flake/hosts/network.nix

{
  lib,
  config,
  ...
}: let
  prefix = "meshconfig";

  #define wireguard subnets
  wg_subnets = {
    v4 = "10.35.0.1/24";
    v6 = "fd1a:acab:cafe:1337::/64";
  };

  #Below is where all hosts are defined
  hosts = {
    wg-gateway = {
      wg = {
        enabled = true;
        pubkey = "lol";
        port = 51820;
      };
      v4 = {
        public = "78.47.226.47";
        # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
        internal = "10.35.0.1";
      };
      v6 = {
        public = "2a01:4f8:1c1b:d2db::";
        # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
        internal = "fd1a:acab:cafe:1337:8f4c:68cd";
      };
    };
    supernova = {
      wg = {
        enabled = true;
        pubkey = "lol";
        port = 51820;
      };
      v4 = {
        public = "";
        # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
        internal = "10.35.0.2";
      };
      v6 = {
        public = "";
        # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
        internal = "fd1a:acab:cafe:1337:6722:3657";
      };
    };
  };

  # function to make a peerlist suitable for wgautomesh
  buildPeerlist = version: hosts: let
    #filter out hosts that have wg.enabled set to false
    wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts;
    #filter out hosts that don't support IP{$version}
    filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts;
  in
    lib.mapAttrs (name: host: {
      pubkey = host.wg.pubkey;
      #if there is no public IP, make endpoint null so wgautomesh knows it unknown
      endpoint =
        if host.${version}.public == ""
        then null
        else host.${version}.public;
      address = host.${version}.internal;
    })
    filteredHosts;
in {
  options = {
    config.${prefix} = {
      network.IPv6.peerlist = lib.mkOption {
        type = lib.types.list;
        description = "List of all IPv6 Wireguard peers";
      };
      network.IPv4.peerlist = lib.mkOption {
        type = lib.types.list;
        description = "List of all IPv4 Wireguard peers";
      };
      network.IPv6.wg_subnet = lib.mkOption {
        type = string;
        description = "The IPv6 range that the peers will use";
      };
      network.IPv4.wg_subnet = lib.mkOption {
        type = string;
        description = "The IPv4 range that the peers will use";
      };
      network.hosts = lib.mkOption {
        type = lib.types.set;
        description = "All hosts in this network that this config should be aware of";
      };
    };
  };
  config = {
    network = {
      IPv4 = {
        wg_subnet = wg_subnets.v4;
        peerlist = buildPeerlist "v4" hosts;
      };
      IPv6 = {
        wg_subnet = wg_subnets.v6;
        peerlist = buildPeerlist "v6" hosts;
      };
      inherit hosts;
    };
  };
}