diff --git a/hosts/architect/wireguard.nix b/hosts/architect/wireguard.nix index 9614a64..6a317ce 100644 --- a/hosts/architect/wireguard.nix +++ b/hosts/architect/wireguard.nix @@ -1,208 +1,228 @@ { config, lib, ... }: -with import ./network.nix; - let listenPort = 1194; + domain = "devs.giugl.io"; + interface = "wireguard"; + # device.address device.hostname + generateDeviceStrings = devices: lib.concatStringsSep "\n" + (lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices); + getDeviceAddress = device: + config.architect.networks.${interface}.devices.${device}.address; in { - architect.firewall = { - openUDP = lib.singleton listenPort; - openUDPVPN = lib.singleton listenPort; + architect = { + firewall = { + openUDP = lib.singleton listenPort; + openUDPVPN = lib.singleton listenPort; + }; + + networks.${interface} = { + interface = "wg0"; + net = "10.3.0.0/24"; + devices = { + architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; }; + manduria = { address = "10.3.0.5"; hostname = "manduria.${domain}"; }; + antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; }; + gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; }; + shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; }; + salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; }; + papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; }; + defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; }; + germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; }; + flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; }; + tommy = { address = "10.3.0.21"; hostname = "tommy.${domain}"; }; + alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; }; + dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; }; + mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; }; + andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; }; + mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; }; + andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; }; + jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; }; + frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; }; + ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; }; + parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; }; + nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; }; + parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; }; + kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; }; + framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; }; + framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; }; + framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; }; + framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; }; + framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; }; + }; + }; }; networking = { - extraHosts = '' - ${architect-wg} architect.devs.giugl.io - ${manduria-wg} manduria.devs.giugl.io - ${antonio-wg} antonio.devs.giugl.io - ${gbeast-wg} gbeast.devs.giugl.io - ${shield-wg} shield.devs.giugl.io - ${salvatore-wg} salvatore.devs.giugl.io - ${papa-wg} papa.devs.giugl.io - ${defy-wg} defy.devs.giugl.io - ${germano-wg} germano.devs.giugl.io - ${tommy-wg} tommy.devs.giugl.io - ${alain-wg} alain.devs.giugl.io - ${dima-wg} dima.devs.giugl.io - ${mikey-wg} mikey.devs.giugl.io - ${andrew-wg} andrew.devs.giugl.io - ${mikeylaptop-wg} mikeylaptop.devs.giugl.io - ${frznn-wg} frznn.devs.giugl.io - ${ludo-wg} ludo.devs.giugl.io - ${parina-wg} parina.devs.giugl.io - ${parina-ipad-wg} parinaipad.devs.giugl.io - ${nilo-wg} nilo.devs.giugl.io - ${kclvm-wg} kclvm.devs.giugl.io - ${framecca-wg} framecca.devs.giugl.io - ''; + extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices; wireguard = { - interfaces.${vpn-if} = { + interfaces.${config.architect.networks.wireguard.interface} = { inherit listenPort; - ips = [ "10.3.0.1/24" ]; + ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ]; privateKeyFile = "/secrets/wireguard/server.key"; peers = [ { # Manduria - allowedIPs = [ manduria-wg ]; + allowedIPs = [ (getDeviceAddress "manduria") ]; publicKey = "wT38oXvDQ8g0hI+pAXQobOWf/Wott2zhwo8TLvXK400="; } { # Antonio - allowedIPs = [ antonio-wg ]; + allowedIPs = [ (getDeviceAddress "antonio") ]; publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc="; } { # GBEAST - allowedIPs = [ gbeast-wg ]; + allowedIPs = [ (getDeviceAddress "gbeast") ]; publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI="; } { # shield - allowedIPs = [ shield-wg ]; + allowedIPs = [ (getDeviceAddress "shield") ]; publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs="; } { # salvatore - allowedIPs = [ salvatore-wg ]; + allowedIPs = [ (getDeviceAddress "salvatore") ]; publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs="; } { # papa - allowedIPs = [ papa-wg ]; + allowedIPs = [ (getDeviceAddress "papa") ]; publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA="; } { # defy - allowedIPs = [ defy-wg ]; + allowedIPs = [ (getDeviceAddress "defy") ]; publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4="; } { # germano - allowedIPs = [ germano-wg ]; + allowedIPs = [ (getDeviceAddress "germano") ]; publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw="; } { # flavio - allowedIPs = [ flavio-wg ]; + allowedIPs = [ (getDeviceAddress "flavio") ]; publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg="; } { # tommy - allowedIPs = [ tommy-wg ]; + allowedIPs = [ (getDeviceAddress "tommy") ]; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; } { # alain - allowedIPs = [ alain-wg ]; + allowedIPs = [ (getDeviceAddress "alain") ]; publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; } { # dima - allowedIPs = [ dima-wg ]; + allowedIPs = [ (getDeviceAddress "dima") ]; publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; } { # mikey - allowedIPs = [ mikey-wg ]; + allowedIPs = [ (getDeviceAddress "mikey") ]; publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; } { # andrew - allowedIPs = [ andrew-wg ]; + allowedIPs = [ (getDeviceAddress "andrew") ]; publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM="; } { # mikey laptop - allowedIPs = [ mikeylaptop-wg ]; + allowedIPs = [ (getDeviceAddress "mikeylaptop") ]; publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk="; } { # andrew desktop - allowedIPs = [ andrewdesktop-wg ]; + allowedIPs = [ (getDeviceAddress "andrewdesktop") ]; publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI="; } { # laptop desktop - allowedIPs = [ jacopo-wg ]; + allowedIPs = [ (getDeviceAddress "jacopo") ]; publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0="; } { # frznn - allowedIPs = [ frznn-wg ]; + allowedIPs = [ (getDeviceAddress "frznn") ]; publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o="; } { # ludo - allowedIPs = [ ludo-wg ]; + allowedIPs = [ (getDeviceAddress "ludo") ]; publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM="; } { # parina - allowedIPs = [ parina-wg ]; + allowedIPs = [ (getDeviceAddress "parina") ]; publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA="; } { # nilo - allowedIPs = [ nilo-wg ]; + allowedIPs = [ (getDeviceAddress "nilo") ]; publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0="; } { # parina ipad - allowedIPs = [ parina-ipad-wg ]; + allowedIPs = [ (getDeviceAddress "parina-ipad") ]; publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU="; } { # kcl vm - allowedIPs = [ kclvm-wg ]; + allowedIPs = [ (getDeviceAddress "kclvm") ]; publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE="; } { - allowedIPs = [ framecca-wg ]; + allowedIPs = [ (getDeviceAddress "framecca") ]; publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk="; } { - allowedIPs = [ framecca_one-wg ]; + allowedIPs = [ (getDeviceAddress "framecca_one") ]; publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs="; } - + { - allowedIPs = [ framecca_two-wg ]; + allowedIPs = [ (getDeviceAddress "framecca_two") ]; publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM="; } { - allowedIPs = [ framecca_three-wg ]; + allowedIPs = [ (getDeviceAddress "framecca_three") ]; publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs="; } { - allowedIPs = [ framecca_four-wg ]; + allowedIPs = [ (getDeviceAddress "framecca_four") ]; publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc="; } ];