feat: finish migration to new globals system for wireguard

2025-09-13 23:23:28 +02:00 · 2025-09-13 23:23:28 +02:00 · a1623fb97c
commit a1623fb97c
parent b885d1062b
29 changed files with 204 additions and 214 deletions
--- a/hosts/sentinel/default.nix
+++ b/hosts/sentinel/default.nix
@ -22,13 +22,15 @@
  nixpkgs.hostPlatform = "x86_64-linux";
  boot.mode = "bios";

-  wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [
-    80
-    443
-  ];
-  wireguard.proxy-sentinel.firewallRuleForAll.allowedUDPPorts = [
-    443
-  ];
+  globals.wireguard.proxy-sentinel.hosts.${config.node.name}.firewallRuleForAll = {
+    allowedTCPPorts = [
+      80
+      443
+    ];
+    allowedUDPPorts = [
+      443
+    ];
+  };

  users.groups.acme.members = [ "nginx" ];
  services.nginx.enable = true;
--- a/hosts/sentinel/net.nix
+++ b/hosts/sentinel/net.nix
@ -55,9 +55,7 @@ in

  globals.wireguard.proxy-sentinel = {
    host = config.networking.fqdn;
-    port = 51443;
-    cidrv4 = "10.43.0.0/24";
-    cidrv6 = "fd00:43::/120";
    openFirewall = true;
+    hosts.${config.node.name}.server = true;
  };
 }