wg fixes:

- use different subdomain for hosts (so endpoint = hostname doesn't fail for clients)
- do not add peers if neither us nor them are endpoints (so they get routed)

2 files changed, 7 insertions, 4 deletions

diff --git a/modules/services/wireguard.nix b/modules/services/wireguard.nix
index f719a47..0302e72 100644
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -18,7 +18,7 @@ in {
     };
     hostname = lib.mkOption {
       description = "short part of the hostname (select wireguard config from configs)";
-      default = lib.removeSuffix ".${cfg.domain}" config.networking.hostName;
+      default = lib.removeSuffix ".${config.networking.domain}" config.networking.hostName;
       type = lib.types.str;
     };
     machines = lib.mkOption {
@@ -86,7 +86,8 @@ in {
       publicKey = value.publicKey;
       endpoint = (if value.endpoint != null then value.endpoint + ":" + (toString value.listenPort) else null);
       persistentKeepalive = current.keepalive;
-    }) others;
+    }) (lib.filterAttrs (n: v: current.endpoint != null || v.endpoint != null)
+        others);
 
     hosts = lib.mapAttrs' (name: value: lib.attrsets.nameValuePair
       (builtins.head (builtins.split "/" value.ip)) [ (name + ".${cfg.domain}") name ]
diff --git a/profiles/wireguard.nix b/profiles/wireguard.nix
index 84d73a7..da8afeb 100644
--- a/profiles/wireguard.nix
+++ b/profiles/wireguard.nix
@@ -1,9 +1,11 @@
-{ config, lib, ... }:
+{ config, pkgs, lib, ... }:
 
 {
+  services.codewreck.wireguard.domain = "wg.codewreck.org";
+
   services.codewreck.wireguard.machines = {
     jormungand = {
-      ip = "fd13:537e:dbbf:1210::1";
+      ip = "fd13:537e:dbbf:1210::1/64";
       endpoint = "jormungand.codewreck.org";
       listenPort = 51733;
       publicKey = "Hx5RnhfyP91LEgXAn4pLiOm4nMRZvVx+rsX0YhVzqAQ=";