Limit wireguard hosts to wireguard-enabled hosts

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2025-03-14 01:21:02 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2025-03-14 01:38:00 +0100
commit: 930866cf94823edf6d9b91436f30e605a90c7174 (patch)
tree: 106f4455cc0fd6eae645b80abdd3b468a2c11de0 /flakes
parent: 79f90ea3aa6547d896e0657a7ab19ae3f5c834c6 (diff)
download: Nix-930866cf94823edf6d9b91436f30e605a90c7174.tar.gz
Nix-930866cf94823edf6d9b91436f30e605a90c7174.tar.zst
Nix-930866cf94823edf6d9b91436f30e605a90c7174.zip
2 files changed, 14 insertions, 14 deletions
diff --git a/flakes/flake.lock b/flakes/flake.lock
index 75677c7..2b6d84a 100644
--- a/flakes/flake.lock
+++ b/flakes/flake.lock
@@ -3818,7 +3818,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-ZHehuF4gKmUT5HHNMZWUXmUO5was3LjBT0XUFbtC3ME=",
+        "narHash": "sha256-6XWbafDuH63vuds7ZSaai1UO02xkhumDjT1oEioX7u0=",
        "path": "../systems/backup-2",
        "type": "path"
      },
@@ -3841,7 +3841,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-bSv+4WJJsHgg+WyqqT68jQVzCuvfYWwwS7WM1FA+GpU=",
+        "narHash": "sha256-Bt+EyQNXxATScgdFH69I1qR0n6J1BE3gy8l2iastAFo=",
        "path": "../systems/dilion",
        "type": "path"
      },
@@ -3890,7 +3890,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-RfVz/T1ZGq//oGdyFAHTGYnquMGQ2Z1iVGdJIhi2iMo=",
+        "narHash": "sha256-XI3Hd5sfsPp8/oiqiB5QIzRX8kM5RaJoEgBa41WdVpI=",
        "path": "../systems/eldiron",
        "type": "path"
      },
@@ -3916,7 +3916,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-JEX+epBO3lxnGu5WtYc78V6PmQqDvWOada8/N/5sBbI=",
+        "narHash": "sha256-jLfonpeyLVbLJ4mDHFZoBeNEg3t/yS7t0DMGH5lHlyI=",
        "path": "../systems/monitoring-1",
        "type": "path"
      },
@@ -3941,7 +3941,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-EPiMbYALY6ZXf7ZwBOLzgRL9nH19XV0Ooe9jMCATM88=",
+        "narHash": "sha256-iqBGLdwWzpRUVYjKQY0AKG32LbDkbpSxJibBIIGrAJg=",
        "path": "../systems/quatresaisons",
        "type": "path"
      },
@@ -3962,7 +3962,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-ljV+NXn1W8rIrz6FU9gbjNCt4MEcNRGyNBofIyieJMo=",
+        "narHash": "sha256-fefjcy/F/KPaDFOKzeA0DUDrDq1fIwmWT+6jtVqRR54=",
        "path": "../systems/zoldene",
        "type": "path"
      },
@@ -7598,7 +7598,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
@@ -7617,7 +7617,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
@@ -8525,7 +8525,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "./private/system",
        "type": "path"
      },
@@ -9179,7 +9179,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
@@ -9198,7 +9198,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
@@ -9217,7 +9217,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
@@ -9236,7 +9236,7 @@
      },
      "locked": {
        "lastModified": 1,
-        "narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",
+        "narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
        "path": "../../flakes/private/system",
        "type": "path"
      },
diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix
index 1526f87..e040b84 100644
--- a/flakes/private/system/flake.nix
+++ b/flakes/private/system/flake.nix
@@ -25,7 +25,7 @@
          networking.extraHosts = lib.mkMerge [
            (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${lib.head v.config.hostEnv.ips.main.ip4} ${n}") nodes))
-            (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v.config.hostEnv.wireguard.ip} wg-${n}") (lib.filterAttrs (n: v: v.config.hostEnv.wireguard.enable) nodes)))
