talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Refactor the wireguard role to use lib.mkMerge.

Browse Source
This commit is contained in:
Tom Alexander 2025-01-24 17:41:12 -05:00
parent facfd01661
commit 4a76097a5e
Signed by: talexander
GPG Key ID: D3A179C9A53C0EDE
3 changed files with 36 additions and 13 deletions
nix/configuration
hosts
neelix
default.nix
odo
default.nix
roles/wireguard
default.nix

3
nix/configuration/hosts/neelix/default.nix

@ -30,6 +30,9 @@
me.kodi.enable = true; me.kodi.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
} }

6
nix/configuration/hosts/odo/default.nix

@ -57,6 +57,12 @@
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
} }

40
nix/configuration/roles/wireguard/default.nix

@ -4,7 +4,6 @@
pkgs, pkgs,
... ...
}: }:
let let
activatedWg = name: { activatedWg = name: {
networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf"; networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf";
@ -29,21 +28,36 @@ let
autostart = false; autostart = false;
}; };
}; };
wgConfig = lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate wireguard_enable = (config.me.wireguard.activated != [ ] || config.me.wireguard.deactivated != [ ]);
(lib.attrsets.recursiveUpdate {
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
} (activatedWg "drmario"))
(activatedWg "wgh")
) (activatedWg "colo")) (deactivatedWg "wgf");
in in
{ {
imports = [ ]; imports = [ ];
config = lib.mkIf (!config.me.buildingIso) wgConfig; options.me = {
wireguard.activated = lib.mkOption {
# environment.systemPackages = with pkgs; [ type = lib.types.listOf lib.types.str;
# wireguard-tools default = false;
# ]; example = true;
description = "List of wireguard config names that should be activated at boot.";
};
wireguard.deactivated = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = false;
example = true;
description = "List of wireguard config names that are not activated at boot but can be manually activated later.";
};
};
config = lib.mkIf wireguard_enable (
lib.mkMerge [
{
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
}
(activatedWg "drmario")
(activatedWg "wgh")
(activatedWg "colo")
(deactivatedWg "wgf")
]
);
} }