diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-10 13:24:21 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-10-10 13:24:21 +0200 |
commit | 9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32 (patch) | |
tree | 08c43cc58a4c768712c411db74c068a58205f70d /modules | |
parent | 4afbcba9e3e591cf60ad17c1fe42682434d6cf4b (diff) | |
download | nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.gz nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.bz2 nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.xz nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.zip |
yggdrasil-wg: ...
Diffstat (limited to 'modules')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 60a153cf..573791bf 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -54,7 +54,7 @@ let | |||
54 | in { | 54 | in { |
55 | allowedIPs = hostIPs.${other} ++ concatMap (rArgs: if rArgs.from != hostName || rArgs.via != to then [] else hostIPs.${rArgs.to}) routes; | 55 | allowedIPs = hostIPs.${other} ++ concatMap (rArgs: if rArgs.from != hostName || rArgs.via != to then [] else hostIPs.${rArgs.to}) routes; |
56 | publicKey = trim (readFile (mkPublicKeyPath other)); | 56 | publicKey = trim (readFile (mkPublicKeyPath other)); |
57 | } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "localhost:${toString (udp2rawPort + ix)}"; })); | 57 | } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "127.0.0.1:${toString (udp2rawPort + ix)}"; })); |
58 | 58 | ||
59 | trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; | 59 | trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; |
60 | stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; | 60 | stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; |
@@ -84,12 +84,14 @@ in { | |||
84 | }; | 84 | }; |
85 | 85 | ||
86 | systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" then { | 86 | systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" then { |
87 | requiredBy = ["wireguard-yggdrasil.service"]; | ||
88 | |||
89 | serviceConfig = { | 87 | serviceConfig = { |
90 | ExecStart = "${pkgs.udp2raw}/bin/udp2raw ${if from == hostName then "-c -l 127.0.0.1:${toString (udp2rawPort + ix)} -r ${opts.endpointHost}:${toString (udp2rawPort + ix)}" else "-s -l 0.0.0.0:${toString (udp2rawPort + ix)} -r 127.0.0.1:${toString listenPort}"} -k tmpkey --auth-mode hmac_sha1 --raw-mode faketcp -a"; | 88 | ExecStart = "${pkgs.udp2raw}/bin/udp2raw ${if from == hostName then "-c -l 127.0.0.1:${toString (udp2rawPort + ix)} -r ${opts.endpointHost}:${toString (udp2rawPort + ix)}" else "-s -l 0.0.0.0:${toString (udp2rawPort + ix)} -r 127.0.0.1:${toString listenPort}"} -k tmpkey --auth-mode hmac_sha1 --raw-mode faketcp -a"; |
91 | }; | 89 | }; |
92 | } else null)) hostLinks)) // { | 90 | } else null)) hostLinks)) // { |
91 | "wireguard-yggdrasil" = { | ||
92 | requires = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks); | ||
93 | after = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks); | ||
94 | }; | ||
93 | firewall.path = optionals isRouter [pkgs.procps]; | 95 | firewall.path = optionals isRouter [pkgs.procps]; |
94 | }; | 96 | }; |
95 | 97 | ||