Bumper car bugfixing until it actually works as a flake
parent
18b08d06ec
commit
ecefdd099a
@ -1,36 +0,0 @@
|
|||||||
{ config, lib, ... }@inputs:
|
|
||||||
with lib;
|
|
||||||
with import ./lib.nix;
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
wirenix = {
|
|
||||||
enable = mkOption {
|
|
||||||
default = true;
|
|
||||||
type = with lib.types; bool;
|
|
||||||
description = ''
|
|
||||||
Wirenix
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
secretsDir = mkOption {
|
|
||||||
type = types.path;
|
|
||||||
description = mdDoc ''
|
|
||||||
where you want the wireguard secrets stored.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
config =
|
|
||||||
let
|
|
||||||
configurers = defaultConfigurers // config.modules.wirenix.additionalConfigurers;
|
|
||||||
parsers = defaultParsers // config.modules.wirenix.additionalParsers;
|
|
||||||
acl = config.modules.wirenix.aclConfig;
|
|
||||||
parser = parsers."${acl.version}" inputs;
|
|
||||||
configurer = configurers."${config.modules.wirenix.configurer}" inputs;
|
|
||||||
nixosConfigForPeer = peerName: builtins.head (builtins.attrValues (
|
|
||||||
lib.attrsets.filterAttrs (
|
|
||||||
name: value: (lib.attrsets.attrByPath ["config" "modules" "wirenix" "peerName"] null value) == peerName
|
|
||||||
) nixosConfigurations));
|
|
||||||
in
|
|
||||||
lib.mkIf (config.modules.wirenix.enable)
|
|
||||||
configurer (parser acl) config.modules.wirenix.peerName;
|
|
||||||
}
|
|
@ -1,32 +1,28 @@
|
|||||||
{config, nixosConfigurations, lib, ...}: intermediateConfig: peerName:
|
{config, lib, ...}: intermediateConfig: peerName:
|
||||||
with (import ../lib.nix);
|
with (import ../lib.nix);
|
||||||
with lib.attrsets;
|
with lib.attrsets;
|
||||||
with builtins;
|
with builtins;
|
||||||
let secretsDir = peerName: (nixosConfigForPeer nixosConfigurations peerName).config.modules.wirenix.secrestsDir; in
|
|
||||||
{
|
{
|
||||||
config = {
|
config.age = {
|
||||||
age.generators.wireguard-priv = {pkgs, file, ...}: ''
|
secrets = {
|
||||||
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
|
||||||
${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
|
|
||||||
echo "$priv"
|
|
||||||
'';
|
|
||||||
age.generators.wireguard-psk = {pkgs, file, ...}: ''
|
|
||||||
psk=$(${pkgs.wireguard-tools}/bin/wg genpsk)
|
|
||||||
echo "$psk"
|
|
||||||
'';
|
|
||||||
age.secrets = {
|
|
||||||
age.secrets = {
|
|
||||||
"wirenix-peer-${peerName}" = {
|
"wirenix-peer-${peerName}" = {
|
||||||
rekeyFile = config.modules.wirenix.secretsDir + /wirenix- + peerName + ".age";
|
rekeyFile = config.wirenix.secretsDir + /wirenix-peer- + peerName + ".age";
|
||||||
generator.script = "wireguard-priv";
|
generator.script = {pkgs, file, ...}: ''
|
||||||
|
priv=$(${pkgs.wireguard-tools}/bin/wg genkey)
|
||||||
|
${pkgs.wireguard-tools}/bin/wg pubkey <<< "$priv" > ${lib.escapeShellArg (lib.removeSuffix ".age" file + ".pub")}
|
||||||
|
echo "$priv"
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
} // mapAttrs' (name: value: nameValuePair ("wirenix-subnet-${name}") {
|
} //
|
||||||
rekeyFile = config.modules.wirenix.subnetSecretsDir + /wirenix-subnet- + name + ".age";
|
mapAttrs' (name: value: nameValuePair ("wirenix-subnet-${name}") {
|
||||||
generator.script = "wireguard-psk";
|
rekeyFile = config.wirenix.secretsDir + /wirenix-subnet- + name + ".age";
|
||||||
}) intermediateConfig.peers."${peerName}".subnetConnections;
|
generator.script = {pkgs, ...}: ''
|
||||||
|
psk=$(${pkgs.wireguard-tools}/bin/wg genpsk)
|
||||||
};
|
echo "$psk"
|
||||||
getPeerPubKey = otherPeerName: lib.removeSuffix ".age" ((secretsDir otherPeerName).config.secrets."wirenix-peer-${peerName}".path) + ".pub";
|
'';
|
||||||
|
}) intermediateConfig.peers."${peerName}".subnetConnections;
|
||||||
|
};
|
||||||
|
getPeerPubKey = otherPeerName: builtins.readFile (config.wirenix.secretsDir + /wirenix-peer-${peerName}.pub);
|
||||||
getPrivKeyFile = config.age.secrets."wirenix-peer-${peerName}".path;
|
getPrivKeyFile = config.age.secrets."wirenix-peer-${peerName}".path;
|
||||||
getSubnetPSKFile = subnetName: config.age.secrets."wirenix-subnet-${subnetName}".path;
|
getSubnetPSKFile = subnetName: config.age.secrets."wirenix-subnet-${subnetName}".path;
|
||||||
}
|
}
|
Loading…
Reference in New Issue