add lumi-vpn module

logical/blackadder.nix

@@ -5,20 +5,11 @@
       ../roles/workstation.nix
     ];
 
-  nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
   system.stateVersion = "19.09";
 
-  networking.wireguard.interfaces = {
-    wg-lumi = {
-      privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick-homepc.key";
-      ips = [ "10.109.0.18" ];
-      peers = [ {
-        publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
-        endpoint = "wg.lumi.guide:31727";
-        allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
-      }];
-      postSetup = "ip link set dev wg-lumi mtu 1408";
-    };
+  yorick.lumi-vpn = {
+    name = "yorick-homepc";
+    mtu = 1408;
   };
   environment.systemPackages = [ pkgs.spice_gtk ];
   security.wrappers.spice-client-glib-usb-acl-helper.source = "${pkgs.spice_gtk}/bin/spice-client-glib-usb-acl-helper";

logical/jarvis.nix

@@ -5,19 +5,7 @@
       ../roles/workstation.nix
     ];
 
-  nixpkgs.overlays = [ (import (builtins.fetchTarball https://github.com/colemickens/nixpkgs-wayland/archive/master.tar.gz)) ];
   system.stateVersion = "17.09";
 
-  networking.wireguard.interfaces = {
-    wg-lumi = {
-      privateKeyFile = "/home/yorick/engineering/lumi/secrets/devel/vpn/wg/workstations.yorick.key";
-      ips = [ "10.109.0.10" ];
-      peers = [ {
-        publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
-        endpoint = "wg.lumi.guide:31727";
-        allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
-      }];
-      postSetup = "ip link set dev wg-lumi mtu 1371";
-    };
-  };
+  yorick.lumi-vpn.name = "yorick";
 }

modules/lumi-vpn.nix

@@ -0,0 +1,42 @@
+{ config, lib, ... }:
+let
+  cfg = config.yorick.lumi-vpn;
+  addresses = import "${builtins.getEnv "HOME"}/engineering/lumi/os/gateway/addresses.nix"
+    { lib.ip4.ip = a: b: c: d: x: lib.concatStringsSep "." (map toString [ a b c d ]); };
+in
+{
+  options.yorick.lumi-vpn = with lib; {
+    enable = mkEnableOption "lumi vpn";
+    name = mkOption {
+      type = types.str;
+      example = "yorick-homepc";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "yorick";
+    };
+    mtu = mkOption {
+      type = types.int;
+      default = 1371;
+    };
+    ip = mkOption {
+      type = types.str;
+      example = "10.109.0.1";
+      default = addresses.workstations."${cfg.name}";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    networking.wireguard.interfaces = {
+      wg-lumi = {
+        privateKeyFile = "/home/${cfg.user}/engineering/lumi/secrets/devel/vpn/wg/workstations.${cfg.name}.key";
+        ips = [ cfg.ip ];
+        peers = [ {
+          publicKey = "6demp+PX2XyVoMovDj4xHQ2ZHKoj4QAF8maWpjcyzzI=";
+          endpoint = "wg.lumi.guide:31727";
+          allowedIPs = [ "10.96.0.0/12" "10.0.0.0/17" ];
+        }];
+        postSetup = "ip link set dev wg-lumi mtu ${toString cfg.mtu}";
+      };
+    };
+  };
+}

roles/default.nix

@@ -9,6 +9,7 @@ in
 	imports = [
     ../modules/tor-hidden-service.nix
     ../modules/nginx.nix
+    ../modules/lumi-vpn.nix
     ../deploy/keys.nix
     ../services
   ];

roles/workstation.nix

@@ -97,4 +97,6 @@ in
 
   # git
   boot.kernel.sysctl."fs.inotify.max_user_watches" = 1024000000;
+
+  yorick.lumi-vpn.enable = true;
 }