From 3da6e7ce45dc460abb16cfc7acad4b0486829613 Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Tue, 5 Nov 2024 14:30:41 +0000
Subject: [PATCH] migrate to systemd-networkd

---
 peering.nix | 40 ++++++++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/peering.nix b/peering.nix
index 170a986..041363f 100644
--- a/peering.nix
+++ b/peering.nix
@@ -20,7 +20,7 @@ in
       type = with types; nullOr str;
     };
     interface = mkOption {
-      default = "birdsong";
+      default = "wg-birdsong";
       example = "wg0";
       description = "The name of the network interface to use for WireGuard.";
       type = types.str;
@@ -69,28 +69,40 @@ in
     networking = {
       firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ];
 
-      wireguard.interfaces.${cfg.interface} = {
-        ips = [ "${host.ipv4}/16" "${host.ipv6}/48" ]
-          ++ optionals host.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
-        privateKeyFile = cfg.privateKeyFile;
-        listenPort = host.port;
+      systemd.network.enable = true;
 
-        peers =
+      systemd.network.netdevs."30-birdsong" = {
+        netdevConfig = {
+          Name = cfg.interface;
+          Kind = "wireguard";
+          Description = "wireguard tunnel to the birdsong network";
+        };
+        wireguardConfig = {
+          PrivateKeyFile = cfg.privateKeyFile;
+          ListenPort = host.port;
+        };
+        wireguardPeers =
           let
             canDirectPeer = host: peer: peer.subnet == "internet" || (host.subnet != "roaming" && peer.subnet == host.subnet);
           in
           mapAttrsToList
             (name: peer: {
-              name = name;
-              publicKey = peer.wireguardKey;
-              allowedIPs = [ peer.ipv4 peer.ipv6 ]
-                ++ optionals peer.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
-              endpoint = mkIf (canDirectPeer host peer) "${peer.endpoint}:${toString peer.port}";
-              dynamicEndpointRefreshSeconds = mkIf (canDirectPeer host peer) 5;
-              persistentKeepalive = mkIf (peer.subnet != host.subnet) cfg.persistentKeepalive;
+              wireguardPeerConfig = {
+                PublicKey = peer.wireguardKey;
+                AllowedIPs = [ peer.ipv4 peer.ipv6 ]
+                  ++ optionals peer.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+                Endpoint = mkIf (canDirectPeer host peer) "${peer.endpoint}:${toString peer.port}";
+                PersistentKeepalive = mkIf (peer.subnet != host.subnet) cfg.persistentKeepalive;
+              };
             })
             (filterAttrs (name: peer: peer != host && (host.subnet == "internet" || canDirectPeer host peer)) hosts);
       };
+
+      systemd.network.networks."30-birdsong" = {
+        matchConfig.Name = cfg.interface;
+        networkConfig.Address = [ "${host.ipv4}/16" "${host.ipv6}/48" ]
+          ++ optionals host.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ];
+      };
     };
   };
 }