summaryrefslogtreecommitdiff
path: root/modules/yggdrasil-wg
diff options
context:
space:
mode:
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r--modules/yggdrasil-wg/default.nix32
-rw-r--r--modules/yggdrasil-wg/hosts/4/sif.priv16
-rw-r--r--modules/yggdrasil-wg/hosts/6/sif.priv16
3 files changed, 26 insertions, 38 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix
index 8525cea0..8b190651 100644
--- a/modules/yggdrasil-wg/default.nix
+++ b/modules/yggdrasil-wg/default.nix
@@ -135,7 +135,7 @@ let
135 PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; 135 PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv";
136 ListenPort = listenPort.${family}; 136 ListenPort = listenPort.${family};
137 }; 137 };
138 wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; 138 wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family};
139 }; 139 };
140 familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; 140 familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}";
141 familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { 141 familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" {
@@ -145,9 +145,7 @@ let
145 }; 145 };
146 address = [wgHostIPs.${family}.${hostName}]; 146 address = [wgHostIPs.${family}.${hostName}];
147 routes = [ 147 routes = [
148 { routeConfig = { 148 { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}";
149 Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}";
150 };
151 } 149 }
152 ]; 150 ];
153 linkConfig = { 151 linkConfig = {
@@ -203,25 +201,19 @@ in {
203 dns = ["2a03:4000:52:ada:1:1::"]; 201 dns = ["2a03:4000:52:ada:1:1::"];
204 domains = ["yggdrasil"]; 202 domains = ["yggdrasil"];
205 routes = [ 203 routes = [
206 { routeConfig = { 204 { Destination = "${batSubnet}::/${toString batSubnetLength}";
207 Destination = "${batSubnet}::/${toString batSubnetLength}"; 205 GatewayOnLink = true;
208 GatewayOnLink = true;
209 };
210 } 206 }
211 { routeConfig = { 207 { Destination = "${batSubnet}::/${toString batSubnetLength}";
212 Destination = "${batSubnet}::/${toString batSubnetLength}"; 208 GatewayOnLink = true;
213 GatewayOnLink = true; 209 Table = "yggdrasil";
214 Table = "yggdrasil";
215 };
216 } 210 }
217 { routeConfig = { 211 { Destination = batHostIPs.${hostName};
218 Destination = batHostIPs.${hostName}; 212 GatewayOnLink = true;
219 GatewayOnLink = true; 213 Table = "yggdrasil";
220 Table = "yggdrasil";
221 };
222 } 214 }
223 ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); 215 ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers));
224 routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; 216 routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName};
225 linkConfig = { 217 linkConfig = {
226 MACAddress = "${batHostMACs.${hostName}}"; 218 MACAddress = "${batHostMACs.${hostName}}";
227 RequiredForOnline = false; 219 RequiredForOnline = false;
diff --git a/modules/yggdrasil-wg/hosts/4/sif.priv b/modules/yggdrasil-wg/hosts/4/sif.priv
index bb1ce86a..13844677 100644
--- a/modules/yggdrasil-wg/hosts/4/sif.priv
+++ b/modules/yggdrasil-wg/hosts/4/sif.priv
@@ -7,19 +7,17 @@
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": [ 8 "age": [
9 { 9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d", 10 "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0R1AwUUR5L1dXN0l6Rnhy\neDZiS0g1MGhVZXBjdGNNTkg3dC92NlNScmlzClhRbzZyb1MwNFowK2JsMjJ1b1No\nYVBUSXd1QUwxaW8rMXd5akpJWkh1R1EKLS0tIDIwK1BLRFhabXpXcTRXU2hnKzhr\nKythRTh2QVNwRFdHeGcxYlIzelRuajAKXyDuk9GmR0sTYwfiCSFVMBlva4Ee1RpR\nF112J+L7NevzdcO8i0pFKbDiMZGvKuokl1YyQicbBno8iGgNiLwGPg==\n-----END AGE ENCRYPTED FILE-----\n" 11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTzErMDBEdlpRbzM5VmpI\nWXh6cUxrNnFmL2hSb2NOUlV5b0ZjUzlHejI4CjhXdjlKM002NTJyL2gxakVqcy94\nME1aVzZkaXRDajdRem5QTnVUSGJWU1EKLS0tIGg0L2VWa2ZNVitxejZybWJQd3R4\neTNNWDdKUmhOekJSUG9ZSy9rd1FGQmcKOQxeIQnMd3KdLUT/h/sBY+iP/8p9CsVf\nRiQHhMEUinI0ey00zzLe1/IeuelC3io1qhNkm1jA9ft5eluNdMCUcg==\n-----END AGE ENCRYPTED FILE-----\n"
