flake/hosts/network.nix

{lib, ...}: let
  prefix = "lyn";

  #define wireguard subnets
  wg_subnets = {
    v4 = "10.35.0.1/24";
    v6 = "fd1a:acab:cafe:1337::/64";
  };

  #Below is where all hosts are defined
  hosts = {
    wg-gateway = {
      wg = {
        enabled = true;
        pubkey = "lol";
        port = 51820;
      };
      v4 = {
        public = "78.47.226.47";
        # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
        internal = "10.35.0.1";
      };
      v6 = {
        public = "2a01:4f8:1c1b:d2db::";
        # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
        internal = "fd1a:acab:cafe:1337:8f4c:68cd";
      };
    };
    supernova = {
      wg = {
        enabled = true;
        pubkey = "lol";
        port = 51820;
      };
      v4 = {
        public = "";
        # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
        internal = "10.35.0.2";
      };
      v6 = {
        public = "";
        # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
        internal = "fd1a:acab:cafe:1337:6722:3657";
      };
    };
  };

  # function to make a peerlist suitable for wgautomesh
  buildPeerlist = version: hosts: let
    #filter out hosts that have wg.enabled set to false
    wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts;
    #filter out hosts that don't support IP{$version}
    filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts;
  in
    lib.mapAttrs (name: host: {
      pubkey = host.wg.pubkey;
      #if there is no public IP, make endpoint null so wgautomesh knows it unknown
      endpoint =
        if host.${version}.public == ""
        then null
        else host.${version}.public;
      address = host.${version}.internal;
    })
    filteredHosts;
in {
  ${prefix}.network = {
    IPv4 = {
      wg_subnet = wg_subnets.v4;
      peerlist = buildPeerlist "v4" hosts;
    };
    IPv6 = {
      wg_subnet = wg_subnets.v6;
      peerlist = buildPeerlist "v6" hosts;
    };
    inherit hosts;
  };
}
first draft of the automesh abstraction 2024-11-12 01:49:31 +01:00			`{lib, ...}: let`
			`prefix = "lyn";`

			`#define wireguard subnets`
			`wg_subnets = {`
			`v4 = "10.35.0.1/24";`
			`v6 = "fd1a:acab:cafe:1337::/64";`
			`};`

			`#Below is where all hosts are defined`
			`hosts = {`
			`wg-gateway = {`
			`wg = {`
			`enabled = true;`
			`pubkey = "lol";`
			`port = 51820;`
			`};`
			`v4 = {`
			`public = "78.47.226.47";`
			`# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers`
			`internal = "10.35.0.1";`
			`};`
			`v6 = {`
			`public = "2a01:4f8:1c1b:d2db::";`
			`# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64`
			`internal = "fd1a:acab:cafe:1337:8f4c:68cd";`
			`};`
			`};`
			`supernova = {`
			`wg = {`
			`enabled = true;`
			`pubkey = "lol";`
			`port = 51820;`
			`};`
			`v4 = {`
			`public = "";`
			`# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers`
			`internal = "10.35.0.2";`
			`};`
			`v6 = {`
			`public = "";`
			`# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64`
			`internal = "fd1a:acab:cafe:1337:6722:3657";`
			`};`
			`};`
			`};`

			`# function to make a peerlist suitable for wgautomesh`
			`buildPeerlist = version: hosts: let`
			`#filter out hosts that have wg.enabled set to false`
			`wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts;`
			`#filter out hosts that don't support IP{$version}`
			`filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts;`
			`in`
			`lib.mapAttrs (name: host: {`
			`pubkey = host.wg.pubkey;`
			`#if there is no public IP, make endpoint null so wgautomesh knows it unknown`
			`endpoint =`
			`if host.${version}.public == ""`
			`then null`
			`else host.${version}.public;`
			`address = host.${version}.internal;`
			`})`
			`filteredHosts;`
			`in {`
			`${prefix}.network = {`
			`IPv4 = {`
			`wg_subnet = wg_subnets.v4;`
			`peerlist = buildPeerlist "v4" hosts;`
			`};`
			`IPv6 = {`
			`wg_subnet = wg_subnets.v6;`
			`peerlist = buildPeerlist "v6" hosts;`
			`};`
			`inherit hosts;`
			`};`
			`}`