{ config, lib, ... }: let listenPort = 1194; domain = "devs.giugl.io"; interface = "wireguard"; # device.address device.hostname generateDeviceStrings = devices: lib.concatStringsSep "\n" (lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices); getDeviceAddress = device: config.architect.networks.${interface}.devices.${device}.address; in { architect = { firewall = { openUDP = lib.singleton listenPort; openUDPVPN = lib.singleton listenPort; }; networks.${interface} = { interface = "wg0"; net = "10.3.0.0/24"; devices = { architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; }; manduria = { address = "10.3.0.5"; hostname = "manduria.${domain}"; }; antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; }; gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; }; shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; }; salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; }; papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; }; defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; }; germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; }; flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; }; tommy = { address = "10.3.0.21"; hostname = "tommy.${domain}"; }; alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; }; dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; }; mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; }; andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; }; mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; }; andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; }; jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; }; frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; }; ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; }; parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; }; nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; }; parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; }; kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; }; framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; }; framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; }; framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; }; framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; }; framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; }; }; }; }; networking = { extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices; wireguard = { interfaces.${config.architect.networks.wireguard.interface} = { inherit listenPort; ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ]; privateKeyFile = "/secrets/wireguard/server.key"; peers = [ { # Manduria allowedIPs = [ (getDeviceAddress "manduria") ]; publicKey = "wT38oXvDQ8g0hI+pAXQobOWf/Wott2zhwo8TLvXK400="; } { # Antonio allowedIPs = [ (getDeviceAddress "antonio") ]; publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc="; } { # GBEAST allowedIPs = [ (getDeviceAddress "gbeast") ]; publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI="; } { # shield allowedIPs = [ (getDeviceAddress "shield") ]; publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs="; } { # salvatore allowedIPs = [ (getDeviceAddress "salvatore") ]; publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs="; } { # papa allowedIPs = [ (getDeviceAddress "papa") ]; publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA="; } { # defy allowedIPs = [ (getDeviceAddress "defy") ]; publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4="; } { # germano allowedIPs = [ (getDeviceAddress "germano") ]; publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw="; } { # flavio allowedIPs = [ (getDeviceAddress "flavio") ]; publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg="; } { # tommy allowedIPs = [ (getDeviceAddress "tommy") ]; publicKey = "tytknU7wql1d0A2provX3RP7CNcEIajfgBJKoSyVLgo="; } { # alain allowedIPs = [ (getDeviceAddress "alain") ]; publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno="; } { # dima allowedIPs = [ (getDeviceAddress "dima") ]; publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0="; } { # mikey allowedIPs = [ (getDeviceAddress "mikey") ]; publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI="; } { # andrew allowedIPs = [ (getDeviceAddress "andrew") ]; publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM="; } { # mikey laptop allowedIPs = [ (getDeviceAddress "mikeylaptop") ]; publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk="; } { # andrew desktop allowedIPs = [ (getDeviceAddress "andrewdesktop") ]; publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI="; } { # laptop desktop allowedIPs = [ (getDeviceAddress "jacopo") ]; publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0="; } { # frznn allowedIPs = [ (getDeviceAddress "frznn") ]; publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o="; } { # ludo allowedIPs = [ (getDeviceAddress "ludo") ]; publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM="; } { # parina allowedIPs = [ (getDeviceAddress "parina") ]; publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA="; } { # nilo allowedIPs = [ (getDeviceAddress "nilo") ]; publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0="; } { # parina ipad allowedIPs = [ (getDeviceAddress "parina-ipad") ]; publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU="; } { # kcl vm allowedIPs = [ (getDeviceAddress "kclvm") ]; publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE="; } { allowedIPs = [ (getDeviceAddress "framecca") ]; publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk="; } { allowedIPs = [ (getDeviceAddress "framecca_one") ]; publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs="; } { allowedIPs = [ (getDeviceAddress "framecca_two") ]; publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM="; } { allowedIPs = [ (getDeviceAddress "framecca_three") ]; publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs="; } { allowedIPs = [ (getDeviceAddress "framecca_four") ]; publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc="; } ]; }; }; }; }