CaZzzer/nix-conf
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: router: wireguard: slighly more successful conversion of peers to attrset

Browse Source
This commit is contained in:
Yuri Tatishchev 2025-05-22 00:41:03 -07:00
parent 38ece9125b
commit 378d3a53b3
Signed by: CaZzzer
SSH Key Fingerprint: SHA256:sqXB3fe0LMpfH+IeM/vlmxKdso52kssrIJBlwKXVe1U
1 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/router/wireguard.nix
View File

@ -16,18 +16,19 @@ let
"AsusS513" = { "AsusS513" = {
allowedIPs = [ "10.6.0.100/32" ]; allowedIPs = [ "10.6.0.100/32" ];
publicKey = "XozJ7dHdJfkLORkCVxaB1VmvHEOAA285kRZcmzfPl38="; publicKey = "XozJ7dHdJfkLORkCVxaB1VmvHEOAA285kRZcmzfPl38=";
pskEnabled = true; pskEnabled = false;
}; };
}; };
peerSecretName = name: "wg0-peer-${name}-psk";
in in
{ {
secrix.services.systemd-networkd.secrets = let secrix.services.systemd-networkd.secrets = let
peerSecretName = name: "wg0-peer-${name}-psk"; pskPeers = lib.attrsets.filterAttrs (name: peer: peer.pskEnabled) wg0Peers;
mapPeer = name: peer: { mapPeer = name: peer: {
name = peerSecretName name; name = peerSecretName name;
value = if peer.pskEnabled then {encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;} else null; value.encrypted.file = ./secrets/wireguard/${peerSecretName name}.age;
}; };
peerSecrets = lib.attrsets.mapAttrs' mapPeer wg0Peers; peerSecrets = lib.attrsets.mapAttrs' mapPeer pskPeers;
in in
{ {
wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age; wg0-private-key.encrypted.file = ./secrets/wireguard/wg0-private-key.age;
@ -46,11 +47,14 @@ in
PrivateKeyFile = secrets.wg0-private-key.decrypted.path; PrivateKeyFile = secrets.wg0-private-key.decrypted.path;
ListenPort = 18596; ListenPort = 18596;
}; };
wireguardPeers = lib.attrsets.foldlAttrs (name: peer: acc: acc ++ [{ wireguardPeers = let
AllowedIPs = lib.strings.concatStringsSep "," peer.allowedIPs; secrets = config.secrix.services.systemd-networkd.secrets;
PublicKey = peer.publicKey; in
PresharedKeyFile = if peer.pskEnabled then secrets."wg0-peer-${name}-psk".decrypted.path else null; map (peer: {
}]) [] wg0Peers; AllowedIPs = lib.strings.concatStringsSep "," peer.value.allowedIPs;
PublicKey = peer.value.publicKey;
PresharedKeyFile = if peer.value.pskEnabled then secrets."${peerSecretName peer.name}".decrypted.path else null;
}) (lib.attrsToList wg0Peers);
}; };
}; };