From b8f5007dbcb0a9393016fec83a27b5a017327d2b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Tue, 9 Apr 2024 13:45:50 +0200
Subject: wireguard: drop dean as endpoint

This doesn't work correctly because dean doesn't have public IP and thus
can't be discovered easilly.
---
 nixos/modules/wireguad.nix | 39 +++++----------------------------------
 1 file changed, 5 insertions(+), 34 deletions(-)

(limited to 'nixos/modules/wireguad.nix')

diff --git a/nixos/modules/wireguad.nix b/nixos/modules/wireguad.nix
index aad392a..eb25a6e 100644
--- a/nixos/modules/wireguad.nix
+++ b/nixos/modules/wireguad.nix
@@ -6,7 +6,7 @@
 }: let
   inherit (lib) any all mkEnableOption mkIf mapAttrsToList optional optionals optionalAttrs filterAttrs;
   inherit (config.networking) hostName;
-  endpoints = ["lipwig" "spt-omnia" "adm-omnia" "dean"];
+  endpoints = ["lipwig" "spt-omnia" "adm-omnia"];
   is_endpoint = any (v: v == hostName) endpoints;
 in {
   options = {
@@ -62,18 +62,6 @@ in {
             #    }
             #    // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
             #}
-            {
-              wireguardPeerConfig =
-                {
-                  AllowedIPs = [
-                    "${config.cynerd.hosts.wg.dean}/32"
-                    "10.0.0.0/22"
-                    "10.0.20.0/24"
-                  ];
-                  PublicKey = config.secrets.wireguardPubs.dean;
-                }
-                // (optionalAttrs (!is_endpoint) {PersistentKeepalive = 25;});
-            }
           ]
           ++ (optionals is_endpoint (mapAttrsToList (n: v: {
             wireguardPeerConfig = {
@@ -87,9 +75,9 @@ in {
         networkConfig = {
           Address = "${config.cynerd.hosts.wg."${hostName}"}/24";
           IPForward = is_endpoint;
-          DNS = mkIf (hostName != "dean") ["10.0.20.30" "10.0.20.31"];
-          DNSSEC = false;
-          Domains = mkIf (hostName != "dean") "~elektroline.cz";
+          #DNS = mkIf (hostName != "dean") ["10.0.20.30" "10.0.20.31"];
+          #DNSSEC = false;
+          #Domains = mkIf (hostName != "dean") "~elektroline.cz";
         };
         routes =
           (optional (hostName != "lipwig") {
@@ -115,24 +103,7 @@ in {
               Destination = "10.8.3.0/24";
               Metric = 2048;
             };
-          })
-          ++ (optionals (hostName != "dean") [
-            # Elektroline
-            {
-              routeConfig = {
-                Gateway = config.cynerd.hosts.wg.dean;
-                Destination = "10.0.0.0/22";
-                Metric = 2048;
-              };
-            }
-            {
-              routeConfig = {
-                Gateway = config.cynerd.hosts.wg.dean;
-                Destination = "10.0.20.0/24";
-                Metric = 2048;
-              };
-            }
-          ]);
+          });
       };
     };
     networking.firewall.allowedUDPPorts = [51820];
-- 
cgit v1.2.3