9f7f46
12 changed files with 174 additions and 103 deletions
--- a/var/ssh-keys.nix
+++ b/var/ssh-keys.nix
@ -1,4 +1,4 @@
-rec {
+_: rec {
  # this is only used for forcing password entry on colmena apply
  priviliged-by-host = {
    "solo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsl8pLaGeCL3kacGWf8pzoLQr501ga/2OzvI2wWbTZJ";
--- a/var/wg.nix
+++ b/var/wg.nix
@ -0,0 +1,29 @@
+{ lib, ... }:
+rec {
+  publicKey = {
+    "roam" = "yUbdRfRFFVe4FPUaD7pVByLRhpF9Yl1kethxRUHpVgs=";
+    "solo" = "SRDguh0aN/RH8q/uB09w/OZTbP9JZZy0ABowbWIfkTk=";
+  };
+  wireguard-network = {
+    "roam" = {
+      publicKey = publicKey."roam";
+      ips = [ "10.10.11.1/24" ];
+      allowedIPs = [ "10.10.11.0/24" ];
+      endpoint = "185.163.117.158:51820";
+      persistentKeepalive = 17;
+    };
+    "solo" = {
+      publicKey = publicKey."solo";
+      ips = [ "10.10.11.2/24" ];
+      allowedIPs = [ "10.10.11.2/32" ];
+    };
+  };
+  keyFile = "/var/secrets/wg.key";
+
+  peers-for =
+    host:
+    map (lib.filterAttrs (n: _: n != "ips")) (
+      lib.attrValues (lib.filterAttrs (n: _: n != host) wireguard-network)
+    );
+
+}
--- a/var/wireguard-network.nix
+++ b/var/wireguard-network.nix
@ -1,12 +0,0 @@
-rec {
-  peers = {
-    "roam" = {
-      publicKey = "yUbdRfRFFVe4FPUaD7pVByLRhpF9Yl1kethxRUHpVgs=";
-    };
-    "solo" = {
-      publicKey = "SRDguh0aN/RH8q/uB09w/OZTbP9JZZy0ABowbWIfkTk=";
-    };
-  };
-
-  peersFor = host: { }; # TODO: return peers.
-}