Refactor public ip handling

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/system/default.nix

@@ -3,5 +3,6 @@
   imports = [
     ./cpu/options.nix
     ./impermanence/options.nix
+    ./networking/options.nix
   ];
 }

hosts/common/configs/system/networking/options.nix

@@ -0,0 +1,17 @@
+{ lib, ... }:
+{
+  options.networking =
+    with lib;
+    with types;
+    {
+      publicIPv4 = mkOption {
+        type = nullOr str;
+        description = "The public IPv4 address of this device.";
+      };
+
+      publicIPv6 = mkOption {
+        type = nullOr str;
+        description = "The public IPv6 address of this device.";
+      };
+    };
+}

hosts/jupiter-vps/configs/wireguard/default.nix

@@ -2,7 +2,6 @@
 let
   jupiterConfig = inputs.self.nixosConfigurations.jupiter.config;
   wireguardPort = 51821;
-  jupiterPublicIPv4 = "51.89.210.124";
 in
 {
   boot.kernel.sysctl = {
@@ -29,7 +28,7 @@ in
           name = "jupiter";
           allowedIPs = [
             "10.0.0.2/32"
-            "${jupiterPublicIPv4}/32"
+            "${jupiterConfig.networking.publicIPv4}/32"
           ];
           publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter/wireguard_key.pub";
         }

hosts/jupiter-vps/default.nix

@@ -33,7 +33,10 @@
     ./configs/wireguard
   ];
 
-  networking.hostName = "jupiter-vps";
+  networking = {
+    hostName = "jupiter-vps";
+    publicIPv4 = "51.75.170.190";
+  };
 
   environment.impermanence.enable = lib.mkForce false;
 

hosts/jupiter/configs/wireguard/default.nix

@@ -7,8 +7,6 @@
 let
   jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
   wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort;
-  jupiterVpsPublicIPv4 = "51.75.170.190";
-  jupiterPublicIPv4 = "51.89.210.124";
 in
 {
   sops.secrets."wireguard/client/vps" = { };
@@ -29,21 +27,21 @@ in
       {
         ips = [
           "10.0.0.2/24"
-          "${jupiterPublicIPv4}/32"
+          "${config.networking.publicIPv4}/32"
         ];
 
         privateKeyFile = config.sops.secrets."wireguard/client/vps".path;
 
         inherit table;
-        postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ];
-        postShutdown = [ "${ip} rule del from ${jupiterPublicIPv4} table ${table}" ];
+        postSetup = [ "${ip} rule add from ${config.networking.publicIPv4} table ${table}" ];
+        postShutdown = [ "${ip} rule del from ${config.networking.publicIPv4} table ${table}" ];
 
         peers = [
           {
             name = "jupiter-vps";
             allowedIPs = [ "0.0.0.0/0" ];
             publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub";
-            endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}";
+            endpoint = "${jupiterVpsConfig.networking.publicIPv4}:${builtins.toString wireguardPort}";
             persistentKeepalive = 25;
           }
         ];

hosts/jupiter/default.nix

@@ -52,7 +52,10 @@
     ./users/tv
   ];
 
-  networking.hostName = "jupiter";
+  networking = {
+    hostName = "jupiter";
+    publicIPv4 = "51.89.210.124";
+  };
 
   boot.initrd = {
     luks.devices = {