kedge/terraform/modules/wireguard-topology/main.tf

terraform {
  required_providers {
    local = {
      source  = "hashicorp/local"
      version = "~> 2.5"
    }
  }
}

# Declarative WireGuard mesh peer relationships.
# Generates peer configuration for each node in the mesh.

locals {
  peer_pairs = flatten([
    for i, site_a in var.sites : [
      for j, site_b in var.sites : {
        from = site_a
        to   = site_b
      } if i < j
    ]
  ])
}

resource "local_file" "peer_config" {
  for_each = { for site in var.sites : site.name => site }

  filename = "${var.output_dir}/${each.key}-peers.json"
  content = jsonencode({
    site_id = each.value.name
    peers = [
      for site in var.sites : {
        public_key  = site.public_key
        endpoint    = site.endpoint
        allowed_ips = site.allowed_ips
      } if site.name != each.key
    ]
  })
}