Refactor public ip handling

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-09-22 10:54:59 +01:00
parent 3bf23f860a
commit 248432b132
6 changed files with 31 additions and 10 deletions
--- a/hosts/jupiter/configs/wireguard/default.nix
+++ b/hosts/jupiter/configs/wireguard/default.nix
@@ -7,8 +7,6 @@
 let
  jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config;
  wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort;
-  jupiterVpsPublicIPv4 = "51.75.170.190";
-  jupiterPublicIPv4 = "51.89.210.124";
 in
 {
  sops.secrets."wireguard/client/vps" = { };
@@ -29,21 +27,21 @@ in
      {
        ips = [
          "10.0.0.2/24"
-          "${jupiterPublicIPv4}/32"
+          "${config.networking.publicIPv4}/32"
        ];

        privateKeyFile = config.sops.secrets."wireguard/client/vps".path;

        inherit table;
-        postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ];
-        postShutdown = [ "${ip} rule del from ${jupiterPublicIPv4} table ${table}" ];
+        postSetup = [ "${ip} rule add from ${config.networking.publicIPv4} table ${table}" ];
+        postShutdown = [ "${ip} rule del from ${config.networking.publicIPv4} table ${table}" ];

        peers = [
          {
            name = "jupiter-vps";
            allowedIPs = [ "0.0.0.0/0" ];
            publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub";
-            endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}";
+            endpoint = "${jupiterVpsConfig.networking.publicIPv4}:${builtins.toString wireguardPort}";
            persistentKeepalive = 25;
          }
        ];
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -52,7 +52,10 @@
    ./users/tv
  ];

-  networking.hostName = "jupiter";
+  networking = {
+    hostName = "jupiter";
+    publicIPv4 = "51.89.210.124";
+  };

  boot.initrd = {
    luks.devices = {