diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-16 09:41:50 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-12-16 09:41:50 +0100 |
commit | e2e7587cfa7497aba164ec0e338791999479b56b (patch) | |
tree | 3c6012b2e4e958ec90527bee5cffb6f8586176c7 /modules/yggdrasil-wg | |
parent | 8ae06b5f397dd2923ac0507c357064726d942cee (diff) | |
download | nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.gz nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.bz2 nixos-e2e7587cfa7497aba164ec0e338791999479b56b.tar.xz nixos-e2e7587cfa7497aba164ec0e338791999479b56b.zip |
yggdrasil-wg: routing
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index b1d4ee5d..cbe09955 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -76,6 +76,7 @@ let | |||
76 | vidhar = ["${batSubnet}:1::/${toString batHostLength}"]; | 76 | vidhar = ["${batSubnet}:1::/${toString batHostLength}"]; |
77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; | 77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; |
78 | }; | 78 | }; |
79 | routers = [ "surtr" ]; | ||
79 | 80 | ||
80 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; | 81 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; |
81 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; | 82 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; |
@@ -91,7 +92,7 @@ let | |||
91 | let | 92 | let |
92 | other = if thisHost from then to else from; | 93 | other = if thisHost from then to else from; |
93 | in { | 94 | in { |
94 | AllowedIPs = wgHostIPs.${family}.${other}; | 95 | AllowedIPs = if elem other routers then ["0.0.0.0/0" "::/0"] else wgHostIPs.${family}.${other}; |
95 | PublicKey = trim (readFile (mkPublicKeyPath family other)); | 96 | PublicKey = trim (readFile (mkPublicKeyPath family other)); |
96 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); | 97 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); |
97 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 98 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); |
@@ -202,7 +203,7 @@ in { | |||
202 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 203 | Destination = "${batSubnet}::/${toString batSubnetLength}"; |
203 | }; | 204 | }; |
204 | } | 205 | } |
205 | ]; | 206 | ] ++ (concatMap (router: concatMap (family: { routeConfig = { Destination = "::/0"; Metric = 1; Gateway = wgHostIPs.${family}.${router}; }; }) families) routers); |
206 | linkConfig = { | 207 | linkConfig = { |
207 | MACAddress = "${batHostMACs.${hostName}}"; | 208 | MACAddress = "${batHostMACs.${hostName}}"; |
208 | RequiredForOnline = false; | 209 | RequiredForOnline = false; |