12 },
13 {
14 "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne",
15 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdU1iOHFjSUNZWkVqS3Nh\nTmM1WUVGT3g1QXFqcDludTZ5SHk1VUlPVTNVClpYQWs0eFdBYzNtTk5FdFhuZjZa\ndllSY2dLYTJHaHZTTkdEa2c0Vkh3alkKLS0tIDNYOVFtY0Q1VWZJZ004TG1tdGV2\nS1d5cnZrd2NRQThFbDN3aWFkVEdiSG8KdLqEC9L9eanBZRntpca4BryRQoa/1CZ2\nzKZ/qEha9/W36akgPZY0/1kQmx1j0ei3SrlNAD2RpspBpToLbZlLIw==\n-----END AGE ENCRYPTED FILE-----\n"
12 } 16 }
13 ], 17 ],
14 "lastmodified": "2021-10-09T08:19:12Z", 18 "lastmodified": "2021-10-09T08:19:12Z",
15 "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", 19 "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]",
16 "pgp": [ 20 "pgp": null,
17 {
18 "created_at": "2023-01-30T10:58:39Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfgGtpp0c1/CtwtJvq7LeuFdSjI6XsFAWN6fe3V1rI0Aw\nttJyvxQURQ3sm4RwN1Qw9ut+6uoEds/8hT9xLMpzYbuM8zfWVZQV0vFufo67TPt/\n0l4BppAN5P0G0zWHFzKsxZOJl+uUfRRaO76CvW6uR5OuyLCKo3twyQqHQTQqg/3e\nPnZlYOJaDxxE8voNJHLIdwynuwdd4Yv7W0t+/sm8P2MnDpbw5F4iSzfvcOZ2xLRE\n=t2pN\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted", 21 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1" 22 "version": "3.7.1"
25 } 23 }
diff --git a/modules/yggdrasil-wg/hosts/6/sif.priv b/modules/yggdrasil-wg/hosts/6/sif.priv
index c2df72f7..090c67af 100644
--- a/modules/yggdrasil-wg/hosts/6/sif.priv
+++ b/modules/yggdrasil-wg/hosts/6/sif.priv
@@ -7,19 +7,17 @@
7 "hc_vault": null, 7 "hc_vault": null,
8 "age": [ 8 "age": [
9 { 9 {
10 "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d", 10 "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNW50elZTWklNMGZ4TDU2\nOUlxbkN3SlB3U3ZnL1NJRW9XbFBoWW5yUEFRCmQ5VE40MUVEOEFkdHJHUHJMTmR4\nVnlMdmJ1M3d3ME9HY1NCRGZyYTYrOWcKLS0tIGdCeG8vM3lIcDRPakR5d3ZKcjhl\nN0xndjlOZXdiOHovbmJPZGhLdklCaHMKQycxaXqGVYh4ghuiyTJVQuNJxbNbr2Jw\nTUKmEZFYnrU+t+5uucSar4B/sxTHEcPaFOY9UDNMLa+n3rydJzpleg==\n-----END AGE ENCRYPTED FILE-----\n" 11 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdHE5S2FwdXdXeHJGSWg4\nU0gwcThscHVwaU1henJLMzd6dFEySXJDRGw4CjJzWExUeWdPemx5U3VMSFphb0RT\nZ0E0V2VWdDRHSW40MnM2L1l5QUQ0TmsKLS0tIENFbWhVZjQ3eHI4MkFYbmhIQzF1\nTm1tWWtVRTVXU1ZQWXRDQXRrL2UxemMKB2fBISUhnkCF4yZEHNyWtFJchyQbHYzq\nQK9gUnkbYU6D/XMSvo1qoTJOuYeQPXmmHPYWaJp9ofIrK05OOY+vaQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 },
13 {
14 "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne",
15 "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS3VTNEJTbFdkeXVPTFJX\ndmRqK21RZ20rS2pFN2VHcENyOU5nakl4ZWo0Ck5pWDhTcDM1NUVkYnRWbWhsejlw\nRHhYNlBTMlF4d0ptRjhIQnRETVNrbzgKLS0tIGg5N29ZTjRLZXpHWFRSMlIzT0Y5\nd2RHOFJVVlJhaUZjUzNDc2h5MnhHblkKuKb/KJE6h5jviF2+invboC2yx5YcIQUL\nHswLjbc+SGkr8aTpBnNo6xB7tavgX4IxZjB3O0OPryCkexiOhEvTqQ==\n-----END AGE ENCRYPTED FILE-----\n"
12 } 16 }
13 ], 17 ],
14 "lastmodified": "2021-11-03T22:06:48Z", 18 "lastmodified": "2021-11-03T22:06:48Z",
15 "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]", 19 "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]",
16 "pgp": [ 20 "pgp": null,
17 {
18 "created_at": "2023-01-30T10:58:16Z",
19 "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAitUzFTAXY988U9StftlD4hFZFBwOtA/cMEjigFuy/GYw\nnVNFcTmvW8hLny9TP3NyCSIq6jv9RI0c70ipvatw0K7P+EDxbGUyGskieoBSUU5w\n0l4BIHzI2C7Q0uOl0y57zwxd+Xc6ZqQbKxIaszZ9hZ0qA3F29hk7pKHGtKfe1Z/q\nX7T2yYcedDzG0hkfuLxCoWEBKt8luAb40vXP4Bas/NUTZfpqP2hNF+TLzqNPEpxe\n=l8qu\n-----END PGP MESSAGE-----\n",
20 "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
21 }
22 ],
23 "unencrypted_suffix": "_unencrypted", 21 "unencrypted_suffix": "_unencrypted",
24 "version": "3.7.1" 22 "version": "3.7.1"
25 } 23 }