remove wireguard and internal CA
This commit is contained in:
parent
a3922810ad
commit
af963bb628
|
|
@ -1,12 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBujCCAWGgAwIBAgIQINyB8JtDFzImcYtBEEbrbzAKBggqhkjOPQQDAjA8MRgw
|
||||
FgYDVQQKEw9jaGFvc0ludGVybmFsQ0ExIDAeBgNVBAMTF2NoYW9zSW50ZXJuYWxD
|
||||
QSBSb290IENBMB4XDTIzMTAwNzA5MjYyMloXDTMzMTAwNDA5MjYyMlowPDEYMBYG
|
||||
A1UEChMPY2hhb3NJbnRlcm5hbENBMSAwHgYDVQQDExdjaGFvc0ludGVybmFsQ0Eg
|
||||
Um9vdCBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFRmFlfmZyu0k0gt3SpK
|
||||
X+87L2L6Ty0ddQoTVh6O/PnqSc5583oWjD3I8La8CP0Ehadr+MZ6qnTlng2Z5G+0
|
||||
4PWjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1Ud
|
||||
DgQWBBQSdzj+Rld9GOvs4T2BuFlqk19d5zAKBggqhkjOPQQDAgNHADBEAiADlN6S
|
||||
1AgXe0M3Jp9KMI17amhbJFJY+RKhZG8iXjLi5AIgBR1prsckn0cH6J5l1R2UFVfP
|
||||
JXQxoNNf9ZJcgA9uOww=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB5TCCAYugAwIBAgIRAMByUDCtdh+37o2NL01fJvQwCgYIKoZIzj0EAwIwPDEY
|
||||
MBYGA1UEChMPY2hhb3NJbnRlcm5hbENBMSAwHgYDVQQDExdjaGFvc0ludGVybmFs
|
||||
Q0EgUm9vdCBDQTAeFw0yMzEwMDcwOTI2MjNaFw0zMzEwMDQwOTI2MjNaMEQxGDAW
|
||||
BgNVBAoTD2NoYW9zSW50ZXJuYWxDQTEoMCYGA1UEAxMfY2hhb3NJbnRlcm5hbENB
|
||||
IEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMb7h/fG
|
||||
G2vlRc4fartmb/4q2MvuRzH8xTUQ4C/feNVmePHrJtIR0/tKsKhkHVWdp5Zz4MXz
|
||||
jIhyT0EqB7N3gZyjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/
|
||||
AgEAMB0GA1UdDgQWBBS2nPpqHCugN9/hYZkIE2TtUfJa5DAfBgNVHSMEGDAWgBQS
|
||||
dzj+Rld9GOvs4T2BuFlqk19d5zAKBggqhkjOPQQDAgNIADBFAiEApu4b3L3t2mxi
|
||||
WSXC0RQq+T/kpwtyCY+PCy4Wwp8pbgUCIGFfjmVjv7eCz+NkBnA6B74trz1vNN/j
|
||||
FdFrgXnBo365
|
||||
-----END CERTIFICATE-----
|
||||
|
|
@ -1,44 +0,0 @@
|
|||
let
|
||||
pubkeys = builtins.fromJSON (builtins.readFile ./chaosInternalWireGuardPubKeys.json);
|
||||
listenPort = 51820;
|
||||
in rec {
|
||||
# 10.0.0.0/24 - machines
|
||||
# 10.0.1.0/24 - containers for hetzner-arm
|
||||
|
||||
hosts = {
|
||||
"hetzner-arm" = {
|
||||
ip = "10.0.0.1";
|
||||
allowedIPs = [
|
||||
"10.0.0.1/32" # Allow itself
|
||||
"10.0.1.1/24" # Containers
|
||||
];
|
||||
public = pubkeys."hetzner-arm";
|
||||
inherit listenPort;
|
||||
endpoint = "hetzner-arm.servers.genderfucked.monster:${toString listenPort}";
|
||||
};
|
||||
"vault" = {
|
||||
ip = "10.0.0.2";
|
||||
public = pubkeys."vault";
|
||||
inherit listenPort;
|
||||
endpoint = "vault.servers.genderfucked.monster:${toString listenPort}";
|
||||
};
|
||||
"lappy-t495" = {
|
||||
ip = "10.0.0.3";
|
||||
public = pubkeys."lappy-t495";
|
||||
};
|
||||
"raspberry" = {
|
||||
ip = "10.0.0.4";
|
||||
public = pubkeys."raspberry";
|
||||
inherit listenPort;
|
||||
endpoint = "raspberry.servers.genderfucked.monster:${toString listenPort}";
|
||||
};
|
||||
"iphone15" = {
|
||||
ip = "10.0.0.5";
|
||||
public = pubkeys."iphone15";
|
||||
};
|
||||
"iphone8" = {
|
||||
ip = "10.0.0.6";
|
||||
public = pubkeys."iphone8";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
{
|
||||
"vault": "IfYCpiUXmsGVj8OR32W1ind0TWf2hmT+Axz3SaTsUQE=",
|
||||
"raspberry": "ZWnPJZ5Bw/EyoLo5o3xjhkn3aTDC+ivPnnizGL0JfEo=",
|
||||
"lappy-t495": "ogQmpEb3pXgn8NhQUlIwj/6CwAxXeB1ayqfXaieKs3g=",
