summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-08-01 10:48:06 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-08-01 10:48:06 +0200
commit0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6 (patch)
tree41691fef5468c5efbc32c12cbacd55e97b23b0de /modules/yggdrasil-wg
parent48f8d3c11d9117f10e6ca5b76a08b91cef5c861b (diff)
downloadnixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar
nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.gz
nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.bz2
nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.xz
nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.zip
...
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r--modules/yggdrasil-wg/default.nix32
1 files changed, 12 insertions, 20 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 8525cea0..8b190651 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -135,7 +135,7 @@ let
135 PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; 135 PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv";
136 ListenPort = listenPort.${family}; 136 ListenPort = listenPort.${family};
137 }; 137 };
138 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; 138 wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family};
139 }; 139 };
140 familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; 140 familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}";
141 familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { 141 familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" {
@@ -145,9 +145,7 @@ let
145 }; 145 };
146 address = [wgHostIPs.${family}.${hostName}]; 146 address = [wgHostIPs.${family}.${hostName}];
147 routes = [ 147 routes = [
148 { routeConfig = { 148 { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}";
149 Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}";
150 };
151 } 149 }
152 ]; 150 ];
153 linkConfig = { 151 linkConfig = {
@@ -203,25 +201,19 @@ in {
203 dns = ["2a03:4000:52:ada:1:1::"]; 201 dns = ["2a03:4000:52:ada:1:1::"];
204 domains = ["yggdrasil"]; 202 domains = ["yggdrasil"];
205 routes = [ 203 routes = [
206 { routeConfig = { 204 { Destination = "${batSubnet}::/${toString batSubnetLength}";
207 Destination = "${batSubnet}::/${toString batSubnetLength}"; 205 GatewayOnLink = true;
208 GatewayOnLink = true;
209 };
210 } 206 }
211 { routeConfig = { 207 { Destination = "${batSubnet}::/${toString batSubnetLength}";
212 Destination = "${batSubnet}::/${toString batSubnetLength}"; 208 GatewayOnLink = true;
213 GatewayOnLink = true; 209 Table = "yggdrasil";
214 Table = "yggdrasil";
215 };
216 } 210 }
217 { routeConfig = { 211 { Destination = batHostIPs.${hostName};
218 Destination = batHostIPs.${hostName}; 212 GatewayOnLink = true;
219 GatewayOnLink = true; 213 Table = "yggdrasil";
220 Table = "yggdrasil";
221 };
222 } 214 }
223 ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); 215 ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers));
224 routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; 216 routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName};
225 linkConfig = { 217 linkConfig = {
226 MACAddress = "${batHostMACs.${hostName}}"; 218 MACAddress = "${batHostMACs.${hostName}}";
227 RequiredForOnline = false; 219 RequiredForOnline = false;