From 1c0871f54eec30d9d1e79e6ac3ff5a909fe8c1be Mon Sep 17 00:00:00 2001
From: Yuri Tatishchev <itatishch@gmail.com>
Date: Thu, 22 May 2025 00:21:58 -0700
Subject: [PATCH] WIP: router: wireguard: attempt to convert wg0Peers from list
 to attrset (gone not well)

---
 hosts/router/wireguard.nix | 43 +++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 22 deletions(-)

diff --git a/hosts/router/wireguard.nix b/hosts/router/wireguard.nix
index ee1d3c4..986b36f 100644
--- a/hosts/router/wireguard.nix
+++ b/hosts/router/wireguard.nix
@@ -2,56 +2,55 @@
 let
   vars = import ./vars.nix;
 
-  wg0Peers = [
-    {
-      name = "Yura-TPX13";
+  wg0Peers = {
+    "Yura-TPX13" = {
       allowedIPs = [ "10.6.0.3/32" "${vars.extra.opnsense.p6}::6:3:0/112" ];
       publicKey = "iJa5JmJbMHNlbEluNwoB2Q8LyrPAfb7S/mluanMcI08=";
       pskEnabled = true;
-    }
-    {
-      name = "Yura-Pixel7Pro";
+    };
+    "Yura-Pixel7Pro" = {
       allowedIPs = [ "10.6.0.4/32" "${vars.extra.opnsense.p6}::6:4:0/112" ];
       publicKey = "UjZlsukmAsX60Z5FnZwKCSu141Gjj74+hBVT3TRhwT4=";
       pskEnabled = true;
-    }
-    {
-      name = "AsusS513";
+    };
+    "AsusS513" = {
       allowedIPs = [ "10.6.0.100/32" ];
       publicKey = "XozJ7dHdJfkLORkCVxaB1VmvHEOAA285kRZcmzfPl38=";
       pskEnabled = true;
-    }
-  ];
+    };
+  };
 in
 {
   secrix.services.systemd-networkd.secrets = let
-    pskEnabledPeers = builtins.filter (peer: peer.pskEnabled) wg0Peers;
-    peerToSecretAttrs = peer: {
-      name = "wg0-peer-${peer.name}-psk";
-      value.encrypted.file = ./secrets/wireguard/wg0-peer-${peer.name}-psk.age;
+    peerSecretName = name: "wg0-peer-${name}-psk";
+    mapPeer = name: peer: {
+      name = peerSecretName name;
+      value = if peer.pskEnabled then {encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;} else null;
     };
-    peerSecretsList = map peerToSecretAttrs pskEnabledPeers;
-    peerSecrets = builtins.listToAttrs peerSecretsList;
+    peerSecrets = lib.attrsets.mapAttrs' mapPeer wg0Peers;
   in
   {
     wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
   } // peerSecrets;
 
-  systemd.network.netdevs = {
+  systemd.network.netdevs = let
+    secrets = config.secrix.services.systemd-networkd.secrets;
+  in
+  {
     "10-wg0" = {
       netdevConfig = {
         Kind = "wireguard";
         Name = "wg0";
       };
       wireguardConfig = {
-        PrivateKeyFile = config.secrix.services.systemd-networkd.secrets.wg0-private-key.decrypted.path;
+        PrivateKeyFile = secrets.wg0-private-key.decrypted.path;
         ListenPort = 18596;
       };
-      wireguardPeers = map (peer: {
+      wireguardPeers = lib.attrsets.foldlAttrs (name: peer: acc: acc ++ [{
         AllowedIPs = lib.strings.concatStringsSep "," peer.allowedIPs;
         PublicKey = peer.publicKey;
-        PresharedKeyFile = if peer.pskEnabled then config.secrix.services.systemd-networkd.secrets."wg0-peer-${peer.name}-psk".decrypted.path else null;
-      }) wg0Peers;
+        PresharedKeyFile = if peer.pskEnabled then secrets."wg0-peer-${name}-psk".decrypted.path else null;
+      }]) [] wg0Peers;
     };
   };
 }