|
||||
"iphone8": "OptrVbP0q9q3DkEUGYu8aa6kj3S7h7cpotz5yuKs7Qw=",
|
||||
"hetzner-arm": "UJ1WgFOy5AtvMvvU9Y3F8CuDOXz8JeJGZtDa83s7D3s=",
|
||||
"iphone15": "i4vGjEqQyuoRqOJucXVrW0aIbwSUaB2dVVtEUjvHx3A="
|
||||
}
|
||||
|
|
@ -1,50 +0,0 @@
|
|||
{
|
||||
"root": "/var/lib/step-ca/certs/root_ca.crt",
|
||||
"federatedRoots": null,
|
||||
"crt": "/var/lib/step-ca/certs/intermediate_ca.crt",
|
||||
"key": "/var/lib/step-ca/secrets/intermediate_ca_key",
|
||||
"address": ":8443",
|
||||
"insecureAddress": "",
|
||||
"dnsNames": [
|
||||
"internal-ca.genderfucked.monster"
|
||||
],
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"db": {
|
||||
"type": "badgerv2",
|
||||
"dataSource": "/var/lib/step-ca/db",
|
||||
"badgerFileLoadingMode": ""
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "JWK",
|
||||
"name": "chaos@owo.monster",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "iVF2Pv4bjT49y3A7Fr7VLUX7DRA_agV8MtJO1fPsXak",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "eObudoofL4N97swbxJENw_l8CNUJDqY-z7D7FsGuQAo",
|
||||
"y": "oVh_vs7tyU0hqVp9_rlGg4zf_DEfwt9sP8HvvX-BBpg"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjEwMDAwMCwicDJzIjoiejg2MEtzcTRSdmFjTnlnTzZlODlnQSJ9.UJmlI8NY3E3Q9mxCiQKg3A8w_BrbxRajrWsdFAADTgNSmWvMv9BO2Q.5YJjMQy7CHO0yBT2.bglp3YwvZtGJm8tSRXRt87kCr4sLiNDWUDHdJi5HJOlRQGFpW95tbI_3smJ81fBZHxA8yXXKP4vce-pmheTd_MbKWKjlmATZx6-JrvyVxHgOb80Fqdlb7GTVHkTu6fOYJzZtFUHswNvKdhJ4kHzQzs09ukc3KZRRCl9t2OV_jSY0ag8EhEAfqDCHAhx9V4Rlg6E10oLHA2kCGo7Z8bE_mClRPd9sFCIg4C0WdvIlXRJk3-Hs7tqCrGXBq50vZf28VjvS2B2JrtEGzK6CU1338GJ6oT3I7BaMF1X9IS-UfU3mUrGalwr8j7MV7-ezDwlEoCnFhQbD2UOVC0nHRyE.Ta-x2FImNtgtlIlIiWdpAA"
|
||||
},
|
||||
{
|
||||
"type": "ACME",
|
||||
"name": "acme"
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.3,
|
||||
"renegotiation": false
|
||||
}
|
||||
}
|
||||
|
|
@ -35,7 +35,6 @@ in {
|
|||
]
|
||||
++ (with hosts.hetzner-arm.containers.vault.profiles; [
|
||||
vault
|
||||
#internalCA
|
||||
restic
|
||||
]);
|
||||
|
||||
|
|
@ -53,17 +52,4 @@ in {
|
|||
"/".proxyPass = "http://${containerIP}:8200";
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: redo this
|
||||
#security.acme.certs."vault.genderfucked.monster" = {
|
||||
# server = "https://internal-ca.genderfucked.monster:8443/acme/acme/directory";
|
||||
#};
|
||||
|
||||
#services.nginx.virtualHosts."vault.genderfucked.monster" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = true;
|
||||
# locations = {
|
||||
# "/".proxyPass = "http://${containerIP}:8200";
|
||||
# };
|
||||
#};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (config.services.secrets) secrets;
|
||||
in {
|
||||
environment.systemPackages = with pkgs; [
|
||||
step-cli
|
||||
step-ca
|
||||
];
|
||||
|
||||
services.step-ca = {
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
port = 8443;
|
||||
intermediatePasswordFile = secrets.internal_ca_password.path;
|
||||
settings = builtins.fromJSON (builtins.readFile ../data/ca.json);
|
||||
};
|
||||
}
|
||||
|
|
@ -15,8 +15,6 @@
|
|||
"private-public-keys/data/restic/Vault"
|
||||
|
||||
"api-keys/data/backblaze/Chaos-Backups"
|
||||
|
||||
