feat(meta): get vpn-ip, wg-key and subnets

2025-01-06 15:29:31 +01:00 · 2025-01-06 15:29:31 +01:00 · e8f8a54b5d
commit e8f8a54b5d
parent 01af00470d
20 changed files with 88 additions and 44 deletions
--- a/kat/default.nix
+++ b/kat/default.nix
@ -15,7 +15,6 @@ let
    mkDefault
    ;
  inherit (lib.types)
    str
    package
    ;
 in
@ -31,12 +30,6 @@ in
    addArgs = mkEnableOption "the extra arguments" // {
      default = true;
    };
    wireguardPubKey = mkOption {
      type = str;
    };
    fqdn = mkOption {
      type = str;
    };
    anywhere = mkOption {
      type = package;
      readOnly = true;
--- a/kat/meta.nix
+++ b/kat/meta.nix
@ -16,6 +16,8 @@ let
    enum
    path
    unspecified
    nullOr
    str
    ;
  machine_meta =
@ -37,13 +39,37 @@ let
          default = [ ];
          # /!\ Take care of imported files
        };
        wg-key = mkOption {
          type = nullOr str;
          default = null;
        };
        vpn-ip4 = mkOption {
          type = nullOr str;
          default = null;
        };
        subnets = mkOption {
          type = listOf str;
          default = [ ];
        };
        fqdn = mkOption {
          type = nullOr str;
          default = null;
        };
        node_meta = mkOption {
          type = unspecified;
          readOnly = true;
        };
      };
      config.node_meta = rec {
-        inherit (config) version;
+        inherit (config)
          version
          wg-key
          vpn-ip4
          subnets
          fqdn
          ;
        patches = [ ./nginx-fallback.patch ] ++ config.patches;
        overlay-paths = [ "${sources.kat-pkgs}/overlay.nix" ] ++ config.overlay-paths;
        nixpkgs-paths = {
--- a/kat/proxies/default.nix
+++ b/kat/proxies/default.nix
@ -2,6 +2,8 @@
  pkgs,
  lib,
  config,
  self-meta,
  meta,
  nodes ? { },
  ...
 }:
@ -36,7 +38,7 @@ let
    internal = port;
  }) (submodule redirected-ports-mod);
-  inherit (config.kat) fqdn;
+  inherit (self-meta) fqdn;
  hostname = config.networking.hostName;
  cfg = config.kat.proxies;
@ -66,7 +68,7 @@ let
        map (
          host:
          let
-            inherit (nodes.${host}.config.kat) fqdn;
+            inherit (meta.machines.${host}) fqdn;
            host-cfg = nodes.${host}.config.kat.proxies;
          in
          {
--- a/machines/kat-betamail/configuration.nix
+++ b/machines/kat-betamail/configuration.nix
@ -22,8 +22,7 @@ in
  users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
  kat = {
-    fqdn = "betamail.katvayor.net";
+    # wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
    wireguardPubKey = "Znj451+hGJcPV1zFgpRMA8hg8edmUInA5zBtYBUuL3k=";
    proxies = {
      ip = "192.168.122.3";
      aliases = [ "catvayor.sh" ];
--- a/machines/kat-betamail/default.nix
+++ b/machines/kat-betamail/default.nix
@ -2,6 +2,8 @@
  meta = {
    version = "unstable";
    patches = [ ./0001-revert-procmail-to-3.22.patch ];
    fqdn = "betamail.katvayor.net";
    vpn-ip4 = "192.168.122.3";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-darknet/default.nix
+++ b/machines/kat-darknet/default.nix
@ -1,4 +1,7 @@
 {
-  meta.version = "unstable";
+  meta = {
    version = "unstable";
    vpn-ip4 = "192.168.122.8";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-degette/configuration.nix
+++ b/machines/kat-degette/configuration.nix
@ -20,7 +20,6 @@
  };
  kat = {
    fqdn = "degette.katvayor.net";
    proxies = {
      ip = "192.168.122.2";
      open-tcp = [
--- a/machines/kat-degette/default.nix
+++ b/machines/kat-degette/default.nix
@ -1,4 +1,8 @@
 {
-  meta.version = "stable";
+  meta = {
    version = "stable";
    fqdn = "degette.katvayor.net";
    vpn-ip4 = "192.168.122.2";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-manah/configuration.nix
+++ b/machines/kat-manah/configuration.nix
@ -1,6 +1,6 @@
 {
  pkgs,
-  nodes,
+  meta,
  ...
 }:
 {
@ -23,7 +23,6 @@
  };
  kat = {
    fqdn = "manah.katvayor.net";
    proxies = {
      ip = "10.42.0.1";
      open-tcp = [
@ -38,7 +37,6 @@
        "kat-betamail"
      ];
    };
    wireguardPubKey = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
  };
  systemd.network = {
@ -92,12 +90,12 @@
        wireguardPeers = [
          {
-            Endpoint = "watcher.katvayor.net:1194";
+            Endpoint = "${meta.machines.kat-watcher.fqdn}:1194";
            AllowedIPs = [
              "10.42.0.2/32"
            ];
            PersistentKeepalive = 20;
-            PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
+            PublicKey = meta.machines.kat-watcher.wg-key;
          }
        ];
      };
--- a/machines/kat-manah/default.nix
+++ b/machines/kat-manah/default.nix
@ -1,4 +1,13 @@
 {
-  meta.version = "unstable";
+  meta = {
    version = "unstable";
    fqdn = "manah.katvayor.net";
    vpn-ip4 = "10.42.0.1";
    wg-key = "2rMQV5fyBhl7t/0j70iPOfEr/lAWQfLXQKMwtzaXxnM=";
    subnets = [
      "192.168.1.0/24"
      "192.168.122.0/24"
    ];
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-orchid/configuration.nix
+++ b/machines/kat-orchid/configuration.nix
@ -27,7 +27,6 @@
  };
  kat = {
    fqdn = "orchid.katvayor.net";
    proxies = {
      ip = "192.168.122.6";
      aliases = [
--- a/machines/kat-orchid/default.nix
+++ b/machines/kat-orchid/default.nix
@ -1,4 +1,8 @@
 {
-  meta.version = "stable";
+  meta = {
    version = "stable";
    fqdn = "orchid.katvayor.net";
    vpn-ip4 = "192.168.122.6";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-probook/configuration.nix
+++ b/machines/kat-probook/configuration.nix
@ -1,6 +1,6 @@
 {
  pkgs,
-  nodes,
+  meta,
  users,
  lib,
  sources,
@ -55,7 +55,6 @@ in
      "wg0"
    ];
  };
  kat.wireguardPubKey = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
  systemd.tmpfiles.rules = [
    "w /sys/devices/system/cpu/cpufreq/policy*/scaling_governor - - - - performance"
    "w /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference - - - - performance"
@ -99,8 +98,8 @@ in
          AllowedIPs = [
            "10.42.0.0/16"
          ];
-          PublicKey = nodes.kat-watcher.config.kat.wireguardPubKey;
+          PublicKey = meta.machines.kat-watcher.wg-key;
-          Endpoint = "watcher.katvayor.net:1194";
+          Endpoint = "${meta.machines.kat-watcher.fqdn}:1194";
          PersistentKeepalive = 25;
        }
      ];
--- a/machines/kat-probook/default.nix
+++ b/machines/kat-probook/default.nix
@ -1,4 +1,8 @@
 {
-  meta.version = "unstable";
+  meta = {
    version = "unstable";
    wg-key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
    vpn-ip4 = "10.42.1.1";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-son/configuration.nix
+++ b/machines/kat-son/configuration.nix
@ -22,7 +22,6 @@
  };
  kat = {
    fqdn = "son.katvayor.net";
    proxies = {
      ip = "192.168.122.5";
      aliases = [
--- a/machines/kat-son/default.nix
+++ b/machines/kat-son/default.nix
@ -1,4 +1,8 @@
 {
-  meta.version = "unstable";
+  meta = {
    version = "unstable";
    fqdn = "son.katvayor.net";
    vpn-ip4 = "192.168.122.5";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-watcher/configuration.nix
+++ b/machines/kat-watcher/configuration.nix
@ -1,6 +1,6 @@
 {
  pkgs,
-  nodes,
+  meta,
  ...
 }:
 {
@ -21,8 +21,6 @@
  };
  kat = {
    wireguardPubKey = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
    fqdn = "watcher.katvayor.net";
    proxies.redirects = [ "kat-manah" ];
  };
@ -83,19 +81,13 @@
            AllowedIPs = [
              "10.42.0.1/32"
            ];
-            PublicKey = nodes.kat-manah.config.kat.wireguardPubKey;
+            PublicKey = meta.machines.kat-manah.wg-key;
          }
          {
            AllowedIPs = [
              "10.42.1.1/32"
            ];
-            PublicKey = nodes.kat-probook.config.kat.wireguardPubKey;
+            PublicKey = meta.machines.kat-probook.wg-key;
          }
          {
            AllowedIPs = [
              "10.42.2.1/32"
            ];
            PublicKey = nodes.kat-betamail.config.kat.wireguardPubKey;
          }
        ];
      };
--- a/machines/kat-watcher/default.nix
+++ b/machines/kat-watcher/default.nix
@ -1,4 +1,9 @@
 {
-  meta.version = "unstable";
+  meta = {
    version = "unstable";
    wg-key = "BgLBrWG7DRj2Gwoyj+vHZTjiB3gPEnwVcDFEQH/BYgg=";
    fqdn = "watcher.katvayor.net";
    vpn-ip4 = "10.42.0.2";
  };
  config = import ./configuration.nix;
 }
--- a/machines/kat-www/configuration.nix
+++ b/machines/kat-www/configuration.nix
@ -24,7 +24,6 @@
  };
  kat = {
    fqdn = "website.katvayor.net";
    proxies = {
      aliases = [
        "www.katvayor.net"
--- a/machines/kat-www/default.nix
+++ b/machines/kat-www/default.nix
@ -1,4 +1,8 @@
 {
-  meta.version = "stable";
+  meta = {
    version = "stable";
    fqdn = "website.katvayor.net";
    vpn-ip4 = "192.168.122.7";
  };
  config = import ./configuration.nix;
 }