{lib, ...}: let prefix = "lyn"; #define wireguard subnets wg_subnets = { v4 = "10.35.0.1/24"; v6 = "fd1a:acab:cafe:1337::/64"; }; #Below is where all hosts are defined hosts = { wg-gateway = { wg = { enabled = true; pubkey = "lol"; port = 51820; }; v4 = { public = "78.47.226.47"; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.1"; }; v6 = { public = "2a01:4f8:1c1b:d2db::"; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:8f4c:68cd"; }; }; supernova = { wg = { enabled = true; pubkey = "lol"; port = 51820; }; v4 = { public = ""; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.2"; }; v6 = { public = ""; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:6722:3657"; }; }; }; # function to make a peerlist suitable for wgautomesh buildPeerlist = version: hosts: let #filter out hosts that have wg.enabled set to false wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts; #filter out hosts that don't support IP{$version} filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts; in lib.mapAttrs (name: host: { pubkey = host.wg.pubkey; #if there is no public IP, make endpoint null so wgautomesh knows it unknown endpoint = if host.${version}.public == "" then null else host.${version}.public; address = host.${version}.internal; }) filteredHosts; in { ${prefix}.network = { IPv4 = { wg_subnet = wg_subnets.v4; peerlist = buildPeerlist "v4" hosts; }; IPv6 = { wg_subnet = wg_subnets.v6; peerlist = buildPeerlist "v6" hosts; }; inherit hosts; }; }