diff options
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 49acb76e..cef1ce4e 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -19,7 +19,7 @@ let | |||
19 | } | 19 | } |
20 | { from = "sif"; | 20 | { from = "sif"; |
21 | to = "surtr"; | 21 | to = "surtr"; |
22 | endpointHost = "202.61.241.61"; | 22 | endpointHost = "2a03:4000:52:ada::"; |
23 | PersistentKeepalive = 25; | 23 | PersistentKeepalive = 25; |
24 | } | 24 | } |
25 | { from = "sif"; | 25 | { from = "sif"; |
@@ -57,19 +57,19 @@ let | |||
57 | publicKeyPath = mkPublicKeyPath hostName; | 57 | publicKeyPath = mkPublicKeyPath hostName; |
58 | privateKeyPath = mkPrivateKeyPath hostName; | 58 | privateKeyPath = mkPrivateKeyPath hostName; |
59 | inNetwork = pathExists privateKeyPath && pathExists publicKeyPath; | 59 | inNetwork = pathExists privateKeyPath && pathExists publicKeyPath; |
60 | hostLinks = filter ({ from, to, ... }: from == hostName || to == hostName) links; | 60 | hostLinks = filter ({ from, to, ... }: thisHost from || thisHost to) links; |
61 | linkToPeer = opts@{from, to, ...}: | 61 | linkToPeer = opts@{from, to, ...}: |
62 | let | 62 | let |
63 | other = if from == hostName then to else from; | 63 | other = if thisHost from then to else from; |
64 | in { | 64 | in { |
65 | AllowedIPs = wgHostIPs.${other}; | 65 | AllowedIPs = wgHostIPs.${other}; |
66 | PublicKey = trim (readFile (mkPublicKeyPath other)); | 66 | PublicKey = trim (readFile (mkPublicKeyPath other)); |
67 | } // (optionalAttrs (from == hostName) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); | 67 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); |
68 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 68 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); |
69 | linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && from == hostName) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; | 69 | linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; |
70 | linkToGreDev = opts@{from, to, ...}: | 70 | linkToGreDev = opts@{from, to, ...}: |
71 | let | 71 | let |
72 | other = if from == hostName then to else from; | 72 | other = if thisHost from then to else from; |
73 | in nameValuePair "yggre-${other}" { | 73 | in nameValuePair "yggre-${other}" { |
74 | netdevConfig = { | 74 | netdevConfig = { |
75 | Name = "yggre-${other}"; | 75 | Name = "yggre-${other}"; |
@@ -82,7 +82,7 @@ let | |||
82 | }; | 82 | }; |
83 | linkToGreNetwork = ix: opts@{from, to, ...}: | 83 | linkToGreNetwork = ix: opts@{from, to, ...}: |
84 | let | 84 | let |
85 | other = if from == hostName then to else from; | 85 | other = if thisHost from then to else from; |
86 | in nameValuePair "yggre-${other}" { | 86 | in nameValuePair "yggre-${other}" { |
87 | matchConfig = { | 87 | matchConfig = { |
88 | Name = "yggre-${other}"; | 88 | Name = "yggre-${other}"; |
@@ -97,6 +97,7 @@ let | |||
97 | }; | 97 | }; |
98 | }; | 98 | }; |
99 | 99 | ||
100 | thisHost = host: builtins.match "^(ipv(4|6)\.)?${hostName}$" host != null; | ||
100 | trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; | 101 | trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; |
101 | stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; | 102 | stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; |
102 | optIx = optName: xs: let | 103 | optIx = optName: xs: let |
@@ -116,7 +117,7 @@ in { | |||
116 | { assertion = !inNetwork || (wgHostIPs ? "${hostName}"); | 117 | { assertion = !inNetwork || (wgHostIPs ? "${hostName}"); |
117 | message = "yggdrasil-wg: Entry in wgHostIPs must exist."; | 118 | message = "yggdrasil-wg: Entry in wgHostIPs must exist."; |
118 | } | 119 | } |
119 | ] ++ map ({from, to, ...}: let other = if from == hostName then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; | 120 | ] ++ map ({from, to, ...}: let other = if thisHost from then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; |
120 | 121 | ||
121 | systemd.network = mkIf inNetwork { | 122 | systemd.network = mkIf inNetwork { |
122 | enable = true; | 123 | enable = true; |
@@ -157,7 +158,7 @@ in { | |||
157 | RequiredForOnline = false; | 158 | RequiredForOnline = false; |
158 | }; | 159 | }; |
159 | networkConfig = { | 160 | networkConfig = { |
160 | Tunnel = map (opts@{from, to, ...}: let other = if from == hostName then to else from; in "yggre-${other}") hostLinks; | 161 | Tunnel = map (opts@{from, to, ...}: let other = if thisHost from then to else from; in "yggre-${other}") hostLinks; |
161 | }; | 162 | }; |
162 | }; | 163 | }; |
163 | yggdrasil = { | 164 | yggdrasil = { |