tv: configure the wiregrill

krebs/3modules/tv/default.nix

@@ -1,12 +1,30 @@
 with import <stockholm/lib>;
 { config, ... }: let
 
-  hostDefaults = hostName: host: flip recursiveUpdate host ({
-    owner = config.krebs.users.tv;
-  } // optionalAttrs (host.nets?retiolum) {
-    nets.retiolum.ip6.addr =
-      (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
-  });
+  hostDefaults = hostName: host: foldl' recursiveUpdate {} [
+    {
+      owner = config.krebs.users.tv;
+    }
+    (optionalAttrs (host.nets?retiolum) {
+      nets.retiolum = {
+        ip6.addr =
+          (krebs.genipv6 "retiolum" "tv" { inherit hostName; }).address;
+      };
+    })
+    (let
+      pubkey-path = ./wiregrill + "/${hostName}.pub";
+    in optionalAttrs (pathExists pubkey-path) {
+      nets.wiregrill = {
+        aliases = [
+          "${hostName}.w"
+        ];
+        ip6.addr =
+          (krebs.genipv6 "wiregrill" "tv" { inherit hostName; }).address;
+        wireguard.pubkey = readFile pubkey-path;
+      };
+    })
+    host
+  ];
 
 in {
   dns.providers = {
@@ -103,6 +121,9 @@ in {
             -----END RSA PUBLIC KEY-----
           '';
         };
+        wiregrill.wireguard.subnets = [
+          (krebs.genipv6 "wiregrill" "tv" 0).subnetCIDR
+        ];
       };
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILGDdcKwFm6udU0/x6XGGb87k9py0VlrxF54HeYu9Izb";
     };

krebs/3modules/tv/wiregrill/alnus.pub

@@ -0,0 +1 @@
+w7+6kMf1P3Ka0kXXY4CCbr80TrWPYpe/zd13yuvz9SE=

krebs/3modules/tv/wiregrill/mu.pub

@@ -0,0 +1 @@
+4bboT+cZM1BYvNho9oKbO0MFnPFTvmASR+1IdV4/fwQ=

krebs/3modules/tv/wiregrill/ni.pub

@@ -0,0 +1 @@
+KiIiwkuin+E4FXqFajJjnoGKkHW3H3FzIx5EQrF1+lw=

krebs/3modules/tv/wiregrill/nomic.pub

@@ -0,0 +1 @@
+UgvgarDtuSvbciNx5SU2NDbctb9/OTQ9Kr8H/O3931A=

krebs/3modules/tv/wiregrill/querel.pub

@@ -0,0 +1 @@
+sxaqrsqcDgdM3+QH6mxzqDs3SLWgm7J8AytpIbRZ2n0=

krebs/3modules/tv/wiregrill/wu.pub

@@ -0,0 +1 @@
+68bL6l3/sjbirva80tm0Dw6/PJu1S95nJC58gWCh42E=

krebs/3modules/tv/wiregrill/xu.pub

@@ -0,0 +1 @@
+XU76RFN0jG/YjffAPg3e3VuHF/iKMvVoRhHmixvLL1s=

krebs/3modules/tv/wiregrill/zu.pub

@@ -0,0 +1 @@
+WrILdnsketejrJuYM/sLEh89GdSVbddv8BG/D3sW7kw=