refactor: adjust wireguard accessors to use globals

2025-10-10 23:00:39 +02:00 · 2025-09-13 21:14:50 +02:00 · 2025-09-13 21:14:50 +02:00 · b885d1062b
commit b885d1062b
parent 157c303f38
28 changed files with 169 additions and 133 deletions
--- a/hosts/ward/guests/forgejo.nix
+++ b/hosts/ward/guests/forgejo.nix
@ -42,22 +42,32 @@ in
      postrouting.to-forgejo = {
        after = [ "hook" ];
        rules = [
-          "iifname wan ip daddr ${config.wireguard.proxy-sentinel.ipv4} tcp dport 22 masquerade random"
-          "iifname wan ip6 daddr ${config.wireguard.proxy-sentinel.ipv6} tcp dport 22 masquerade random"
+          "iifname wan ip daddr ${
+            globals.wireguard.proxy-sentinel.hosts.${config.node.name}.ipv4
+          } tcp dport 22 masquerade random"
+          "iifname wan ip6 daddr ${
+            globals.wireguard.proxy-sentinel.hosts.${config.node.name}.ipv6
+          } tcp dport 22 masquerade random"
        ];
      };
      prerouting.to-forgejo = {
        after = [ "hook" ];
        rules = [
-          "iifname wan tcp dport 9922 dnat ip to ${config.wireguard.proxy-sentinel.ipv4}:22"
-          "iifname wan tcp dport 9922 dnat ip6 to ${config.wireguard.proxy-sentinel.ipv6}:22"
+          "iifname wan tcp dport 9922 dnat ip to ${
+            globals.wireguard.proxy-sentinel.hosts.${config.node.name}.ipv4
+          }:22"
+          "iifname wan tcp dport 9922 dnat ip6 to ${
+            globals.wireguard.proxy-sentinel.hosts.${config.node.name}.ipv6
+          }:22"
        ];
      };
    };

    services.nginx = {
      upstreams.forgejo = {
-        servers."${config.wireguard.proxy-sentinel.ipv4}:${toString config.services.forgejo.settings.server.HTTP_PORT}" =
+        servers."${
+          globals.wireguard.proxy-sentinel.hosts.${config.node.name}.ipv4
+        }:${toString config.services.forgejo.settings.server.HTTP_PORT}" =
          { };
        extraConfig = ''
          zone forgejo 64k;