nixos/hosts/architect/wireguard.nix

{ config, lib, ... }:

let
  listenPort = 1194;
  domain = "devs.giugl.io";
  interface = "wireguard";
  # device.address device.hostname
  generateDeviceStrings = devices: lib.concatStringsSep "\n"
    (lib.mapAttrsToList (name: device: "${device.address} ${device.hostname}") devices);
  getDeviceAddress = device:
    config.architect.networks.${interface}.devices.${device}.address;
in
{
  architect = {
    firewall = {
      openUDP = lib.singleton listenPort;
      openUDPVPN = lib.singleton listenPort;
    };

    networks.${interface} = {
      interface = "wg0";
      net = "10.3.0.0/24";
      devices = {
        architect = { address = "10.3.0.1"; hostname = "architect.${domain}"; };
        antonio = { address = "10.3.0.6"; hostname = "antonio.${domain}"; };
        gbeast = { address = "10.3.0.7"; hostname = "gbeast.${domain}"; };
        shield = { address = "10.3.0.12"; hostname = "shield.${domain}"; };
        salvatore = { address = "10.3.0.16"; hostname = "salvatore.${domain}"; };
        papa = { address = "10.3.0.17"; hostname = "papa.${domain}"; };
        defy = { address = "10.3.0.18"; hostname = "defy.${domain}"; };
        germano = { address = "10.3.0.19"; hostname = "germano.${domain}"; };
        flavio = { address = "10.3.0.20"; hostname = "flavio.${domain}"; };
        alain = { address = "10.3.0.22"; hostname = "alain.${domain}"; };
        dima = { address = "10.3.0.23"; hostname = "dima.${domain}"; };
        mikey = { address = "10.3.0.24"; hostname = "mikey.${domain}"; };
        andrew = { address = "10.3.0.25"; hostname = "andrew.${domain}"; };
        mikeylaptop = { address = "10.3.0.26"; hostname = "mikeylaptop.${domain}"; };
        andrewdesktop = { address = "10.3.0.27"; hostname = "andrewdesktop.${domain}"; };
        jacopo = { address = "10.3.0.28"; hostname = "jacopo.${domain}"; };
        frznn = { address = "10.3.0.29"; hostname = "frznn.${domain}"; };
        ludo = { address = "10.3.0.30"; hostname = "ludo.${domain}"; };
        parina = { address = "10.3.0.31"; hostname = "parina.${domain}"; };
        nilo = { address = "10.3.0.32"; hostname = "nilo.${domain}"; };
        parina-ipad = { address = "10.3.0.33"; hostname = "parina-ipad.${domain}"; };
        kclvm = { address = "10.3.0.34"; hostname = "kclvm.${domain}"; };
        framecca = { address = "10.3.0.35"; hostname = "framecca.${domain}"; };
        framecca_one = { address = "10.3.0.36"; hostname = "framecca_one.${domain}"; };
        framecca_two = { address = "10.3.0.37"; hostname = "framecca_two.${domain}"; };
        framecca_three = { address = "10.3.0.38"; hostname = "framecca_three.${domain}"; };
        framecca_four = { address = "10.3.0.39"; hostname = "framecca_four.${domain}"; };
      };
    };
  };

  networking = {
    extraHosts = generateDeviceStrings config.architect.networks.wireguard.devices;

    wireguard = {
      interfaces.${config.architect.networks.wireguard.interface} = {
        inherit listenPort;

        ips = [ "${config.architect.networks.wireguard.devices.architect.address}/24" ];
        privateKeyFile = "/secrets/wireguard/server.key";

        peers = [
          {
            # Antonio
            allowedIPs = [ (getDeviceAddress "antonio") ];
            publicKey = "SPndCvEzuLHtGAQV8u/4dfLlFHoPcXS3L98oFOwTljc=";
          }

          {
            # GBEAST
            allowedIPs = [ (getDeviceAddress "gbeast") ];
            publicKey = "XiK+wk+DErz0RmCWRxuaJN1cvdj+3DoiU6tcR+uZfAI=";
          }

          {
            # shield
            allowedIPs = [ (getDeviceAddress "shield") ];
            publicKey = "1GaV/M48sHqQTrBVRQ+jrFU2pUMmv2xkguncVcwPCFs=";
          }

          {
            # salvatore
            allowedIPs = [ (getDeviceAddress "salvatore") ];
            publicKey = "fhlnBHeMyHZKLUCTSA9kmkKoM5x/qzz/rnCJrUh3Gzs=";
          }

          {
            # papa
            allowedIPs = [ (getDeviceAddress "papa") ];
            publicKey = "oGHygt02Oni3IFbScKD0NVEfHKCp6bpw68aq5g4RrAA=";
          }

