129 lines
4 KiB
Nix
129 lines
4 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
...
|
|
}: let
|
|
prefix = "lyn";
|
|
|
|
#hosts are defined here
|
|
hosts = {
|
|
wg-gateway = {
|
|
wg = {
|
|
enabled = true;
|
|
pubkey = "Fknzk7lltkPKJZlF3KXWKGQXXSj7CUD9ev0ZEZtpbjY=";
|
|
};
|
|
IPv4 = {
|
|
public = "78.47.226.47";
|
|
# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
|
|
internal = "10.35.0.3";
|
|
};
|
|
IPv6 = {
|
|
public = "2a01:4f8:1c1b:d2db::";
|
|
# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
|
|
internal = "fd1a:acab:cafe:1337:8f4c:68cd::";
|
|
};
|
|
};
|
|
supernova = {
|
|
wg = {
|
|
enabled = true;
|
|
pubkey = "jdfbOnP0mFWFobtQunm0h6EtqOZiar9G9jngMU7b+Co=";
|
|
port_v4 = 56052;
|
|
};
|
|
IPv4 = {
|
|
# we use 10.35.0.0/16 as a range for private subnets, specifically 10.35.0.0/24 for wireguard peers
|
|
internal = "10.35.0.2";
|
|
};
|
|
IPv6 = {
|
|
# 1aacabcafe is the global ID and 1337 is the wireguard peer subnet ID, resulting in the ULA fd1a:acab:cafe:1337::/64
|
|
internal = "fd1a:acab:cafe:1337:6722:3657::";
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
options = {
|
|
${prefix} = {
|
|
# defining the entire hosts part as a module
|
|
network.hosts = lib.mkOption {
|
|
type = lib.types.attrsOf (lib.types.submodule {
|
|
options = {
|
|
wg = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
options = {
|
|
enabled = lib.mkOption {
|
|
type = lib.types.bool;
|
|
default = false;
|
|
description = "Enable WireGuard";
|
|
};
|
|
pubkey = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Public key for WireGuard";
|
|
};
|
|
port_v4 = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 51820;
|
|
description = "Port for WireGuard";
|
|
};
|
|
port_v6 = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 51821;
|
|
description = "Port for WireGuard";
|
|
};
|
|
};
|
|
};
|
|
description = "WireGuard configuration";
|
|
};
|
|
IPv4 = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
options = {
|
|
public = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Public IPv4 address";
|
|
};
|
|
internal = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "Wireguard-internal IPv4 address";
|
|
};
|
|
};
|
|
};
|
|
description = "IPv4 configuration";
|
|
default = {};
|
|
};
|
|
IPv6 = lib.mkOption {
|
|
type = lib.types.submodule {
|
|
options = {
|
|
public = lib.mkOption {
|
|
type = lib.types.nullOr lib.types.str;
|
|
default = null;
|
|
description = "Public IPv6 address";
|
|
};
|
|
internal = lib.mkOption {
|
|
type = lib.types.str;
|
|
description = "Wireguard-internal IPv6 address";
|
|
};
|
|
};
|
|
};
|
|
description = "IPv6 configuration";
|
|
default = {};
|
|
};
|
|
};
|
|
});
|
|
default = {};
|
|
description = "All hosts in this network that this config should be aware of";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = {
|
|
${prefix}.network = {
|
|
inherit hosts;
|
|
};
|
|
assertions = [
|
|
{
|
|
assertion = lib.any (host: host.IPv4 != null || host.IPv6 != null) (lib.attrValues hosts);
|
|
message = "Either an IPv4 or IPv6 must be defined for each host";
|
|
}
|
|
];
|
|
};
|
|
}
|