{lib, ...}: let prefix = "lyn"; #define wireguard subnets wg_subnets = { v4 = "10.35.0.1/24"; v6 = "fd1a:acab:cafe:1337::/64"; }; #Below is where all hosts are defined hosts = { wg-gateway = { wg = { enabled = true; pubkey = "lol"; port = 51820; }; v4 = { public = "78.47.226.47"; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.1"; }; v6 = { public = "2a01:4f8:1c1b:d2db::"; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:8f4c:68cd"; }; }; supernova = { wg = { enabled = true; pubkey = "lol"; port = 51820; }; v4 = { public = ""; # we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers internal = "10.35.0.2"; }; v6 = { public = ""; # 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64 internal = "fd1a:acab:cafe:1337:6722:3657"; }; }; }; # function to make a peerlist suitable for wgautomesh buildPeerlist = version: hosts: let #filter out hosts that have wg.enabled set to false wgEnabledHosts = lib.filterAttrs (_: host: host.wg.enabled or false) hosts; #filter out hosts that don't support IP{$version} filteredHosts = lib.filterAttrs (_: host: host.${version}.public != "") wgEnabledHosts; in lib.mapAttrs (name: host: { pubkey = host.wg.pubkey; #if there is no public IP, make endpoint null so wgautomesh knows it unknown endpoint = if host.${version}.public == "" then null else host.${version}.public; address = host.${version}.internal; }) filteredHosts; in { #create first options because apparently you have to do that in Nix config.lyn.network.IPv6.peerlist = lib.mkOption { type = lib.types.list; description = "List of all IPv6 Wireguard peers"; }; config.lyn.network.IPv4.peerlist = lib.mkOption { type = lib.types.list; description = "List of all IPv4 Wireguard peers"; }; config.lyn.network.IPv6.wg_subnet = lib.mkOption { type = string; description = "The IPv6 range that the peers will use"; }; config.lyn.network.IPv4.wg_subnet = lib.mkOption { type = string; description = "The IPv4 range that the peers will use"; }; config.lyn.network.IPv6.hosts = lib.mkOption { type = lib.types.set; description = "All hosts in this network that this config should be aware of"; }; config.${prefix}.network = { IPv4 = { wg_subnet = wg_subnets.v4; peerlist = buildPeerlist "v4" hosts; }; IPv6 = { wg_subnet = wg_subnets.v6; peerlist = buildPeerlist "v6" hosts; }; inherit hosts; }; }