diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-01 10:48:06 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-08-01 10:48:06 +0200 |
commit | 0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6 (patch) | |
tree | 41691fef5468c5efbc32c12cbacd55e97b23b0de /modules/yggdrasil-wg | |
parent | 48f8d3c11d9117f10e6ca5b76a08b91cef5c861b (diff) | |
download | nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.gz nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.bz2 nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.tar.xz nixos-0f06a86b1eaa99ff21cdce8c5f1c54b688cbbcf6.zip |
...
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 8525cea0..8b190651 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -135,7 +135,7 @@ let | |||
135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; | 135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; |
136 | ListenPort = listenPort.${family}; | 136 | ListenPort = listenPort.${family}; |
137 | }; | 137 | }; |
138 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 138 | wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family}; |
139 | }; | 139 | }; |
140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; | 140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; |
141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { | 141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { |
@@ -145,9 +145,7 @@ let | |||
145 | }; | 145 | }; |
146 | address = [wgHostIPs.${family}.${hostName}]; | 146 | address = [wgHostIPs.${family}.${hostName}]; |
147 | routes = [ | 147 | routes = [ |
148 | { routeConfig = { | 148 | { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; |
149 | Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; | ||
150 | }; | ||
151 | } | 149 | } |
152 | ]; | 150 | ]; |
153 | linkConfig = { | 151 | linkConfig = { |
@@ -203,25 +201,19 @@ in { | |||
203 | dns = ["2a03:4000:52:ada:1:1::"]; | 201 | dns = ["2a03:4000:52:ada:1:1::"]; |
204 | domains = ["yggdrasil"]; | 202 | domains = ["yggdrasil"]; |
205 | routes = [ | 203 | routes = [ |
206 | { routeConfig = { | 204 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
207 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 205 | GatewayOnLink = true; |
208 | GatewayOnLink = true; | ||
209 | }; | ||
210 | } | 206 | } |
211 | { routeConfig = { | 207 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
212 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 208 | GatewayOnLink = true; |
213 | GatewayOnLink = true; | 209 | Table = "yggdrasil"; |
214 | Table = "yggdrasil"; | ||
215 | }; | ||
216 | } | 210 | } |
217 | { routeConfig = { | 211 | { Destination = batHostIPs.${hostName}; |
218 | Destination = batHostIPs.${hostName}; | 212 | GatewayOnLink = true; |
219 | GatewayOnLink = true; | 213 | Table = "yggdrasil"; |
220 | Table = "yggdrasil"; | ||
221 | }; | ||
222 | } | 214 | } |
223 | ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); | 215 | ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); |
224 | routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; | 216 | routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName}; |
225 | linkConfig = { | 217 | linkConfig = { |
226 | MACAddress = "${batHostMACs.${hostName}}"; | 218 | MACAddress = "${batHostMACs.${hostName}}"; |
227 | RequiredForOnline = false; | 219 | RequiredForOnline = false; |