diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2022-10-06 06:36:16 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2022-10-06 06:36:16 -0400 |
| commit | e8bc9ab190ba5bc4e5f76950ae7103133021da20 (patch) | |
| tree | 08486fbf3becf244e8f4e9aee7a8b11e3d589842 /modules/vpn.nix | |
| parent | 6d19f59b085d162d25c027d3d7014aefd95020ee (diff) | |
Formatting
Diffstat (limited to 'modules/vpn.nix')
| -rw-r--r-- | modules/vpn.nix | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/modules/vpn.nix b/modules/vpn.nix index 0b532de..635bcd4 100644 --- a/modules/vpn.nix +++ b/modules/vpn.nix @@ -23,28 +23,26 @@ let firelink = mkConfig "firelink" "2001"; pincer = mkConfig "pincer" "2002"; steamdeck = mkConfig "steamdeck" "2003" // { - ips = [ - "${vpn-prefix}::2003/128" - "${vpn-prefix}::2004/128" - ]; + ips = [ "${vpn-prefix}::2003/128" "${vpn-prefix}::2004/128" ]; }; }; mkPeer = hostConfig: { inherit (hostConfig) publicKey endpoint; - allowedIPs = if hostConfig.router && !cfg.is_server then [ "${vpn-prefix}::/64" ] else hostConfig.ips; + allowedIPs = if hostConfig.router && !cfg.is_server then + [ "${vpn-prefix}::/64" ] + else + hostConfig.ips; }; getPeers = host: - if - host == "dragon" - then - builtins.map mkPeer (builtins.attrValues (builtins.removeAttrs hosts [host])) + if host == "dragon" then + builtins.map mkPeer + (builtins.attrValues (builtins.removeAttrs hosts [ host ])) else - builtins.map mkPeer [hosts.dragon]; + builtins.map mkPeer [ hosts.dragon ]; -in -{ +in { options = { orbekk.vpn = { enable = lib.mkEnableOption "Enable VPN"; @@ -66,7 +64,8 @@ in orbekk.simple-firewall.allowedUDPPorts = [ cfg.listenPort ]; age.secrets = { - "${config.networking.hostName}-wireguard-key".file = ./. + "/../secrets/${config.networking.hostName}-wireguard-key.age"; + "${config.networking.hostName}-wireguard-key".file = ./. + + "/../secrets/${config.networking.hostName}-wireguard-key.age"; }; networking.networkmanager.unmanaged = [ "vpn" ]; @@ -75,7 +74,8 @@ in enable = true; interfaces.vpn = { ips = hosts.${config.networking.hostName}.ips; - privateKeyFile = "${config.age.secrets."${config.networking.hostName}-wireguard-key".path}"; + privateKeyFile = + "${config.age.secrets."${config.networking.hostName}-wireguard-key".path}"; allowedIPsAsRoutes = true; listenPort = cfg.listenPort; peers = getPeers config.networking.hostName; |