summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-09-30 15:22:27 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-09-30 15:22:27 +0200
commite9f823e35558314664837cc51f3d126bd8a63b3f (patch)
treef824199cc0c34cd083fa9e26f1731e4f498724e2 /modules/yggdrasil-wg
parent5c48e9aa09d2444af3860f5e4018b7fb5eda87e7 (diff)
downloadnixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar
nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.gz
nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.bz2
nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.xz
nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.zip
yggdrasil-wg: better route?
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r--modules/yggdrasil-wg/default.nix13
1 files changed, 9 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 2727d483..dd7300de 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -1,10 +1,11 @@
1{ config, hostName, lib, ... }: 1{ config, hostName, lib, pkgs, ... }:
2 2
3with lib; 3with lib;
4 4
5let 5let
6 listenPort = 51820; 6 listenPort = 51820;
7 subnet = "2a03:4000:52:ada:1"; 7 subnet = "2a03:4000:52:ada:1";
8 subnetLength = 80;
8 9
9 links = [ 10 links = [
10 { from = "vidhar"; 11 { from = "vidhar";
@@ -14,9 +15,10 @@ let
14 dynamicEndpointRefreshSeconds = 86400; 15 dynamicEndpointRefreshSeconds = 86400;
15 } 16 }
16 ]; 17 ];
18 hostLength = subnetLength + 16;
17 hostIPs = { 19 hostIPs = {
18 surtr = ["${subnet}::/96"]; 20 surtr = ["${subnet}::/${toString hostLength}"];
19 vidhar = ["${subnet}:1::/96"]; 21 vidhar = ["${subnet}:1::/${toString hostLength}"];
20 }; 22 };
21 23
22 mkPublicKeyPath = host: ./hosts + "/${host}.pub"; 24 mkPublicKeyPath = host: ./hosts + "/${host}.pub";
@@ -49,11 +51,14 @@ in {
49 51
50 networking.wireguard.interfaces = mkIf inNetwork { 52 networking.wireguard.interfaces = mkIf inNetwork {
51 yggdrasil = { 53 yggdrasil = {
52 allowedIPsAsRoutes = true; 54 allowedIPsAsRoutes = false;
53 inherit listenPort; 55 inherit listenPort;
54 ips = hostIPs.${hostName}; 56 ips = hostIPs.${hostName};
55 peers = map linkToPeer hostLinks; 57 peers = map linkToPeer hostLinks;
56 privateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path; 58 privateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path;
59 postSetup = ''
60 ${pkgs.iproute2}/bin/ip route replace "${subnet}/${toString subnetLength}" dev "yggdrasil" table "main"
61 '';
57 }; 62 };
58 }; 63 };
59 64