summaryrefslogtreecommitdiffstats
path: root/tv/2configs/wiregrill.nix
diff options
context:
space:
mode:
Diffstat (limited to 'tv/2configs/wiregrill.nix')
-rw-r--r--tv/2configs/wiregrill.nix37
1 files changed, 0 insertions, 37 deletions
diff --git a/tv/2configs/wiregrill.nix b/tv/2configs/wiregrill.nix
deleted file mode 100644
index edf65e979..000000000
--- a/tv/2configs/wiregrill.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-with import ./lib;
-{ config, pkgs, ... }: let
- cfg = {
- enable = cfg.net != null;
- net = config.krebs.build.host.nets.wiregrill or null;
- };
- toCidrNotation = ip: "${ip.addr}/${toString ip.prefixLength}";
-in
- mkIf cfg.enable {
- networking.wireguard.interfaces.wiregrill = {
- ips =
- optional (cfg.net.ip4 != null) cfg.net.ip4.addr ++
- optional (cfg.net.ip6 != null) cfg.net.ip6.addr;
- listenPort = 51820;
- privateKeyFile = (toString <secrets>) + "/wiregrill.key";
- allowedIPsAsRoutes = true;
- peers = mapAttrsToList
- (_: host: {
- allowedIPs = host.nets.wiregrill.wireguard.subnets;
- endpoint =
- mkIf (host.nets.wiregrill.via != null) (host.nets.wiregrill.via.ip4.addr + ":${toString host.nets.wiregrill.wireguard.port}");
- persistentKeepalive = mkIf (host.nets.wiregrill.via != null) 61;
- publicKey =
- replaceStrings ["\n"] [""] host.nets.wiregrill.wireguard.pubkey;
- })
- (filterAttrs (_: h: hasAttr "wiregrill" h.nets) config.krebs.hosts);
- };
- systemd.network.networks.wiregrill = {
- matchConfig.Name = "wiregrill";
- address =
- optional (cfg.net.ip4 != null) (toCidrNotation cfg.net.ip4) ++
- optional (cfg.net.ip6 != null) (toCidrNotation cfg.net.ip6);
- };
- tv.iptables.extra.filter.INPUT = [
- "-p udp --dport ${toString cfg.net.wireguard.port} -j ACCEPT"
- ];
- }