From 08c0e42639d2d302f02b90a2cef3f9e253af34fd Mon Sep 17 00:00:00 2001
From: Jaculabilis <jaculabilis@git.alogoulogoi.com>
Date: Mon, 16 Jan 2023 17:16:20 +0000
Subject: [PATCH] Refactor some network configs into a common module

---
 machine/catacomb/default.nix | 23 +++++++----------------
 modules/beatific.nix         | 23 +++++++++++++++++++++++
 2 files changed, 30 insertions(+), 16 deletions(-)
 create mode 100644 modules/beatific.nix

diff --git a/machine/catacomb/default.nix b/machine/catacomb/default.nix
index 8f9eca9..1e35d10 100644
--- a/machine/catacomb/default.nix
+++ b/machine/catacomb/default.nix
@@ -1,6 +1,8 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 
-{
+let
+  beatific = import ../../modules/beatific.nix;
+in {
   imports = [
     ./hardware-configuration.nix
     ./fileserver.nix
@@ -155,7 +157,7 @@
       };
     };*/
 
-  services.nebula.networks.beatific = {
+  services.nebula.networks.beatific = lib.recursiveUpdate beatific.nebula-defaults {
     enable = true;
 
     # Network certificate and host credentials
@@ -163,23 +165,12 @@
     cert = "/etc/nebula/beatific/catacomb.crt";
     key = "/etc/nebula/beatific/catacomb.key";
 
-    listen.port = 4242;
-
     # Connect to the lighthouse at empyrean
     # Note that this is a VPN address, not a public address
-    lighthouses = [ "10.22.20.1" ];
+    lighthouses = [ beatific.empyrean-vpn-ip ];
 
     # Map the lighthouse address to its public address
-    staticHostMap = { "10.22.20.1" = [ "vpn.alogoulogoi.com:4242" ]; };
-
-    # Don't filter anything at the VPN level
-    firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
-    firewall.inbound  = [ { port = "any"; proto = "any"; host = "any"; } ];
-
-    settings = {
-      # Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
-      punchy = { punch = true; response = true; };
-    };
+    staticHostMap = beatific.empyrean-host-map;
   };
 
   services.zfs = {
diff --git a/modules/beatific.nix b/modules/beatific.nix
new file mode 100644
index 0000000..cb25cda
--- /dev/null
+++ b/modules/beatific.nix
@@ -0,0 +1,23 @@
+# Shared configuration values
+let
+  nebula-port = 4242;
+  empyrean-vpn-ip = "10.22.20.1";
+  empyrean-ext-dns = "vpn.alogoulogoi.com";
+in {
+  nebula-defaults = {
+    listen.port = nebula-port;
+
+    # Don't filter at the VPN level
+    firewall.outbound = [ { port = "any"; proto = "any"; host = "any"; } ];
+    firewall.inbound  = [ { port = "any"; proto = "any"; host = "any"; } ];
+
+    settings = {
+      # Enable UDP holepunching both ways, which allows nodes to establish more direct connections with each other
+      punchy = { punch = true; response = true; };
+    };
+  };
+
+  inherit empyrean-vpn-ip;
+  empyrean-host-map = { ${empyrean-vpn-ip} = [ "${empyrean-ext-dns}:${toString nebula-port}" ]; };
+}
+