          {
            # defy
            allowedIPs = [ (getDeviceAddress "defy") ];
            publicKey = "Cvi/eto7E6Ef+aiL81ou7x12fJCeuXrf/go9fxEqXG4=";
          }

          {
            # germano
            allowedIPs = [ (getDeviceAddress "germano") ];
            publicKey = "LJ0DHY1sFVLQb3ngUGGH0HxbDOPb9KCUPSaYcjr5Uiw=";
          }

          {
            # flavio
            allowedIPs = [ (getDeviceAddress "flavio") ];
            publicKey = "Yg0P+yHi/9SZHyoel8jT9fmmu+irLYmT8yMp/CZoaSg=";
          }

          {
            # alain
            allowedIPs = [ (getDeviceAddress "alain") ];
            publicKey = "/o2msFJoUL4yovcIQJTU8c1faFtekrjSBBWJABouWno=";
          }

          {
            # dima
            allowedIPs = [ (getDeviceAddress "dima") ];
            publicKey = "svzWYIZ6v+cLCp/emGG7mx2YpBJqw2fqjVuHZy7b6H0=";
          }

          {
            # mikey
            allowedIPs = [ (getDeviceAddress "mikey") ];
            publicKey = "ewbDdX3z7nxG2aPIf9TogXkhxPlGipLFcy6XfyDC6gI=";
          }

          {
            # andrew
            allowedIPs = [ (getDeviceAddress "andrew") ];
            publicKey = "LP/FgST9fmBQSoKQFq9sFGvjRFOtRooMcuEcjuqaoWM=";
          }

          {
            # mikey laptop
            allowedIPs = [ (getDeviceAddress "mikeylaptop") ];
            publicKey = "kz/pY/PgV+dwF1JZ2It4r5B5QfRSQM7HkbFCdvd5Yxk=";
          }

          {
            # andrew desktop
            allowedIPs = [ (getDeviceAddress "andrewdesktop") ];
            publicKey = "rpYr3JNLIzxpxzFuQuaHFEl/XvPEPfwLbDETBP8KYXI=";
          }

          {
            # laptop desktop
            allowedIPs = [ (getDeviceAddress "jacopo") ];
            publicKey = "W/taWI79bPIKOolVVu5xZfiJnPw9K91Xn1zhcM0+4g0=";
          }

          {
            # frznn
            allowedIPs = [ (getDeviceAddress "frznn") ];
            publicKey = "dXcrdME6VnnE5PBYwvUmayf7cn2wpcExeCR9gIXOO0o=";
          }

          {
            # ludo
            allowedIPs = [ (getDeviceAddress "ludo") ];
            publicKey = "ecrxdzx7tQZwMPxZOjHUvxZT2xY79B6XEDIW+fhEtEM=";
          }

          {
            # parina
            allowedIPs = [ (getDeviceAddress "parina") ];
            publicKey = "7nubNnfGsg4/7KemMDn9r99mNK8RFU9uOFFqaYv6rUA=";
          }

          {
            # nilo
            allowedIPs = [ (getDeviceAddress "nilo") ];
            publicKey = "lhTEDJ9WnizvEHTd5kN21fTHF27HNk+fPLQnB1B3LW0=";
          }

          {
            # parina ipad
            allowedIPs = [ (getDeviceAddress "parina-ipad") ];
            publicKey = "ezkCzl2qC7Hd7rFKfqMa0JXDKRhVqy79H52rA06x7mU=";
          }

          {
            # kcl vm
            allowedIPs = [ (getDeviceAddress "kclvm") ];
            publicKey = "jVBaY8AhgAA7myVjU/PJPDUCOjsCi23LT+pGZUoNEkE=";
          }

          {
            allowedIPs = [ (getDeviceAddress "framecca") ];
            publicKey = "w0XPu5GcDA2vpNk3KCFRdWNVVQHRtAPApEsK1h3Ovyk=";
          }

          {
            allowedIPs = [ (getDeviceAddress "framecca_one") ];
            publicKey = "5PnmExv78fU3SS8liUWY/oBCcJ48wzmz/70O0U7K/xs=";
          }

          {
            allowedIPs = [ (getDeviceAddress "framecca_two") ];
            publicKey = "FbWfh2rL3OYLTDIte+MgctqL/bphn38eqpNy/chc3wM=";
          }
          {
            allowedIPs = [ (getDeviceAddress "framecca_three") ];
            publicKey = "Z3LRFs6CO0kUh4J3pf+HcPsWch3hUAwJBG8/b0Kqnxs=";
          }
          {
            allowedIPs = [ (getDeviceAddress "framecca_four") ];
            publicKey = "g/Ta12igzxSlCxy7KP865qf+l3+r1LjOo6UXjulmPBc=";
          }
        ];
      };
    };
  };
}