"infra/data/internalCAPassword"
|
||||
];
|
||||
|
||||
secrets = {
|
||||
|
|
@ -37,12 +35,6 @@
|
|||
EOF
|
||||
'';
|
||||
};
|
||||
|
||||
internal_ca_password = {
|
||||
fetchScript = ''
|
||||
simple_get "/infra/internalCAPassword" .password > "$secretFile"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,8 +14,6 @@ in {
|
|||
profiles.nginx
|
||||
profiles.firewallAllow.httpCommon
|
||||
|
||||
# profiles.chaosInternalWireGuard
|
||||
|
||||
./hardware.nix
|
||||
./secrets.nix
|
||||
]
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@
|
|||
|
||||
profiles.cross.arm64
|
||||
profiles.remoteBuilders
|
||||
#profiles.chaosInternalWireGuard
|
||||
|
||||
hosts.lappy-surface.profiles.music-player-target
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@
|
|||
|
||||
profiles.cross.arm64
|
||||
profiles.remoteBuilders
|
||||
profiles.chaosInternalWireGuard
|
||||
|
||||
profiles.gaming.steam
|
||||
|
||||
|
|
|
|||
|
|
@ -6,8 +6,6 @@
|
|||
profiles.nginx
|
||||
profiles.firewallAllow.httpCommon
|
||||
|
||||
profiles.chaosInternalWireGuard
|
||||
|
||||
./secrets.nix
|
||||
./boot.nix
|
||||
]
|
||||
|
|
|
|||
|
|
@ -7,12 +7,7 @@
|
|||
loginUsername = "raspberry";
|
||||
};
|
||||
|
||||
# some are also added from wireguard internal config
|
||||
requiredVaultPaths = [
|
||||
"private-public-keys/data/cryptsetup/raspberry-ext-drive" # used dynamically
|
||||
|
||||
"api-keys/data/hetzner/storagebox" # also used dynamically
|
||||
];
|
||||
requiredVaultPaths = [];
|
||||
|
||||
secrets = {
|
||||
vault_password = {
|
||||
|
|
|
|||
|
|
@ -1,41 +0,0 @@
|
|||
{lib, ...}: let
|
||||
inherit (lib.lists) forEach;
|
||||
inherit (lib.modules) mkMerge;
|
||||
inherit (builtins) isString;
|
||||
in rec {
|
||||
genBindMountForSecret = secrets: secretItem: let
|
||||
secret =
|
||||
if isString secretItem
|
||||
then secrets.${secretItem}
|
||||
else secrets.${secretItem.name};
|
||||
|
||||
hostPath = secret.path;
|
||||
|
||||
containerPath =
|
||||
if isString secretItem
|
||||
then hostPath
|
||||
else secretItem.path;
|
||||
|
||||
writable =
|
||||
if isString secretItem
|
||||
then
|
||||
(
|
||||
if secretItem ? "writable"
|
||||
then secretItem.writable
|
||||
else false
|
||||
)
|
||||
else false;
|
||||
in {
|
||||
"${containerPath}" = {
|
||||
inherit hostPath;
|
||||
isReadOnly = !writable;
|
||||
};
|
||||
};
|
||||
|
||||
genBindHostsForSecrets = secrets: secrets_list: (
|
||||
mkMerge (forEach secrets_list (
|
||||
secretItem:
|
||||
genBindMountForSecret secrets secretItem
|
||||
))
|
||||
);
|
||||
}
|
||||
|
|
@ -1,99 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (pkgs) writeShellScriptBin;
|
||||
inherit (lib.lists) forEach;
|
||||
inherit (lib.strings) concatStringsSep optionalString;
|
||||
inherit (builtins) attrNames;
|
||||
|
||||
wireguardData = import ../data/wireguard/chaosInternalWireGuard.nix;
|
||||
wireguardHosts = wireguardData.hosts;
|
||||
|
||||
kvPathForHost = host: "/private-public-keys/wireguard/chaos-internal/${host}";
|
||||
in rec {
|
||||
initAllScript = writeShellScriptBin "wg-keys-init-all" (let
|
||||
vault = "${pkgs.vault}/bin/vault";
|
||||
in ''