+            (lib.mkIf config.hostEnv.wireguard.enable (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v.config.hostEnv.wireguard.ip} wg-${n}") (lib.filterAttrs (n: v: v.config.hostEnv.wireguard.enable) nodes))))
          ];
          networking.firewall.allowedUDPPorts = lib.mkIf config.hostEnv.wireguard.enable [ config.hostEnv.wireguard.port ];
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2025-03-14 01:21:02 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2025-03-14 01:38:00 +0100
commit	930866cf94823edf6d9b91436f30e605a90c7174 (patch)
tree	106f4455cc0fd6eae645b80abdd3b468a2c11de0 /flakes
parent	79f90ea3aa6547d896e0657a7ab19ae3f5c834c6 (diff)
download	Nix-930866cf94823edf6d9b91436f30e605a90c7174.tar.gz Nix-930866cf94823edf6d9b91436f30e605a90c7174.tar.zst Nix-930866cf94823edf6d9b91436f30e605a90c7174.zip

diff --git a/flakes/flake.lock b/flakes/flake.lock index 75677c7..2b6d84a 100644 --- a/flakes/flake.lock +++ b/flakes/flake.lock
@@ -3818,7 +3818,7 @@
3818	},	3818	},
3819	"locked": {	3819	"locked": {
3820	"lastModified": 1,	3820	"lastModified": 1,
3821	"narHash": "sha256-ZHehuF4gKmUT5HHNMZWUXmUO5was3LjBT0XUFbtC3ME=",	3821	"narHash": "sha256-6XWbafDuH63vuds7ZSaai1UO02xkhumDjT1oEioX7u0=",
3822	"path": "../systems/backup-2",	3822	"path": "../systems/backup-2",
3823	"type": "path"	3823	"type": "path"
3824	},	3824	},
@@ -3841,7 +3841,7 @@
3841	},	3841	},
3842	"locked": {	3842	"locked": {
3843	"lastModified": 1,	3843	"lastModified": 1,
3844	"narHash": "sha256-bSv+4WJJsHgg+WyqqT68jQVzCuvfYWwwS7WM1FA+GpU=",	3844	"narHash": "sha256-Bt+EyQNXxATScgdFH69I1qR0n6J1BE3gy8l2iastAFo=",
3845	"path": "../systems/dilion",	3845	"path": "../systems/dilion",
3846	"type": "path"	3846	"type": "path"
3847	},	3847	},
@@ -3890,7 +3890,7 @@
3890	},	3890	},
3891	"locked": {	3891	"locked": {
3892	"lastModified": 1,	3892	"lastModified": 1,
3893	"narHash": "sha256-RfVz/T1ZGq//oGdyFAHTGYnquMGQ2Z1iVGdJIhi2iMo=",	3893	"narHash": "sha256-XI3Hd5sfsPp8/oiqiB5QIzRX8kM5RaJoEgBa41WdVpI=",
3894	"path": "../systems/eldiron",	3894	"path": "../systems/eldiron",
3895	"type": "path"	3895	"type": "path"
3896	},	3896	},
@@ -3916,7 +3916,7 @@
3916	},	3916	},
3917	"locked": {	3917	"locked": {
3918	"lastModified": 1,	3918	"lastModified": 1,
3919	"narHash": "sha256-JEX+epBO3lxnGu5WtYc78V6PmQqDvWOada8/N/5sBbI=",	3919	"narHash": "sha256-jLfonpeyLVbLJ4mDHFZoBeNEg3t/yS7t0DMGH5lHlyI=",
3920	"path": "../systems/monitoring-1",	3920	"path": "../systems/monitoring-1",
3921	"type": "path"	3921	"type": "path"
3922	},	3922	},
@@ -3941,7 +3941,7 @@
3941	},	3941	},
3942	"locked": {	3942	"locked": {
3943	"lastModified": 1,	3943	"lastModified": 1,
3944	"narHash": "sha256-EPiMbYALY6ZXf7ZwBOLzgRL9nH19XV0Ooe9jMCATM88=",	3944	"narHash": "sha256-iqBGLdwWzpRUVYjKQY0AKG32LbDkbpSxJibBIIGrAJg=",
3945	"path": "../systems/quatresaisons",	3945	"path": "../systems/quatresaisons",
3946	"type": "path"	3946	"type": "path"
3947	},	3947	},
@@ -3962,7 +3962,7 @@
3962	},	3962	},
3963	"locked": {	3963	"locked": {
3964	"lastModified": 1,	3964	"lastModified": 1,
3965	"narHash": "sha256-ljV+NXn1W8rIrz6FU9gbjNCt4MEcNRGyNBofIyieJMo=",	3965	"narHash": "sha256-fefjcy/F/KPaDFOKzeA0DUDrDq1fIwmWT+6jtVqRR54=",
3966	"path": "../systems/zoldene",	3966	"path": "../systems/zoldene",
3967	"type": "path"	3967	"type": "path"
3968	},	3968	},
@@ -7598,7 +7598,7 @@
7598	},	7598	},
7599	"locked": {	7599	"locked": {
7600	"lastModified": 1,	7600	"lastModified": 1,
7601	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	7601	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
