Refactor the wireguard role to use lib.mkMerge.

2025-01-24 17:41:12 -05:00 · 2025-01-24 17:41:12 -05:00 · 4a76097a5e
commit 4a76097a5e
parent facfd01661
3 changed files with 36 additions and 13 deletions
--- a/nix/configuration/hosts/neelix/default.nix
+++ b/nix/configuration/hosts/neelix/default.nix
@ -30,6 +30,9 @@
  me.kodi.enable = true;
  me.lvfs.enable = true;
  me.sound.enable = true;
+  me.wireguard.activated = [ "wgh" ];
+  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
+
 }
--- a/nix/configuration/hosts/odo/default.nix
+++ b/nix/configuration/hosts/odo/default.nix
@ -57,6 +57,12 @@
  me.vscode.enable = true;
  me.wasm.enable = true;
  me.waybar.enable = true;
+  me.wireguard.activated = [
+    "drmario"
+    "wgh"
+    "colo"
+  ];
+  me.wireguard.deactivated = [ "wgf" ];
  me.zrepl.enable = true;
  me.zsh.enable = true;
 }
--- a/nix/configuration/roles/wireguard/default.nix
+++ b/nix/configuration/roles/wireguard/default.nix
@ -4,7 +4,6 @@
  pkgs,
  ...
 }:
-
 let
  activatedWg = name: {
    networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf";
@ -29,21 +28,36 @@ let
      autostart = false;
    };
  };
-  wgConfig = lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate
-    (lib.attrsets.recursiveUpdate {
-      networking.firewall.allowedUDPPorts = [ 51821 ];
-      networking.wireguard.enable = true;
-    } (activatedWg "drmario"))
-    (activatedWg "wgh")
-  ) (activatedWg "colo")) (deactivatedWg "wgf");
+  wireguard_enable = (config.me.wireguard.activated != [ ] || config.me.wireguard.deactivated != [ ]);
 in
 {
  imports = [ ];

-  config = lib.mkIf (!config.me.buildingIso) wgConfig;
-
-  # environment.systemPackages = with pkgs; [
-  #   wireguard-tools
-  # ];
+  options.me = {
+    wireguard.activated = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = false;
+      example = true;
+      description = "List of wireguard config names that should be activated at boot.";
+    };
+    wireguard.deactivated = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = false;
+      example = true;
+      description = "List of wireguard config names that are not activated at boot but can be manually activated later.";
+    };
+  };

+  config = lib.mkIf wireguard_enable (
+    lib.mkMerge [
+      {
+        networking.firewall.allowedUDPPorts = [ 51821 ];
+        networking.wireguard.enable = true;
+      }
+      (activatedWg "drmario")
+      (activatedWg "wgh")
+      (activatedWg "colo")
+      (deactivatedWg "wgf")
+    ]
+  );
 }