summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-10-10 13:24:21 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-10-10 13:24:21 +0200
commit9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32 (patch)
tree08c43cc58a4c768712c411db74c068a58205f70d /modules
parent4afbcba9e3e591cf60ad17c1fe42682434d6cf4b (diff)
downloadnixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar
nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.gz
nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.bz2
nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.tar.xz
nixos-9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32.zip
yggdrasil-wg: ...
Diffstat (limited to 'modules')
-rw-r--r--modules/yggdrasil-wg/default.nix8
1 files changed, 5 insertions, 3 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 60a153cf..573791bf 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -54,7 +54,7 @@ let
54 in { 54 in {
55 allowedIPs = hostIPs.${other} ++ concatMap (rArgs: if rArgs.from != hostName || rArgs.via != to then [] else hostIPs.${rArgs.to}) routes; 55 allowedIPs = hostIPs.${other} ++ concatMap (rArgs: if rArgs.from != hostName || rArgs.via != to then [] else hostIPs.${rArgs.to}) routes;
56 publicKey = trim (readFile (mkPublicKeyPath other)); 56 publicKey = trim (readFile (mkPublicKeyPath other));
57 } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "localhost:${toString (udp2rawPort + ix)}"; })); 57 } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "127.0.0.1:${toString (udp2rawPort + ix)}"; }));
58 58
59 trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; 59 trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str;
60 stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; 60 stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0;
@@ -84,12 +84,14 @@ in {
84 }; 84 };
85 85
86 systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" then { 86 systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" then {
87 requiredBy = ["wireguard-yggdrasil.service"];
88
89 serviceConfig = { 87 serviceConfig = {
90 ExecStart = "${pkgs.udp2raw}/bin/udp2raw ${if from == hostName then "-c -l 127.0.0.1:${toString (udp2rawPort + ix)} -r ${opts.endpointHost}:${toString (udp2rawPort + ix)}" else "-s -l 0.0.0.0:${toString (udp2rawPort + ix)} -r 127.0.0.1:${toString listenPort}"} -k tmpkey --auth-mode hmac_sha1 --raw-mode faketcp -a"; 88 ExecStart = "${pkgs.udp2raw}/bin/udp2raw ${if from == hostName then "-c -l 127.0.0.1:${toString (udp2rawPort + ix)} -r ${opts.endpointHost}:${toString (udp2rawPort + ix)}" else "-s -l 0.0.0.0:${toString (udp2rawPort + ix)} -r 127.0.0.1:${toString listenPort}"} -k tmpkey --auth-mode hmac_sha1 --raw-mode faketcp -a";
91 }; 89 };
92 } else null)) hostLinks)) // { 90 } else null)) hostLinks)) // {
91 "wireguard-yggdrasil" = {
92 requires = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks);
93 after = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks);
94 };
93 firewall.path = optionals isRouter [pkgs.procps]; 95 firewall.path = optionals isRouter [pkgs.procps];
94 }; 96 };
95 97