7602	"path": "../../flakes/private/system",	7602	"path": "../../flakes/private/system",
7603	"type": "path"	7603	"type": "path"
7604	},	7604	},
@@ -7617,7 +7617,7 @@
7617	},	7617	},
7618	"locked": {	7618	"locked": {
7619	"lastModified": 1,	7619	"lastModified": 1,
7620	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	7620	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
7621	"path": "../../flakes/private/system",	7621	"path": "../../flakes/private/system",
7622	"type": "path"	7622	"type": "path"
7623	},	7623	},
@@ -8525,7 +8525,7 @@
8525	},	8525	},
8526	"locked": {	8526	"locked": {
8527	"lastModified": 1,	8527	"lastModified": 1,
8528	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	8528	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
8529	"path": "./private/system",	8529	"path": "./private/system",
8530	"type": "path"	8530	"type": "path"
8531	},	8531	},
@@ -9179,7 +9179,7 @@
9179	},	9179	},
9180	"locked": {	9180	"locked": {
9181	"lastModified": 1,	9181	"lastModified": 1,
9182	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	9182	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
9183	"path": "../../flakes/private/system",	9183	"path": "../../flakes/private/system",
9184	"type": "path"	9184	"type": "path"
9185	},	9185	},
@@ -9198,7 +9198,7 @@
9198	},	9198	},
9199	"locked": {	9199	"locked": {
9200	"lastModified": 1,	9200	"lastModified": 1,
9201	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	9201	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
9202	"path": "../../flakes/private/system",	9202	"path": "../../flakes/private/system",
9203	"type": "path"	9203	"type": "path"
9204	},	9204	},
@@ -9217,7 +9217,7 @@
9217	},	9217	},
9218	"locked": {	9218	"locked": {
9219	"lastModified": 1,	9219	"lastModified": 1,
9220	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	9220	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
9221	"path": "../../flakes/private/system",	9221	"path": "../../flakes/private/system",
9222	"type": "path"	9222	"type": "path"
9223	},	9223	},
@@ -9236,7 +9236,7 @@
9236	},	9236	},
9237	"locked": {	9237	"locked": {
9238	"lastModified": 1,	9238	"lastModified": 1,
9239	"narHash": "sha256-VUtVclRBHcgFrAuf3tdhcA/f1h7U1gBj7KFu0lAnP34=",	9239	"narHash": "sha256-QVPEROHdMcOAF3O0z6aPugh/Te7FAfFYMmrSwK6y3J8=",
9240	"path": "../../flakes/private/system",	9240	"path": "../../flakes/private/system",
9241	"type": "path"	9241	"type": "path"
9242	},	9242	},


diff --git a/flakes/private/system/flake.nix b/flakes/private/system/flake.nix index 1526f87..e040b84 100644 --- a/flakes/private/system/flake.nix +++ b/flakes/private/system/flake.nix
@@ -25,7 +25,7 @@
25		25
26	networking.extraHosts = lib.mkMerge [	26	networking.extraHosts = lib.mkMerge [
27	(builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${lib.head v.config.hostEnv.ips.main.ip4} ${n}") nodes))	27	(builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${lib.head v.config.hostEnv.ips.main.ip4} ${n}") nodes))
28	(builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v.config.hostEnv.wireguard.ip} wg-${n}") (lib.filterAttrs (n: v: v.config.hostEnv.wireguard.enable) nodes)))	28	(lib.mkIf config.hostEnv.wireguard.enable (builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v.config.hostEnv.wireguard.ip} wg-${n}") (lib.filterAttrs (n: v: v.config.hostEnv.wireguard.enable) nodes))))
29	];	29	];
30		30
31	networking.firewall.allowedUDPPorts = lib.mkIf config.hostEnv.wireguard.enable [ config.hostEnv.wireguard.port ];	31	networking.firewall.allowedUDPPorts = lib.mkIf config.hostEnv.wireguard.enable [ config.hostEnv.wireguard.port ];