From e80476549882228840d4d2fa20ebb402d4049f62 Mon Sep 17 00:00:00 2001 From: Nikolaos Karaolidis Date: Mon, 22 Sep 2025 10:25:31 +0100 Subject: [PATCH] Refactor public ip handling Signed-off-by: Nikolaos Karaolidis --- hosts/common/configs/system/default.nix | 1 + .../configs/system/networking/options.nix | 17 +++++++++++++++++ hosts/jupiter-vps/configs/wireguard/default.nix | 3 +-- hosts/jupiter-vps/default.nix | 5 ++++- hosts/jupiter/configs/wireguard/default.nix | 10 ++++------ hosts/jupiter/default.nix | 5 ++++- 6 files changed, 31 insertions(+), 10 deletions(-) create mode 100644 hosts/common/configs/system/networking/options.nix diff --git a/hosts/common/configs/system/default.nix b/hosts/common/configs/system/default.nix index bf77321..b9b1ff1 100644 --- a/hosts/common/configs/system/default.nix +++ b/hosts/common/configs/system/default.nix @@ -3,5 +3,6 @@ imports = [ ./cpu/options.nix ./impermanence/options.nix + ./networking/options.nix ]; } diff --git a/hosts/common/configs/system/networking/options.nix b/hosts/common/configs/system/networking/options.nix new file mode 100644 index 0000000..fedb767 --- /dev/null +++ b/hosts/common/configs/system/networking/options.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +{ + options.networking = + with lib; + with types; + { + publicIPv4 = mkOption { + type = nullOr string; + description = "The public IPv4 address of this device."; + }; + + publicIPv6 = mkOption { + type = nullOr string; + description = "The public IPv6 address of this device."; + }; + }; +} diff --git a/hosts/jupiter-vps/configs/wireguard/default.nix b/hosts/jupiter-vps/configs/wireguard/default.nix index 9ef8ec7..e75da6f 100644 --- a/hosts/jupiter-vps/configs/wireguard/default.nix +++ b/hosts/jupiter-vps/configs/wireguard/default.nix @@ -2,7 +2,6 @@ let jupiterConfig = inputs.self.nixosConfigurations.jupiter.config; wireguardPort = 51821; - jupiterPublicIPv4 = "51.89.210.124"; in { boot.kernel.sysctl = { @@ -29,7 +28,7 @@ in name = "jupiter"; allowedIPs = [ "10.0.0.2/32" - "${jupiterPublicIPv4}/32" + "${jupiterConfig.networking.publicIPv4}/32" ]; publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter/wireguard_key.pub"; } diff --git a/hosts/jupiter-vps/default.nix b/hosts/jupiter-vps/default.nix index 825d468..722d364 100644 --- a/hosts/jupiter-vps/default.nix +++ b/hosts/jupiter-vps/default.nix @@ -33,7 +33,10 @@ ./configs/wireguard ]; - networking.hostName = "jupiter-vps"; + networking = { + hostName = "jupiter-vps"; + publicIPv4 = "51.75.170.190"; + }; environment.impermanence.enable = lib.mkForce false; diff --git a/hosts/jupiter/configs/wireguard/default.nix b/hosts/jupiter/configs/wireguard/default.nix index d113d93..7c72b85 100644 --- a/hosts/jupiter/configs/wireguard/default.nix +++ b/hosts/jupiter/configs/wireguard/default.nix @@ -7,8 +7,6 @@ let jupiterVpsConfig = inputs.self.nixosConfigurations.jupiter-vps.config; wireguardPort = jupiterVpsConfig.networking.wireguard.interfaces.wg0.listenPort; - jupiterVpsPublicIPv4 = "51.75.170.190"; - jupiterPublicIPv4 = "51.89.210.124"; in { sops.secrets."wireguard/client/vps" = { }; @@ -29,21 +27,21 @@ in { ips = [ "10.0.0.2/24" - "${jupiterPublicIPv4}/32" + "${config.networking.publicIPv4}/32" ]; privateKeyFile = config.sops.secrets."wireguard/client/vps".path; inherit table; - postSetup = [ "${ip} rule add from ${jupiterPublicIPv4} table ${table}" ]; - postShutdown = [ "${ip} rule del from ${jupiterPublicIPv4} table ${table}" ]; + postSetup = [ "${ip} rule add from ${config.networking.publicIPv4} table ${table}" ]; + postShutdown = [ "${ip} rule del from ${config.networking.publicIPv4} table ${table}" ]; peers = [ { name = "jupiter-vps"; allowedIPs = [ "0.0.0.0/0" ]; publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub"; - endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}"; + endpoint = "${jupiterVpsConfig.networking.publicIPv4}:${builtins.toString wireguardPort}"; persistentKeepalive = 25; } ]; diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix index d051a37..30e9a3a 100644 --- a/hosts/jupiter/default.nix +++ b/hosts/jupiter/default.nix @@ -52,7 +52,10 @@ ./users/tv ]; - networking.hostName = "jupiter"; + networking = { + hostName = "jupiter"; + publicIPv4 = "51.89.210.124"; + }; boot.initrd = { luks.devices = {