summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--machines/taupe/default.nix23
-rw-r--r--machines/taureau/default.nix23
-rw-r--r--machines/truite/default.nix23
-rw-r--r--modules/vpn.nix31
4 files changed, 37 insertions, 63 deletions
diff --git a/machines/taupe/default.nix b/machines/taupe/default.nix
index ef3fc6a..4f60eab 100644
--- a/machines/taupe/default.nix
+++ b/machines/taupe/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ../../modules/common.nix
+    ../../modules/vpn.nix
 
     ./hardware.nix
     ./devices.nix
@@ -23,27 +24,7 @@
       ];
     };
 
-    wireguard.server = {
-      enable = true;
-      externalInterface = "enp1s0";
-
-      peers = {
-        mel = {
-          key = "vnZoHXapCLLUhZ8A8R5W0iJ8LpWVLve29z41kkoT0BU=";
-          ip = 2;
-        };
-
-        andrei = {
-          key = "qqU4uYImLfUohIwl4KBshPtTINFcs0JVALjbmwpfxRg=";
-          ip = 3;
-        };
-
-        sergo = {
-          key = "qbZGMNIDZFCJC6SHtlyNIlIdGWHELceXClJCcagrj2Y=";
-          ip = 4;
-        };
-      };
-    };
+    wireguard.server.externalInterface = "enp1s0";
   };
 
   system.stateVersion = "25.05";
diff --git a/machines/taureau/default.nix b/machines/taureau/default.nix
index ae64740..38172cf 100644
--- a/machines/taureau/default.nix
+++ b/machines/taureau/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ../../modules/common.nix
+    ../../modules/vpn.nix
 
     ./hardware.nix
     ./devices.nix
@@ -24,27 +25,7 @@
       ];
     };
 
-    wireguard.server = {
-      enable = true;
-      externalInterface = "enp6s16";
-
-      peers = {
-        mel = {
-          key = "vnZoHXapCLLUhZ8A8R5W0iJ8LpWVLve29z41kkoT0BU=";
-          ip = 2;
-        };
-
-        andrei = {
-          key = "qqU4uYImLfUohIwl4KBshPtTINFcs0JVALjbmwpfxRg=";
-          ip = 3;
-        };
-
-        sergo = {
-          key = "qbZGMNIDZFCJC6SHtlyNIlIdGWHELceXClJCcagrj2Y=";
-          ip = 4;
-        };
-      };
-    };
+    wireguard.server.externalInterface = "enp6s16";
   };
 
   system.stateVersion = "25.05";
diff --git a/machines/truite/default.nix b/machines/truite/default.nix
index 9670da2..f8dbaaa 100644
--- a/machines/truite/default.nix
+++ b/machines/truite/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ../../modules/common.nix
+    ../../modules/vpn.nix
 
     ./hardware.nix
     ./devices.nix
@@ -24,27 +25,7 @@
       ];
     };
 
-    wireguard.server = {
-      enable = true;
-      externalInterface = "eth0";
-
-      peers = {
-        mel = {
-          key = "vnZoHXapCLLUhZ8A8R5W0iJ8LpWVLve29z41kkoT0BU=";
-          ip = 2;
-        };
-
-        andrei = {
-          key = "qqU4uYImLfUohIwl4KBshPtTINFcs0JVALjbmwpfxRg=";
-          ip = 3;
-        };
-
-        sergo = {
-          key = "qbZGMNIDZFCJC6SHtlyNIlIdGWHELceXClJCcagrj2Y=";
-          ip = 4;
-        };
-      };
-    };
+    wireguard.server.externalInterface = "eth0";
   };
 
   system.stateVersion = "25.05";
diff --git a/modules/vpn.nix b/modules/vpn.nix
new file mode 100644
index 0000000..6772c2a
--- /dev/null
+++ b/modules/vpn.nix
@@ -0,0 +1,31 @@
+{ ... }:
+
+{
+  # these are the common peers that will want to access our hosts
+  # that run the vpn in different parts of the world.
+  foundation = {
+    wireguard.server = {
+      enable = true;
+      # has to be set by the individual server running the vpn:
+      # like, for example:
+      # externalInterface = "eth0";
+
+      peers = {
+        mel = {
+          key = "vnZoHXapCLLUhZ8A8R5W0iJ8LpWVLve29z41kkoT0BU=";
+          ip = 2;
+        };
+
+        andrei = {
+          key = "qqU4uYImLfUohIwl4KBshPtTINFcs0JVALjbmwpfxRg=";
+          ip = 3;
+        };
+
+        sergo = {
+          key = "qbZGMNIDZFCJC6SHtlyNIlIdGWHELceXClJCcagrj2Y=";
+          ip = 4;
+        };
+      };
+    };
+  };
+}