summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r--modules/yggdrasil-wg/default.nix19
1 files changed, 10 insertions, 9 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 49acb76e..cef1ce4e 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -19,7 +19,7 @@ let
19 } 19 }
20 { from = "sif"; 20 { from = "sif";
21 to = "surtr"; 21 to = "surtr";
22 endpointHost = "202.61.241.61"; 22 endpointHost = "2a03:4000:52:ada::";
23 PersistentKeepalive = 25; 23 PersistentKeepalive = 25;
24 } 24 }
25 { from = "sif"; 25 { from = "sif";
@@ -57,19 +57,19 @@ let
57 publicKeyPath = mkPublicKeyPath hostName; 57 publicKeyPath = mkPublicKeyPath hostName;
58 privateKeyPath = mkPrivateKeyPath hostName; 58 privateKeyPath = mkPrivateKeyPath hostName;
59 inNetwork = pathExists privateKeyPath && pathExists publicKeyPath; 59 inNetwork = pathExists privateKeyPath && pathExists publicKeyPath;
60 hostLinks = filter ({ from, to, ... }: from == hostName || to == hostName) links; 60 hostLinks = filter ({ from, to, ... }: thisHost from || thisHost to) links;
61 linkToPeer = opts@{from, to, ...}: 61 linkToPeer = opts@{from, to, ...}:
62 let 62 let
63 other = if from == hostName then to else from; 63 other = if thisHost from then to else from;
64 in { 64 in {
65 AllowedIPs = wgHostIPs.${other}; 65 AllowedIPs = wgHostIPs.${other};
66 PublicKey = trim (readFile (mkPublicKeyPath other)); 66 PublicKey = trim (readFile (mkPublicKeyPath other));
67 } // (optionalAttrs (from == hostName) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); 67 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts));
68 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); 68 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"]));
69 linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && from == hostName) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; 69 linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; };
70 linkToGreDev = opts@{from, to, ...}: 70 linkToGreDev = opts@{from, to, ...}:
71 let 71 let
72 other = if from == hostName then to else from; 72 other = if thisHost from then to else from;
73 in nameValuePair "yggre-${other}" { 73 in nameValuePair "yggre-${other}" {
74 netdevConfig = { 74 netdevConfig = {
75 Name = "yggre-${other}"; 75 Name = "yggre-${other}";
@@ -82,7 +82,7 @@ let
82 }; 82 };
83 linkToGreNetwork = ix: opts@{from, to, ...}: 83 linkToGreNetwork = ix: opts@{from, to, ...}:
84 let 84 let
85 other = if from == hostName then to else from; 85 other = if thisHost from then to else from;
86 in nameValuePair "yggre-${other}" { 86 in nameValuePair "yggre-${other}" {
87 matchConfig = { 87 matchConfig = {
88 Name = "yggre-${other}"; 88 Name = "yggre-${other}";
@@ -97,6 +97,7 @@ let
97 }; 97 };
98 }; 98 };
99 99
100 thisHost = host: builtins.match "^(ipv(4|6)\.)?${hostName}$" host != null;
100 trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; 101 trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str;
101 stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; 102 stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0;
102 optIx = optName: xs: let 103 optIx = optName: xs: let
@@ -116,7 +117,7 @@ in {
116 { assertion = !inNetwork || (wgHostIPs ? "${hostName}"); 117 { assertion = !inNetwork || (wgHostIPs ? "${hostName}");
117 message = "yggdrasil-wg: Entry in wgHostIPs must exist."; 118 message = "yggdrasil-wg: Entry in wgHostIPs must exist.";
118 } 119 }
119 ] ++ map ({from, to, ...}: let other = if from == hostName then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; 120 ] ++ map ({from, to, ...}: let other = if thisHost from then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks;
120 121
121 systemd.network = mkIf inNetwork { 122 systemd.network = mkIf inNetwork {
122 enable = true; 123 enable = true;
@@ -157,7 +158,7 @@ in {
157 RequiredForOnline = false; 158 RequiredForOnline = false;
158 }; 159 };
159 networkConfig = { 160 networkConfig = {
160 Tunnel = map (opts@{from, to, ...}: let other = if from == hostName then to else from; in "yggre-${other}") hostLinks; 161 Tunnel = map (opts@{from, to, ...}: let other = if thisHost from then to else from; in "yggre-${other}") hostLinks;
161 }; 162 };
162 }; 163 };
163 yggdrasil = { 164 yggdrasil = {