From f774334203a23c9c986de9ca54462a96f6323e7e Mon Sep 17 00:00:00 2001
From: LavaDesu <me@lava.moe>
Date: Sun, 13 Feb 2022 15:22:08 +0700
Subject: [PATCH] system/wireguard: refactor and add caramel

---
 hosts/caramel/default.nix    |   1 +
 modules/system/wireguard.nix |  33 ++++++++++++++++++++++++++-------
 secrets.nix                  |   1 +
 secrets/wg_caramel.age       | Bin 0 -> 479 bytes
 4 files changed, 28 insertions(+), 7 deletions(-)
 create mode 100644 secrets/wg_caramel.age

diff --git a/hosts/caramel/default.nix b/hosts/caramel/default.nix
index 5c49e38..b4d4ca8 100644
--- a/hosts/caramel/default.nix
+++ b/hosts/caramel/default.nix
@@ -15,6 +15,7 @@
     input
     nix-porcupine
     security
+    wireguard
 
     ./filesystem.nix
     ./kernel.nix
diff --git a/modules/system/wireguard.nix b/modules/system/wireguard.nix
index 660a683..2d2d02e 100644
--- a/modules/system/wireguard.nix
+++ b/modules/system/wireguard.nix
@@ -5,12 +5,31 @@ let
   serverInterface = "ens3";
   serverIp = "51.79.240.130";
 
+  routeBypass = {
+    caramel = {
+      gateway = "192.168.100.1";
+      interface = "wlan0";
+      routes = [
+        serverIp
+      ];
+    };
+    blossom = {
+      gateway = "192.168.100.1";
+      interface = "wlp3s0";
+      routes = [
+        serverIp
+      ];
+    };
+  };
+
   clients = {
+    caramel = {
+      publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA=";
+      allowedIPs = [ "10.100.0.2/32" ];
+    };
     blossom = {
       publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo=";
       allowedIPs = [ "10.100.0.3/32" ];
-      interface = "wlp3s0";
-      gateway = "192.168.100.1";
     };
     strawberry = {
       publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg=";
@@ -55,18 +74,18 @@ let
   clientConfig = {
     wireguard.interfaces.wg0 =
     let
-      client = clients."${config.networking.hostName}";
+      client = routeBypass."${config.networking.hostName}";
+      mappedAdd = lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route add ${r} via ${client.gateway} dev ${client.interface}") client.routes;
+      mappedDel = lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route del ${r} via ${client.gateway} dev ${client.interface}") client.routes;
     in {
       ips = client.allowedIPs;
       listenPort = port;
 
-      postSetup = ''
-        ${pkgs.iproute2}/bin/ip route add ${serverIp} via ${client.gateway} dev ${client.interface}
+      postSetup = mappedAdd + ''
         ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
       '';
 
-      postShutdown = ''
-        ${pkgs.iproute2}/bin/ip route del ${serverIp} via ${client.gateway} dev ${client.interface}
+      postShutdown = mappedDel + ''
         ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
       '';
 
diff --git a/secrets.nix b/secrets.nix
index 0b66d20..eba03b5 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -9,5 +9,6 @@ in {
   "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ];
 
   "secrets/wg_blossom.age".publicKeys = [ blossom rin ];
+  "secrets/wg_caramel.age".publicKeys = [ caramel rin ];
   "secrets/wg_sugarcane.age".publicKeys = [ sugarcane rin ];
 }
diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age
new file mode 100644
index 0000000000000000000000000000000000000000..2a18202bcd6cea702c270ac871e992141510fdfb
GIT binary patch
literal 479
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+wRDTfNms}#EcP(=
z)X(uOa!IMmbWL$Iv&=M4GVqTyO0>-MH#Mlt%(3)#H7&^vPUbQzDKX1%PmZ*xG;;LI
z_Vse{4=^yVG<J9OOEPp#@pW|%a!jwx_Rr4ua7DK*yC^cXG*BTdEh4zk#MsTFASB!*
zN<ZA+FWu6o!Z6FEsNA(GKg2M^BGB14(JdoAy__pJ#MLZ6-#9HTBRAcwAk9C*+dnNd
z$;~ULs4Ob2*v~7(r_!assK6yZDj8&3nvq?Koo;$jYGQG!f`@IMy9t+vMPW%ml~Zo2
zOJIRvc0rj}a-oY+fxC8yM|!1yXhvaSP(Wa4K&i8vTR^h8uSc$zqj_1HtBYlze`aD<
zK&}Z_o`H{nNnmJhc0q7Kez-xfqjQ><c6en4m#(g^f<<A5L1k4?mZxi8l%-3QiN14i
zs%3USNw~3dc|>YSfKN(hM5UR3p}torS8blhG`BZ82C-qAmc?A)sjB?-diIL2#SC|D
z{pP%8c=-3T^kz1`vuX)tCSmKHo~)1knwFqwd9?9#!@P_oj22UVi=<3^ukbhX$-=ZA
G?~MSrTc_Fp

literal 0
HcmV?d00001