modules: services: wireguard: use agenix secrets
This commit is contained in:
parent
ca5e5a53cd
commit
b6af754199
|
@ -5,9 +5,37 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.my.services.wireguard;
|
cfg = config.my.services.wireguard;
|
||||||
|
secrets = config.age.secrets;
|
||||||
hostName = config.networking.hostName;
|
hostName = config.networking.hostName;
|
||||||
|
|
||||||
peers = config.my.secrets.wireguard.peers;
|
peers =
|
||||||
|
let
|
||||||
|
mkPeer = name: attrs: {
|
||||||
|
inherit (attrs) clientNum publicKey;
|
||||||
|
privateKeyFile = secrets."wireguard/${name}/private-key".path;
|
||||||
|
} // lib.optionalAttrs (attrs ? externalIp) {
|
||||||
|
inherit (attrs) externalIp;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
lib.mapAttrs mkPeer {
|
||||||
|
# "Server"
|
||||||
|
porthos = {
|
||||||
|
clientNum = 1;
|
||||||
|
publicKey = "PLdgsizztddri0LYtjuNHr5r2E8D+yI+gM8cm5WDfHQ=";
|
||||||
|
externalIp = "91.121.177.163";
|
||||||
|
};
|
||||||
|
|
||||||
|
# "Clients"
|
||||||
|
aramis = {
|
||||||
|
clientNum = 2;
|
||||||
|
publicKey = "QJSWIBS1mXTpxYybLlKu/Y5wy0GFbUfn4yPzpF1DZDc=";
|
||||||
|
};
|
||||||
|
|
||||||
|
richelieu = {
|
||||||
|
clientNum = 3;
|
||||||
|
publicKey = "w4IADAj2Tt7Qe95a0RxDv9ovg/Dr/f3q1LrVOPF48Rk=";
|
||||||
|
};
|
||||||
|
};
|
||||||
thisPeer = peers."${hostName}";
|
thisPeer = peers."${hostName}";
|
||||||
thisPeerIsServer = thisPeer ? externalIp;
|
thisPeerIsServer = thisPeer ? externalIp;
|
||||||
# Only connect to clients from server, and only connect to server from clients
|
# Only connect to clients from server, and only connect to server from clients
|
||||||
|
@ -26,8 +54,7 @@ let
|
||||||
"${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask}"
|
"${v4.subnet}.${toString thisPeer.clientNum}/${toString v4.mask}"
|
||||||
"${v6.subnet}::${toString thisPeer.clientNum}/${toHexString v6.mask}"
|
"${v6.subnet}::${toString thisPeer.clientNum}/${toHexString v6.mask}"
|
||||||
];
|
];
|
||||||
# Insecure, I don't care
|
inherit (thisPeer) privateKeyFile;
|
||||||
privateKey = thisPeer.privateKey;
|
|
||||||
|
|
||||||
peers =
|
peers =
|
||||||
let
|
let
|
||||||
|
|
Loading…
Reference in a new issue