flake/hosts/network.nix

129 lines
4 KiB
Nix
Raw Normal View History

2024-11-13 05:15:14 +01:00
{
lib,
config,
...
}: let
prefix = "lyn";
#hosts are defined here
hosts = {
wg-gateway = {
wg = {
enabled = true;
2024-11-13 21:06:25 +01:00
pubkey = "Fknzk7lltkPKJZlF3KXWKGQXXSj7CUD9ev0ZEZtpbjY=";
};
2024-11-20 21:39:42 +01:00
IPv4 = {
public = "78.47.226.47";
# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
2024-11-14 03:20:02 +01:00
internal = "10.35.0.3";
};
2024-11-20 21:39:42 +01:00
IPv6 = {
public = "2a01:4f8:1c1b:d2db::";
# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
2024-11-13 23:24:26 +01:00
internal = "fd1a:acab:cafe:1337:8f4c:68cd::";
};
};
supernova = {
wg = {
enabled = true;
2024-11-13 21:06:25 +01:00
pubkey = "jdfbOnP0mFWFobtQunm0h6EtqOZiar9G9jngMU7b+Co=";
};
2024-11-20 21:39:42 +01:00
IPv4 = {
# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
internal = "10.35.0.2";
};
2024-11-20 21:39:42 +01:00
IPv6 = {
# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
2024-11-13 23:24:26 +01:00
internal = "fd1a:acab:cafe:1337:6722:3657::";
};
};
};
in {
2024-11-13 05:15:14 +01:00
options = {
${prefix} = {
# defining the entire hosts part as a module
2024-11-13 05:15:14 +01:00
network.hosts = lib.mkOption {
2024-11-13 19:21:57 +01:00
type = lib.types.attrsOf (lib.types.submodule {
options = {
wg = lib.mkOption {
type = lib.types.submodule {
options = {
enabled = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable WireGuard";
};
pubkey = lib.mkOption {
2024-11-13 20:04:25 +01:00
type = lib.types.nullOr lib.types.str;
default = null;
description = "Public key for WireGuard";
};
2025-01-14 18:56:49 +01:00
port_v4 = lib.mkOption {
type = lib.types.int;
default = 51820;
description = "Port for WireGuard";
};
2025-01-14 18:56:49 +01:00
port_v6 = lib.mkOption {
type = lib.types.int;
default = 51821;
description = "Port for WireGuard";
};
};
};
description = "WireGuard configuration";
};
2024-11-20 21:39:42 +01:00
IPv4 = lib.mkOption {
type = lib.types.submodule {
options = {
public = lib.mkOption {
2025-01-14 18:56:49 +01:00
type = lib.types.nullOr lib.types.str;
default = null;
description = "Public IPv4 address";
};
internal = lib.mkOption {
type = lib.types.str;
description = "Wireguard-internal IPv4 address";
};
};
};
description = "IPv4 configuration";
2024-11-13 20:04:25 +01:00
default = {};
};
2024-11-20 21:39:42 +01:00
IPv6 = lib.mkOption {
type = lib.types.submodule {
options = {
public = lib.mkOption {
2025-01-14 18:56:49 +01:00
type = lib.types.nullOr lib.types.str;
default = null;
description = "Public IPv6 address";
};
internal = lib.mkOption {
type = lib.types.str;
description = "Wireguard-internal IPv6 address";
};
};
};
description = "IPv6 configuration";
default = {};
};
};
});
default = {};
2024-11-13 05:15:14 +01:00
description = "All hosts in this network that this config should be aware of";
};
};
};
2024-11-13 20:30:39 +01:00
config = {
${prefix}.network = {
2024-11-20 21:39:42 +01:00
inherit hosts;
2024-11-13 20:30:39 +01:00
};
assertions = [
{
2024-11-20 21:39:42 +01:00
assertion = lib.any (host: host.IPv4 != null || host.IPv6 != null) (lib.attrValues hosts);
message = "Either an IPv4 or IPv6 must be defined for each host";
}
];
};
}