peperunas/nixos
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

architect: Moved wireguard config to new network attribute set

Browse Source
This commit is contained in:
Giulio De Pasquale 2023-05-12 12:32:48 +02:00
parent ce8efa3371
commit 26a07a20e5
1 changed files with 80 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
hosts/architect/wireguard.nix
View File

@ -1,208 +1,228 @@
{ config, lib, ... }: { config, lib, ... }:
with import ./network.nix;
let let
listenPort = 1194; listenPort = 1194;
domain = "devs.giugl.io";
interface = "wireguard";
# device.address device.hostname
generateDeviceStrings = devices: lib.concatStringsSep "\n"
(lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices);
getDeviceAddress = device:
config.architect.networks.${interface}.devices.${device}.address;
in in
{ {
architect.firewall = { architect = {
openUDP = lib.singleton listenPort; firewall = {
openUDPVPN = lib.singleton listenPort; openUDP = lib.singleton listenPort;
openUDPVPN = lib.singleton listenPort;
};
networks.${interface} = {
interface = "wg0";
net = "10.3.0.0/24";
devices = {
architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
manduria = { address = "10.3.0.5"; hostname = "manduria.${domain}"; };
antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
tommy = { address = "10.3.0.21"; hostname = "tommy.${domain}"; };
alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
};
};
}; };
networking = { networking = {
extraHosts = '' extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;
${architect-wg} architect.devs.giugl.io
${manduria-wg} manduria.devs.giugl.io
${antonio-wg} antonio.devs.giugl.io
${gbeast-wg} gbeast.devs.giugl.io
${shield-wg} shield.devs.giugl.io
${salvatore-wg} salvatore.devs.giugl.io
${papa-wg} papa.devs.giugl.io
${defy-wg} defy.devs.giugl.io
${germano-wg} germano.devs.giugl.io
${tommy-wg} tommy.devs.giugl.io
${alain-wg} alain.devs.giugl.io
${dima-wg} dima.devs.giugl.io
${mikey-wg} mikey.devs.giugl.io
${andrew-wg} andrew.devs.giugl.io
${mikeylaptop-wg} mikeylaptop.devs.giugl.io
${frznn-wg} frznn.devs.giugl.io
${ludo-wg} ludo.devs.giugl.io
${parina-wg} parina.devs.giugl.io
${parina-ipad-wg} parinaipad.devs.giugl.io
${nilo-wg} nilo.devs.giugl.io
${kclvm-wg} kclvm.devs.giugl.io
${framecca-wg} framecca.devs.giugl.io
'';
wireguard = { wireguard = {
interfaces.${vpn-if} = { interfaces.${config.architect.networks.wireguard.interface} = {
inherit listenPort; inherit listenPort;
ips = [ "10.3.0.1/24" ]; ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
privateKeyFile = "/secrets/wireguard/server.key"; privateKeyFile = "/secrets/wireguard/server.key";
peers = [ peers = [
{ {
# Manduria # Manduria
allowedIPs = [ manduria-wg ]; allowedIPs = [ (getDeviceAddress "manduria") ];
publicKey = "wT38oXvDQ8g0hI+pAXQobOWf/Wott2zhwo8TLvXK400="; publicKey = "wT38oXvDQ8g0hI+pAXQobOWf/Wott2zhwo8TLvXK400=";
} }
{ {
# Antonio # Antonio
allowedIPs = [ antonio-wg ]; allowedIPs = [ (getDeviceAddress "antonio") ];
publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc="; publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
} }
{ {
# GBEAST # GBEAST
allowedIPs = [ gbeast-wg ]; allowedIPs = [ (getDeviceAddress "gbeast") ];
publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI="; publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
} }
{ {
# shield # shield
allowedIPs = [ shield-wg ]; allowedIPs = [ (getDeviceAddress "shield") ];
publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs="; publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
} }
{ {
# salvatore # salvatore
allowedIPs = [ salvatore-wg ]; allowedIPs = [ (getDeviceAddress "salvatore") ];
publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs="; publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
} }
{ {
# papa # papa
allowedIPs = [ papa-wg ]; allowedIPs = [ (getDeviceAddress "papa") ];
publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA="; publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
} }
{ {
# defy # defy
allowedIPs = [ defy-wg ]; allowedIPs = [ (getDeviceAddress "defy") ];
publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4="; publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
} }
{ {
# germano # germano
allowedIPs = [ germano-wg ]; allowedIPs = [ (getDeviceAddress "germano") ];
publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw="; publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
} }
{ {
# flavio # flavio
allowedIPs = [ flavio-wg ]; allowedIPs = [ (getDeviceAddress "flavio") ];
publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg="; publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
} }
{ {
# tommy # tommy
allowedIPs = [ tommy-wg ]; allowedIPs = [ (getDeviceAddress "tommy") ];
publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo=";
} }
{ {
# alain # alain
allowedIPs = [ alain-wg ]; allowedIPs = [ (getDeviceAddress "alain") ];
publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
} }
{ {
# dima # dima
allowedIPs = [ dima-wg ]; allowedIPs = [ (getDeviceAddress "dima") ];
publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
} }
{ {
# mikey # mikey
allowedIPs = [ mikey-wg ]; allowedIPs = [ (getDeviceAddress "mikey") ];
publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
} }
{ {
# andrew # andrew
allowedIPs = [ andrew-wg ]; allowedIPs = [ (getDeviceAddress "andrew") ];
publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM="; publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
} }
{ {
# mikey laptop # mikey laptop
allowedIPs = [ mikeylaptop-wg ]; allowedIPs = [ (getDeviceAddress "mikeylaptop") ];
publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk="; publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
} }
{ {
# andrew desktop # andrew desktop
allowedIPs = [ andrewdesktop-wg ]; allowedIPs = [ (getDeviceAddress "andrewdesktop") ];
publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI="; publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
} }
{ {
# laptop desktop # laptop desktop
allowedIPs = [ jacopo-wg ]; allowedIPs = [ (getDeviceAddress "jacopo") ];
publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0="; publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
} }
{ {
# frznn # frznn
allowedIPs = [ frznn-wg ]; allowedIPs = [ (getDeviceAddress "frznn") ];
publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o="; publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
} }
{ {
# ludo # ludo
allowedIPs = [ ludo-wg ]; allowedIPs = [ (getDeviceAddress "ludo") ];
publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM="; publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
} }
{ {
# parina # parina
allowedIPs = [ parina-wg ]; allowedIPs = [ (getDeviceAddress "parina") ];
publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA="; publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
} }
{ {
# nilo # nilo
allowedIPs = [ nilo-wg ]; allowedIPs = [ (getDeviceAddress "nilo") ];
publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0="; publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
} }
{ {
# parina ipad # parina ipad
allowedIPs = [ parina-ipad-wg ]; allowedIPs = [ (getDeviceAddress "parina-ipad") ];
publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU="; publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
} }
{ {
# kcl vm # kcl vm
allowedIPs = [ kclvm-wg ]; allowedIPs = [ (getDeviceAddress "kclvm") ];
publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE="; publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
} }
{ {
allowedIPs = [ framecca-wg ]; allowedIPs = [ (getDeviceAddress "framecca") ];
publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk="; publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
} }
{ {
allowedIPs = [ framecca_one-wg ]; allowedIPs = [ (getDeviceAddress "framecca_one") ];
publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs="; publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
} }
{ {
allowedIPs = [ framecca_two-wg ]; allowedIPs = [ (getDeviceAddress "framecca_two") ];
publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM="; publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
} }
{ {
allowedIPs = [ framecca_three-wg ]; allowedIPs = [ (getDeviceAddress "framecca_three") ];
publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs="; publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
} }
{ {
allowedIPs = [ framecca_four-wg ]; allowedIPs = [ (getDeviceAddress "framecca_four") ];
publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc="; publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
} }
]; ];