|
||||
|
||||
PUBKEYS_FILE=$1
|
||||
if [ -z "$PUBKEYS_FILE" ]; then
|
||||
echo "please provide path to file with pubkeys"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: ''
|
||||
echo "{}" | ${vault} kv put "${kvPathForHost hostName}" - 2>/dev/null
|
||||
''))}
|
||||
|
||||
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: ''
|
||||
echo "Deploying keys for ${hostName}"
|
||||
|
||||
"${genInitScript hostName}/bin/wg-keys-init-${hostName}" "$PUBKEYS_FILE"
|
||||
''))}
|
||||
'');
|
||||
|
||||
genInitScript = systemHostName: (writeShellScriptBin "wg-keys-init-${systemHostName}" (let
|
||||
vault = "${pkgs.vault}/bin/vault";
|
||||
jq = "${pkgs.jq}/bin/jq";
|
||||
wg = "${pkgs.wireguard-tools}/bin/wg";
|
||||
sponge = "${pkgs.moreutils}/bin/sponge";
|
||||
in ''
|
||||
|
||||
PUBKEYS_FILE=$1
|
||||
if [ -z "$PUBKEYS_FILE" ]; then
|
||||
echo "please provide path to file with pubkeys"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
PRIVATE=$(${wg} genkey)
|
||||
PUBLIC=$(echo "$PRIVATE" | ${wg} pubkey)
|
||||
|
||||
TMP_DIR=$(mktemp -d)
|
||||
pushd "$TMP_DIR"
|
||||
echo "{}" > currentHost.json
|
||||
${jq} ".public = \"$PUBLIC\"" currentHost.json | ${sponge} currentHost.json
|
||||
${jq} ".private = \"$PRIVATE\"" currentHost.json | ${sponge} currentHost.json
|
||||
cat currentHost.json | ${vault} kv put "${kvPathForHost systemHostName}" - 2>/dev/null
|
||||
cat currentHost.json | jq
|
||||
popd
|
||||
|
||||
rm -rf "$TMP_DIR"
|
||||
|
||||
${jq} ".\"${systemHostName}\" = \"$PUBLIC\"" "$PUBKEYS_FILE" | ${sponge} "$PUBKEYS_FILE"
|
||||
''));
|
||||
|
||||
genConfScript = systemHostName: (writeShellScriptBin "wg-gen-conf-${systemHostName}" (let
|
||||
vault = "${pkgs.vault}/bin/vault";
|
||||
jq = "${pkgs.jq}/bin/jq";
|
||||
|
||||
currentHostConfig = wireguardHosts.${systemHostName};
|
||||
in ''
|
||||
set -euo pipefail
|
||||
getPrivateKey() {
|
||||
${vault} kv get -format=json "/private-public-keys/wireguard/chaos-internal/$1" | ${jq} -r ".data.data.private" | tr -d '\n'
|
||||
}
|
||||
|
||||
cat << EOF
|
||||
[interface]
|
||||
Address = ${currentHostConfig.ip}/24
|
||||
${optionalString (currentHostConfig ? "listenAddress") "ListenAddress = ${toString currentHostConfig.listenAddress}"}
|
||||
PrivateKey = $(getPrivateKey ${systemHostName})
|
||||
|
||||
|
||||
${concatStringsSep "\n" (forEach (attrNames wireguardHosts) (hostName: (let
|
||||
hostConfig = wireguardHosts.${hostName};
|
||||
in ''
|
||||
[Peer]
|
||||
PublicKey = ${hostConfig.public}
|
||||
${optionalString (hostConfig ? "endpoint") "Endpoint = ${hostConfig.endpoint}"}
|
||||
AllowedIPs = ${
|
||||
if hostConfig ? "allowedIPs"
|
||||
then concatStringsSep "," hostConfig.allowedIPs
|
||||
else "${hostConfig.ip}/32"
|
||||
}
|
||||
'')))}
|
||||
EOF
|
||||
''));
|
||||
}
|
||||
23
outputs.nix
23
outputs.nix
|
|
@ -59,29 +59,6 @@ in
|
|||
};
|
||||
}
|
||||
|
||||
# internal wireguard scripts
|
||||
(let
|
||||
internalWireGuardLib = import ./lib/internalWireGuardLib.nix {
|
||||
inherit (nixpkgs) lib;
|
||||
inherit pkgs;
|
||||
};
|
||||
|
||||
wireguardData = import ./data/wireguard/chaosInternalWireGuard.nix;
