dn42: format

2023-09-15 22:50:59 +02:00 · 2023-09-15 22:50:59 +02:00 · 10f532f8ee
parent 83654b5a7b
commit 10f532f8ee
1 changed files with 25 additions and 33 deletions
--- a/hosts/dn42/default.nix
+++ b/hosts/dn42/default.nix
@ -65,12 +65,13 @@ in
    "net.ipv6.conf.default.forwarding" = true;
  };

-  boot.postBootCommands = ''
+  boot.postBootCommands = /* bash */''
    if [ ! -c /dev/net/tun ]; then
      mkdir -p /dev/net
      mknod -m 666 /dev/net/tun c 10 200
    fi
  '';
+
  services.openvpn =
    let
      openvpnNeighbors = lib.filterAttrs (_: conf: conf ? openvpn) neighbors;
@ -97,38 +98,34 @@ in
      };
    in
    {
-      servers =
-        builtins.mapAttrs mkServer openvpnNeighbors;
+      servers = builtins.mapAttrs mkServer openvpnNeighbors;
    };

  networking.wireguard = {
    enable = true;
    interfaces =
      let
-        wireguardNeighbors =
-          lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
+        wireguardNeighbors = lib.filterAttrs (_: conf: conf ? wireguard) neighbors;
      in
-      builtins.mapAttrs
-        (name: conf: {
-          inherit (conf.wireguard) listenPort;
-          privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
-          ips = [ "${address4}/32" "${address6}/64" ];
-          allowedIPsAsRoutes = false;
-          postSetup = ''
-            ${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
-            ${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
-          '';
-          peers = [
-            ({
-              inherit (conf.wireguard) publicKey;
-              allowedIPs = [ "0.0.0.0/0" "::0/0" ];
-              persistentKeepalive = 30;
-            } // (lib.optionalAttrs (conf.wireguard ? endpoint) {
-              inherit (conf.wireguard) endpoint;
-            }))
-          ];
-        })
-        wireguardNeighbors;
+      builtins.mapAttrs (name: conf: {
+        inherit (conf.wireguard) listenPort;
+        privateKeyFile = config.sops.secrets."neighbors/${name}/wireguard/privateKey".path;
+        ips = [ "${address4}/32" "${address6}/64" ];
+        allowedIPsAsRoutes = false;
+        postSetup = ''
+          ${pkgs.iproute}/bin/ip addr del ${address4}/32 dev ${name}
+          ${pkgs.iproute}/bin/ip addr add ${address4} dev ${name}${if conf ? address4 then " peer ${conf.address4}/32" else ""}
+        '';
+        peers = [
+          ({
+            inherit (conf.wireguard) publicKey;
+            allowedIPs = [ "0.0.0.0/0" "::0/0" ];
+            persistentKeepalive = 30;
+          } // (lib.optionalAttrs (conf.wireguard ? endpoint) {
+            inherit (conf.wireguard) endpoint;
+          }))
+        ];
+      }) wireguardNeighbors;
  };

  services.bird2 = {
@ -157,8 +154,7 @@ in
                    "";
                interface = conf.interface or name;
              in
-              "${neighbor4}${neighbor6}")
-            neighbors));
+              "${neighbor4}${neighbor6}") neighbors));
      in
      ''
        protocol kernel {
@ -230,9 +226,5 @@ in
      '';
  };

-  # This value determines the NixOS release with which your system is to be
-  # compatible, in order to avoid breaking some software such as database
-  # servers. You should change this only after NixOS release notes say you
-  # should.
-  system.stateVersion = "19.09"; # Did you read the comment?
+  system.stateVersion = "19.09";
 }