summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r--modules/yggdrasil-wg/default.nix11
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 55064baa..51009c8f 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -3,7 +3,10 @@
3with lib; 3with lib;
4 4
5let 5let
6 listenPort = 51820; 6 listenPort = {
7 "4" = 51820;
8 "6" = 51821;
9 };
7 wgSubnet = { 10 wgSubnet = {
8 "4" = "2a03:4000:52:ada:2"; 11 "4" = "2a03:4000:52:ada:2";
9 "6" = "2a03:4000:52:ada:3"; 12 "6" = "2a03:4000:52:ada:3";
@@ -90,9 +93,9 @@ let
90 in { 93 in {
91 AllowedIPs = wgHostIPs.${family}.${other}; 94 AllowedIPs = wgHostIPs.${family}.${other};
92 PublicKey = trim (readFile (mkPublicKeyPath family other)); 95 PublicKey = trim (readFile (mkPublicKeyPath family other));
93 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); 96 } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts));
94 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); 97 linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"]));
95 linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; 98 linkMkEndpointCfg = family: opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort.${family}}"; };
96 linkToGreDev = family: opts@{from, to, ...}: 99 linkToGreDev = family: opts@{from, to, ...}:
97 let 100 let
98 other = if thisHost from then to else from; 101 other = if thisHost from then to else from;
@@ -129,7 +132,7 @@ let
129 }; 132 };
130 wireguardConfig = { 133 wireguardConfig = {
131 PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; 134 PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path;
132 ListenPort = listenPort; 135 ListenPort = listenPort.${family};
133 }; 136 };
134 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; 137 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family};
135 }; 138 };