diff options
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 55064baa..51009c8f 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -3,7 +3,10 @@ | |||
| 3 | with lib; | 3 | with lib; |
| 4 | 4 | ||
| 5 | let | 5 | let |
| 6 | listenPort = 51820; | 6 | listenPort = { |
| 7 | "4" = 51820; | ||
| 8 | "6" = 51821; | ||
| 9 | }; | ||
| 7 | wgSubnet = { | 10 | wgSubnet = { |
| 8 | "4" = "2a03:4000:52:ada:2"; | 11 | "4" = "2a03:4000:52:ada:2"; |
| 9 | "6" = "2a03:4000:52:ada:3"; | 12 | "6" = "2a03:4000:52:ada:3"; |
| @@ -90,9 +93,9 @@ let | |||
| 90 | in { | 93 | in { |
| 91 | AllowedIPs = wgHostIPs.${family}.${other}; | 94 | AllowedIPs = wgHostIPs.${family}.${other}; |
| 92 | PublicKey = trim (readFile (mkPublicKeyPath family other)); | 95 | PublicKey = trim (readFile (mkPublicKeyPath family other)); |
| 93 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); | 96 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); |
| 94 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 97 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); |
| 95 | linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; | 98 | linkMkEndpointCfg = family: opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort.${family}}"; }; |
| 96 | linkToGreDev = family: opts@{from, to, ...}: | 99 | linkToGreDev = family: opts@{from, to, ...}: |
| 97 | let | 100 | let |
| 98 | other = if thisHost from then to else from; | 101 | other = if thisHost from then to else from; |
| @@ -129,7 +132,7 @@ let | |||
| 129 | }; | 132 | }; |
| 130 | wireguardConfig = { | 133 | wireguardConfig = { |
| 131 | PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; | 134 | PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; |
| 132 | ListenPort = listenPort; | 135 | ListenPort = listenPort.${family}; |
| 133 | }; | 136 | }; |
| 134 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 137 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; |
| 135 | }; | 138 | }; |