give wireguard clients unique IPs

wg.mk

@@ -20,8 +20,11 @@ wgkeys.rec: wireguard/dmz_public_key
 	git commit -m"add wireguard key for $(name)"
 	$(info Remember to git push)
 
-wireguard/dmz.conf: xecut/nimbus/dmz.conf | wireguard/dmz_private_key
-	sed 's/PRIVATE_KEY/$(shell cat $|)/' $< > $@
+wireguard/dmz.conf: wireguard/dmz_bare.conf | wireguard/dmz_private_key
+	sed 's#PRIVATE_KEY#$(shell cat $|)#' $< > $@
+
+wireguard/dmz_bare.conf: wgkeys.rec | xecut/nimbus/dmz.conf
+	recsel $< -t $(basename $<) -e 'name = "$(name)"' | recfmt -f $| > $@
 
 ###### Wireguard configuration #####
 

wgkeys.rec

@@ -1,8 +1,12 @@
 %rec: wgkeys
+%key: id
 %type: name,pubkey line
+%type: id int
+%auto: id
 %mandatory: name
 + pubkey
 
+id: 2
 name: Malin Freeborn
 pubkey: loNnXRalD0ZyOLadSWm31rqOuRfEbgtX9O4/z7eSIho=
 

xecut/nimbus/dmz.conf

@@ -8,5 +8,5 @@ DNS = 9.9.9.9
 [Peer]
 PublicKey = GH+qA1Au9BraGhNt7Aqp8tdhGVfH8ENnY3VzKhe69XQ=
 Endpoint = space.xecut.me:51900
-AllowedIPs = 10.0.0.1/24
+AllowedIPs = 10.0.0.{{id}}/24
 

xecut/nimbus/wg_peer.fmt

@@ -1,4 +1,4 @@
 [Peer]
 PublicKey = {{pubkey}}
-AllowedIPs = 10.0.0.2/32
+AllowedIPs = 10.0.0.{{id}}/32