|
||||
hostsWithWireGuard = builtins.attrNames wireguardData.hosts;
|
||||
in {
|
||||
packages = mergeAttrsList [
|
||||
(mergeAttrsList (
|
||||
forEach hostsWithWireGuard (hostName: {
|
||||
"wg-keys-init-${hostName}" = internalWireGuardLib.genInitScript hostName;
|
||||
"wg-gen-conf-${hostName}" = internalWireGuardLib.genConfScript hostName;
|
||||
})
|
||||
))
|
||||
{
|
||||
"wg-keys-init-all" = internalWireGuardLib.initAllScript;
|
||||
}
|
||||
];
|
||||
})
|
||||
|
||||
# secrets-init, secrets-check and vault-policy for machines and containers
|
||||
(let
|
||||
secretsLib = import ./modules/nixos/secretsLib/lib.nix {
|
||||
|
|
|
|||
|
|
@ -1,5 +0,0 @@
|
|||
{...}: {
|
||||
security.pki.certificateFiles = [
|
||||
../../data/internalCA.crt
|
||||
];
|
||||
}
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
{config, ...}: let
|
||||
currentHostName = config.networking.hostName;
|
||||
in {
|
||||
services.secrets = {
|
||||
enable = true;
|
||||
|
||||
requiredVaultPaths = [
|
||||
"private-public-keys/data/wireguard/chaos-internal/${currentHostName}"
|
||||
];
|
||||
|
||||
secrets = {
|
||||
wg_public = {
|
||||
fetchScript = ''
|
||||
simple_get "/private-public-keys/wireguard/chaos-internal/${currentHostName}" .public > "$secretFile"
|
||||
'';
|
||||
};
|
||||
wg_private = {
|
||||
fetchScript = ''
|
||||
simple_get "/private-public-keys/wireguard/chaos-internal/${currentHostName}" .private > "$secretFile"
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,57 +0,0 @@
|
|||
{
|
||||
self,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (lib.modules) mkIf;
|
||||
inherit (lib.lists) filter;
|
||||
inherit (builtins) hasAttr attrNames;
|
||||
|
||||
# Assume this to be set
|
||||
inherit (config.services.secrets) secrets;
|
||||
|
||||
wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
|
||||
wireguardHosts = wireguardData.hosts;
|
||||
|
||||
currentHostName = config.networking.hostName;
|
||||
currentHostConfig = wireguardHosts.${currentHostName};
|
||||
in {
|
||||
networking.firewall = {
|
||||
trustedInterfaces = [
|
||||
"wg0"
|
||||
];
|
||||
allowPing = true;
|
||||
allowedUDPPorts = mkIf (hasAttr "listenPort" currentHostConfig) [
|
||||
currentHostConfig.listenPort
|
||||
];
|
||||
};
|
||||
|
||||
systemd.services.wireguard-debug = {
|
||||
wantedBy = ["multi-user.target"];
|
||||
script = ''
|
||||
echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control
|
||||
'';
|
||||
};
|
||||
|
||||
networking.wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
address = ["${currentHostConfig.ip}/24"];
|
||||
privateKeyFile = "${secrets.wg_private.path}";
|
||||
listenPort = mkIf (hasAttr "listenPort" currentHostConfig) currentHostConfig.listenPort;
|
||||
|
||||
peers =
|
||||
map (
|
||||
hostName: let
|
||||
host = wireguardHosts.${hostName};
|
||||
in {
|
||||
allowedIPs = host.allowedIPs or ["${host.ip}/32"];
|
||||
publicKey = host.public;
|
||||
endpoint = host.endpoint or null;
|
||||
}
|
||||
) (filter (
|
||||
hostName: hostName != currentHostName
|
||||
) (attrNames wireguardHosts));
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue