diff options
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 5 | 
1 files changed, 3 insertions, 2 deletions
| diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index b1d4ee5d..cbe09955 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -76,6 +76,7 @@ let | |||
| 76 | vidhar = ["${batSubnet}:1::/${toString batHostLength}"]; | 76 | vidhar = ["${batSubnet}:1::/${toString batHostLength}"]; | 
| 77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; | 77 | sif = ["${batSubnet}:2::/${toString batHostLength}"]; | 
| 78 | }; | 78 | }; | 
| 79 | routers = [ "surtr" ]; | ||
| 79 | 80 | ||
| 80 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; | 81 | mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; | 
| 81 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; | 82 | mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; | 
| @@ -91,7 +92,7 @@ let | |||
| 91 | let | 92 | let | 
| 92 | other = if thisHost from then to else from; | 93 | other = if thisHost from then to else from; | 
| 93 | in { | 94 | in { | 
| 94 | AllowedIPs = wgHostIPs.${family}.${other}; | 95 | AllowedIPs = if elem other routers then ["0.0.0.0/0" "::/0"] else wgHostIPs.${family}.${other}; | 
| 95 | PublicKey = trim (readFile (mkPublicKeyPath family other)); | 96 | PublicKey = trim (readFile (mkPublicKeyPath family other)); | 
| 96 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); | 97 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); | 
| 97 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 98 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 
| @@ -202,7 +203,7 @@ in { | |||
| 202 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 203 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 
| 203 | }; | 204 | }; | 
| 204 | } | 205 | } | 
| 205 | ]; | 206 | ] ++ (concatMap (router: concatMap (family: { routeConfig = { Destination = "::/0"; Metric = 1; Gateway = wgHostIPs.${family}.${router}; }; }) families) routers); | 
| 206 | linkConfig = { | 207 | linkConfig = { | 
| 207 | MACAddress = "${batHostMACs.${hostName}}"; | 208 | MACAddress = "${batHostMACs.${hostName}}"; | 
| 208 | RequiredForOnline = false; | 209 | RequiredForOnline = false; | 
