summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-12-16 09:41:50 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-12-16 09:41:50 +0100
commite2e7587cfa7497aba164ec0e338791999479b56b (patch)
tree3c6012b2e4e958ec90527bee5cffb6f8586176c7 /modules/yggdrasil-wg/default.nix
parent8ae06b5f397dd2923ac0507c357064726d942cee (diff)
downloadnixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar
nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.gz
nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.bz2
nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.xz
nixos-e2e7587cfa7497aba164ec0e338791999479b56b.zip
yggdrasil-wg: routing
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r--modules/yggdrasil-wg/default.nix5
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index b1d4ee5d..cbe09955 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -76,6 +76,7 @@ let
76 vidhar = ["${batSubnet}:1::/${toString batHostLength}"]; 76 vidhar = ["${batSubnet}:1::/${toString batHostLength}"];
77 sif = ["${batSubnet}:2::/${toString batHostLength}"]; 77 sif = ["${batSubnet}:2::/${toString batHostLength}"];
78 }; 78 };
79 routers = [ "surtr" ];
79 80
80 mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; 81 mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub";
81 mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; 82 mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv";
@@ -91,7 +92,7 @@ let
91 let 92 let
92 other = if thisHost from then to else from; 93 other = if thisHost from then to else from;
93 in { 94 in {
94 AllowedIPs = wgHostIPs.${family}.${other}; 95 AllowedIPs = if elem other routers then ["0.0.0.0/0" "::/0"] else wgHostIPs.${family}.${other};
95 PublicKey = trim (readFile (mkPublicKeyPath family other)); 96 PublicKey = trim (readFile (mkPublicKeyPath family other));
96 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); 97 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts));
97 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); 98 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"]));
@@ -202,7 +203,7 @@ in {
202 Destination = "${batSubnet}::/${toString batSubnetLength}"; 203 Destination = "${batSubnet}::/${toString batSubnetLength}";
203 }; 204 };
204 } 205 }
205 ]; 206 ] ++ (concatMap (router: concatMap (family: { routeConfig = { Destination = "::/0"; Metric = 1; Gateway = wgHostIPs.${family}.${router}; }; }) families) routers);
206 linkConfig = { 207 linkConfig = {
207 MACAddress = "${batHostMACs.${hostName}}"; 208 MACAddress = "${batHostMACs.${hostName}}";
208 RequiredForOnline = false; 209 RequiredForOnline = false;