summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-11-03 23:43:41 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2021-11-03 23:43:41 +0100
commita101487c04f9bc26290a45fbaaf413d77679f1b3 (patch)
tree7ec899bdf36a39e0752a50fc0e4ff07071702662 /modules/yggdrasil-wg/default.nix
parent3d5b1509be78c0e9d8923af7e63f38d9dcbdefdf (diff)
downloadnixos-a101487c04f9bc26290a45fbaaf413d77679f1b3.tar
nixos-a101487c04f9bc26290a45fbaaf413d77679f1b3.tar.gz
nixos-a101487c04f9bc26290a45fbaaf413d77679f1b3.tar.bz2
nixos-a101487c04f9bc26290a45fbaaf413d77679f1b3.tar.xz
nixos-a101487c04f9bc26290a45fbaaf413d77679f1b3.zip
yggdrasil-wg: ...
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r--modules/yggdrasil-wg/default.nix11
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 55064baa..51009c8f 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -3,7 +3,10 @@
3with lib; 3with lib;
4 4
5let 5let
6 listenPort = 51820; 6 listenPort = {
7 "4" = 51820;
8 "6" = 51821;
9 };
7 wgSubnet = { 10 wgSubnet = {
8 "4" = "2a03:4000:52:ada:2"; 11 "4" = "2a03:4000:52:ada:2";
9 "6" = "2a03:4000:52:ada:3"; 12 "6" = "2a03:4000:52:ada:3";
@@ -90,9 +93,9 @@ let
90 in { 93 in {
91 AllowedIPs = wgHostIPs.${family}.${other}; 94 AllowedIPs = wgHostIPs.${family}.${other};
92 PublicKey = trim (readFile (mkPublicKeyPath family other)); 95 PublicKey = trim (readFile (mkPublicKeyPath family other));
93 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); 96 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts));
94 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); 97 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"]));
95 linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; 98 linkMkEndpointCfg = family: opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort.${family}}"; };
96 linkToGreDev = family: opts@{from, to, ...}: 99 linkToGreDev = family: opts@{from, to, ...}:
97 let 100 let
98 other = if thisHost from then to else from; 101 other = if thisHost from then to else from;
@@ -129,7 +132,7 @@ let
129 }; 132 };
130 wireguardConfig = { 133 wireguardConfig = {
131 PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; 134 PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path;
132 ListenPort = listenPort; 135 ListenPort = listenPort.${family};
133 }; 136 };
134 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; 137 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family};
135 }; 138 };