secrets: add wireguard peers

2021-02-17 12:03:41 +00:00 · 2021-02-17 12:03:41 +00:00 · 2523b764bd
parent 8b069ab820
commit 2523b764bd
9 changed files with 34 additions and 1 deletions
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:

 with lib;
 let
@ -42,5 +42,7 @@ else {
      ambroisie.hashedPassword = fileContents ./users/ambroisie/password.txt;
      root.hashedPassword = fileContents ./users/root/password.txt;
    };
+
+    wireguard = pkgs.callPackage ./wireguard { };
  };
 }
--- a/secrets/wireguard/.gitattributes
+++ b/secrets/wireguard/.gitattributes
@ -0,0 +1 @@
+/default.nix filter diff
--- a/secrets/wireguard/aramis/public.key
+++ b/secrets/wireguard/aramis/public.key
--- a/secrets/wireguard/aramis/secret.key
+++ b/secrets/wireguard/aramis/secret.key
--- a/secrets/wireguard/default.nix
+++ b/secrets/wireguard/default.nix
@ -0,0 +1,30 @@
+{ lib, ... }:
+let
+  peerSpec = {
+    # "Server"
+    porthos = {
+      clientNum = 1;
+      externalIp = "91.121.177.163";
+    };
+
+    # "Clients"
+    aramis = {
+      clientNum = 2;
+    };
+
+    richelieu = {
+      clientNum = 3;
+    };
+  };
+
+  makePeer = name: attrs: with lib; {
+    inherit (attrs) clientNum;
+    publicKey = fileContents (./. + "/${name}/public.key");
+    privateKey = fileContents (./. + "/${name}/secret.key");
+  } // optionalAttrs (attrs ? externalIp) {
+    inherit (attrs) externalIp;
+  };
+in
+{
+  peers = builtins.mapAttrs makePeer peerSpec;
+}
--- a/secrets/wireguard/porthos/public.key
+++ b/secrets/wireguard/porthos/public.key
--- a/secrets/wireguard/porthos/secret.key
+++ b/secrets/wireguard/porthos/secret.key
--- a/secrets/wireguard/richelieu/public.key
+++ b/secrets/wireguard/richelieu/public.key
--- a/secrets/wireguard/richelieu/secret.key
+++ b/secrets/wireguard/richelieu/secret.key