joint ips & ports open through lambda

2025-09-20 15:48:05 -06:00
parent 6e49c741f3
commit e3272a1dce
6 changed files with 25 additions and 57 deletions
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -1,4 +1,9 @@
-{ pkgs, config, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
 {
  imports = [
    ./hardware-configuration.nix
@@ -9,32 +14,15 @@
  sops.secrets."vps/home/private".sopsFile = ../../secrets/wireguard.yaml;
  networking =
    let
-      ports = [
+      enabledPorts =
+        config.my.servers
+        |> lib.filterAttrs (_: srv: (srv.enable or false) && (srv ? port))
+        |> lib.attrValues
+        |> map (srv: srv.port);
+      ports = enabledPorts ++ [
        2049 # idk
-        9999 # stash
        8384 # syncthing
-        5201 # vps speed test
        3452 # sonarqube
-        config.my.servers.audiobookshelf.port
-        config.my.servers.bazarr.port
-        config.my.servers.collabora.port
-        config.my.servers.homepage.port
-        config.my.servers.kavita.port
-        config.my.servers.lidarr.port
-        config.my.servers.maloja.port
-        config.my.servers.microbin.port
-        config.my.servers.multi-scrobbler.port
-        config.my.servers.plex.port
-        config.my.servers.prowlarr.port
-        config.my.servers.radarr.port
-        config.my.servers.readeck.port
-        config.my.servers.ryot.port
-        config.my.servers.sonarr.port
-        config.my.servers.synapse.port
-        config.my.servers.vaultwarden.port
-        config.my.servers.jellyfin.port
-        config.my.servers.mealie.port
-        config.my.servers.gitea.port
        config.services.gitea.settings.server.SSH_PORT
      ];
    in
@@ -46,13 +34,13 @@
        interfaces.wg0.allowedTCPPorts = [ 8081 ];
      };
      wireguard.interfaces.wg0 = {
-        ips = [ "${config.my.wgServerIp}/32" ];
+        ips = [ "${config.my.ips.wg-server}/32" ];
        privateKeyFile = config.sops.secrets."vps/home/private".path;
        peers = [
          {
            publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
-            endpoint = "51.222.141.104:51820";
-            allowedIPs = [ "${config.my.wgVpsIp}/32" ];
+            endpoint = "${config.my.ips.vps}:51820";
+            allowedIPs = [ "${config.my.ips.wg-vps}/32" ];
            persistentKeepalive = 25;
          }
        ];