diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-30 15:22:27 +0200 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-30 15:22:27 +0200 | 
| commit | e9f823e35558314664837cc51f3d126bd8a63b3f (patch) | |
| tree | f824199cc0c34cd083fa9e26f1731e4f498724e2 /modules | |
| parent | 5c48e9aa09d2444af3860f5e4018b7fb5eda87e7 (diff) | |
| download | nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.gz nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.bz2 nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.tar.xz nixos-e9f823e35558314664837cc51f3d126bd8a63b3f.zip | |
yggdrasil-wg: better route?
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 13 | 
1 files changed, 9 insertions, 4 deletions
| diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 2727d483..dd7300de 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -1,10 +1,11 @@ | |||
| 1 | { config, hostName, lib, ... }: | 1 | { config, hostName, lib, pkgs, ... }: | 
| 2 | 2 | ||
| 3 | with lib; | 3 | with lib; | 
| 4 | 4 | ||
| 5 | let | 5 | let | 
| 6 | listenPort = 51820; | 6 | listenPort = 51820; | 
| 7 | subnet = "2a03:4000:52:ada:1"; | 7 | subnet = "2a03:4000:52:ada:1"; | 
| 8 | subnetLength = 80; | ||
| 8 | 9 | ||
| 9 | links = [ | 10 | links = [ | 
| 10 | { from = "vidhar"; | 11 | { from = "vidhar"; | 
| @@ -14,9 +15,10 @@ let | |||
| 14 | dynamicEndpointRefreshSeconds = 86400; | 15 | dynamicEndpointRefreshSeconds = 86400; | 
| 15 | } | 16 | } | 
| 16 | ]; | 17 | ]; | 
| 18 | hostLength = subnetLength + 16; | ||
| 17 | hostIPs = { | 19 | hostIPs = { | 
| 18 | surtr = ["${subnet}::/96"]; | 20 | surtr = ["${subnet}::/${toString hostLength}"]; | 
| 19 | vidhar = ["${subnet}:1::/96"]; | 21 | vidhar = ["${subnet}:1::/${toString hostLength}"]; | 
| 20 | }; | 22 | }; | 
| 21 | 23 | ||
| 22 | mkPublicKeyPath = host: ./hosts + "/${host}.pub"; | 24 | mkPublicKeyPath = host: ./hosts + "/${host}.pub"; | 
| @@ -49,11 +51,14 @@ in { | |||
| 49 | 51 | ||
| 50 | networking.wireguard.interfaces = mkIf inNetwork { | 52 | networking.wireguard.interfaces = mkIf inNetwork { | 
| 51 | yggdrasil = { | 53 | yggdrasil = { | 
| 52 | allowedIPsAsRoutes = true; | 54 | allowedIPsAsRoutes = false; | 
| 53 | inherit listenPort; | 55 | inherit listenPort; | 
| 54 | ips = hostIPs.${hostName}; | 56 | ips = hostIPs.${hostName}; | 
| 55 | peers = map linkToPeer hostLinks; | 57 | peers = map linkToPeer hostLinks; | 
| 56 | privateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path; | 58 | privateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path; | 
| 59 | postSetup = '' | ||
| 60 | ${pkgs.iproute2}/bin/ip route replace "${subnet}/${toString subnetLength}" dev "yggdrasil" table "main" | ||
| 61 | ''; | ||
| 57 | }; | 62 | }; | 
| 58 | }; | 63 | }; | 
| 59 | 64 | ||
