depot/cluster/services/wireguard/default.nix

81 lines
1.9 KiB
Nix
Raw Normal View History

{ config, depot, lib, ... }:
2022-08-03 23:53:45 +03:00
let
2023-08-31 01:55:45 +03:00
inherit (depot) hours;
2022-08-03 23:53:45 +03:00
meshNet = rec {
netAddr = "10.1.1.0";
prefix = 24;
cidr = "${netAddr}/${toString prefix}";
};
2023-03-07 02:26:07 +02:00
getExtAddr = host: host.interfaces.primary.addrPublic;
2022-08-03 23:53:45 +03:00
in
{
vars = {
mesh = lib.genAttrs config.services.wireguard.nodes.mesh (node: config.hostLinks.${node}.mesh.extra);
inherit meshNet;
};
hostLinks = {
checkmate.mesh = {
2023-03-07 02:26:07 +02:00
ipv4 = getExtAddr hours.checkmate;
extra = {
meshIp = "10.1.1.32";
inherit meshNet;
pubKey = "fZMB9CDCWyBxPnsugo3Uxm/TIDP3VX54uFoaoC0bP3U=";
extraRoutes = [];
};
};
grail.mesh = {
ipv4 = getExtAddr hours.grail;
extra = {
meshIp = "10.1.1.6";
inherit meshNet;
pubKey = "0WAiQGdWySsGWFUk+a9e0I+BDTKwTyWQdFT2d7BMfDQ=";
extraRoutes = [];
};
};
thunderskin.mesh = {
2023-03-20 20:52:07 +02:00
ipv4 = getExtAddr hours.thunderskin;
extra = {
meshIp = "10.1.1.4";
inherit meshNet;
pubKey = "xvSsFvCVK8h2wThZJ7E5K0fniTBIEIYOblkKIf3Cwy0=";
extraRoutes = [];
};
};
VEGAS.mesh = {
2023-03-07 02:26:07 +02:00
ipv4 = getExtAddr hours.VEGAS;
2022-08-03 23:53:45 +03:00
extra = {
meshIp = "10.1.1.5";
inherit meshNet;
pubKey = "NpeB8O4erGTas1pz6Pt7qtY9k45YV6tcZmvvA4qXoFk=";
2023-03-07 02:26:07 +02:00
extraRoutes = [ "${hours.VEGAS.interfaces.vstub.addr}/32" "10.10.0.0/16" ];
2022-08-03 23:53:45 +03:00
};
};
prophet.mesh = {
2023-03-07 02:26:07 +02:00
ipv4 = getExtAddr hours.prophet;
2022-08-03 23:53:45 +03:00
extra = {
meshIp = "10.1.1.9";
inherit meshNet;
pubKey = "MMZAbRtNE+gsLm6DJy9VN/Y39E69oAZnvOcFZPUAVDc=";
extraRoutes = [];
2022-08-03 23:53:45 +03:00
};
};
};
services.wireguard = {
nodes = {
mesh = [ "checkmate" "grail" "thunderskin" "VEGAS" "prophet" ];
storm = [ "VEGAS" ];
2022-08-03 23:53:45 +03:00
};
nixos = {
mesh = ./mesh.nix;
storm = ./storm.nix;
2022-08-03 23:53:45 +03:00
};
secrets.meshPrivateKey = {
nodes = config.services.wireguard.nodes.mesh;
shared = false;
};
2022-08-03 23:53:45 +03:00
};
}