diff options
Diffstat (limited to 'modules/yggdrasil-wg/default.nix')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 55064baa..51009c8f 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -3,7 +3,10 @@ | |||
3 | with lib; | 3 | with lib; |
4 | 4 | ||
5 | let | 5 | let |
6 | listenPort = 51820; | 6 | listenPort = { |
7 | "4" = 51820; | ||
8 | "6" = 51821; | ||
9 | }; | ||
7 | wgSubnet = { | 10 | wgSubnet = { |
8 | "4" = "2a03:4000:52:ada:2"; | 11 | "4" = "2a03:4000:52:ada:2"; |
9 | "6" = "2a03:4000:52:ada:3"; | 12 | "6" = "2a03:4000:52:ada:3"; |
@@ -90,9 +93,9 @@ let | |||
90 | in { | 93 | in { |
91 | AllowedIPs = wgHostIPs.${family}.${other}; | 94 | AllowedIPs = wgHostIPs.${family}.${other}; |
92 | PublicKey = trim (readFile (mkPublicKeyPath family other)); | 95 | PublicKey = trim (readFile (mkPublicKeyPath family other)); |
93 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); | 96 | } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg family opts)); |
94 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); | 97 | linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); |
95 | linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; | 98 | linkMkEndpointCfg = family: opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort.${family}}"; }; |
96 | linkToGreDev = family: opts@{from, to, ...}: | 99 | linkToGreDev = family: opts@{from, to, ...}: |
97 | let | 100 | let |
98 | other = if thisHost from then to else from; | 101 | other = if thisHost from then to else from; |
@@ -129,7 +132,7 @@ let | |||
129 | }; | 132 | }; |
130 | wireguardConfig = { | 133 | wireguardConfig = { |
131 | PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; | 134 | PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; |
132 | ListenPort = listenPort; | 135 | ListenPort = listenPort.${family}; |
133 | }; | 136 | }; |
134 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 137 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; |
135 | }; | 138 | }; |