diff options
Diffstat (limited to 'modules/yggdrasil-wg')
-rw-r--r-- | modules/yggdrasil-wg/default.nix | 32 | ||||
-rw-r--r-- | modules/yggdrasil-wg/hosts/4/sif.priv | 16 | ||||
-rw-r--r-- | modules/yggdrasil-wg/hosts/6/sif.priv | 16 |
3 files changed, 26 insertions, 38 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 8525cea0..8b190651 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
@@ -135,7 +135,7 @@ let | |||
135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; | 135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; |
136 | ListenPort = listenPort.${family}; | 136 | ListenPort = listenPort.${family}; |
137 | }; | 137 | }; |
138 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 138 | wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family}; |
139 | }; | 139 | }; |
140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; | 140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; |
141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { | 141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { |
@@ -145,9 +145,7 @@ let | |||
145 | }; | 145 | }; |
146 | address = [wgHostIPs.${family}.${hostName}]; | 146 | address = [wgHostIPs.${family}.${hostName}]; |
147 | routes = [ | 147 | routes = [ |
148 | { routeConfig = { | 148 | { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; |
149 | Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; | ||
150 | }; | ||
151 | } | 149 | } |
152 | ]; | 150 | ]; |
153 | linkConfig = { | 151 | linkConfig = { |
@@ -203,25 +201,19 @@ in { | |||
203 | dns = ["2a03:4000:52:ada:1:1::"]; | 201 | dns = ["2a03:4000:52:ada:1:1::"]; |
204 | domains = ["yggdrasil"]; | 202 | domains = ["yggdrasil"]; |
205 | routes = [ | 203 | routes = [ |
206 | { routeConfig = { | 204 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
207 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 205 | GatewayOnLink = true; |
208 | GatewayOnLink = true; | ||
209 | }; | ||
210 | } | 206 | } |
211 | { routeConfig = { | 207 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
212 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 208 | GatewayOnLink = true; |
213 | GatewayOnLink = true; | 209 | Table = "yggdrasil"; |
214 | Table = "yggdrasil"; | ||
215 | }; | ||
216 | } | 210 | } |
217 | { routeConfig = { | 211 | { Destination = batHostIPs.${hostName}; |
218 | Destination = batHostIPs.${hostName}; | 212 | GatewayOnLink = true; |
219 | GatewayOnLink = true; | 213 | Table = "yggdrasil"; |
220 | Table = "yggdrasil"; | ||
221 | }; | ||
222 | } | 214 | } |
223 | ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); | 215 | ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); |
224 | routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; | 216 | routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName}; |
225 | linkConfig = { | 217 | linkConfig = { |
226 | MACAddress = "${batHostMACs.${hostName}}"; | 218 | MACAddress = "${batHostMACs.${hostName}}"; |
227 | RequiredForOnline = false; | 219 | RequiredForOnline = false; |
diff --git a/modules/yggdrasil-wg/hosts/4/sif.priv b/modules/yggdrasil-wg/hosts/4/sif.priv index bb1ce86a..13844677 100644 --- a/modules/yggdrasil-wg/hosts/4/sif.priv +++ b/modules/yggdrasil-wg/hosts/4/sif.priv | |||
@@ -7,19 +7,17 @@ | |||
7 | "hc_vault": null, | 7 | "hc_vault": null, |
8 | "age": [ | 8 | "age": [ |
9 | { | 9 | { |
10 | "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d", | 10 | "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", |
11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0R1AwUUR5L1dXN0l6Rnhy\neDZiS0g1MGhVZXBjdGNNTkg3dC92NlNScmlzClhRbzZyb1MwNFowK2JsMjJ1b1No\nYVBUSXd1QUwxaW8rMXd5akpJWkh1R1EKLS0tIDIwK1BLRFhabXpXcTRXU2hnKzhr\nKythRTh2QVNwRFdHeGcxYlIzelRuajAKXyDuk9GmR0sTYwfiCSFVMBlva4Ee1RpR\nF112J+L7NevzdcO8i0pFKbDiMZGvKuokl1YyQicbBno8iGgNiLwGPg==\n-----END AGE ENCRYPTED FILE-----\n" | 11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTzErMDBEdlpRbzM5VmpI\nWXh6cUxrNnFmL2hSb2NOUlV5b0ZjUzlHejI4CjhXdjlKM002NTJyL2gxakVqcy94\nME1aVzZkaXRDajdRem5QTnVUSGJWU1EKLS0tIGg0L2VWa2ZNVitxejZybWJQd3R4\neTNNWDdKUmhOekJSUG9ZSy9rd1FGQmcKOQxeIQnMd3KdLUT/h/sBY+iP/8p9CsVf\nRiQHhMEUinI0ey00zzLe1/IeuelC3io1qhNkm1jA9ft5eluNdMCUcg==\n-----END AGE ENCRYPTED FILE-----\n" |
12 | }, | ||
13 | { | ||
14 | "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne", | ||
15 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqdU1iOHFjSUNZWkVqS3Nh\nTmM1WUVGT3g1QXFqcDludTZ5SHk1VUlPVTNVClpYQWs0eFdBYzNtTk5FdFhuZjZa\ndllSY2dLYTJHaHZTTkdEa2c0Vkh3alkKLS0tIDNYOVFtY0Q1VWZJZ004TG1tdGV2\nS1d5cnZrd2NRQThFbDN3aWFkVEdiSG8KdLqEC9L9eanBZRntpca4BryRQoa/1CZ2\nzKZ/qEha9/W36akgPZY0/1kQmx1j0ei3SrlNAD2RpspBpToLbZlLIw==\n-----END AGE ENCRYPTED FILE-----\n" | ||
12 | } | 16 | } |
13 | ], | 17 | ], |
14 | "lastmodified": "2021-10-09T08:19:12Z", | 18 | "lastmodified": "2021-10-09T08:19:12Z", |
15 | "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", | 19 | "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", |
16 | "pgp": [ | 20 | "pgp": null, |
17 | { | ||
18 | "created_at": "2023-01-30T10:58:39Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAfgGtpp0c1/CtwtJvq7LeuFdSjI6XsFAWN6fe3V1rI0Aw\nttJyvxQURQ3sm4RwN1Qw9ut+6uoEds/8hT9xLMpzYbuM8zfWVZQV0vFufo67TPt/\n0l4BppAN5P0G0zWHFzKsxZOJl+uUfRRaO76CvW6uR5OuyLCKo3twyQqHQTQqg/3e\nPnZlYOJaDxxE8voNJHLIdwynuwdd4Yv7W0t+/sm8P2MnDpbw5F4iSzfvcOZ2xLRE\n=t2pN\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | 21 | "unencrypted_suffix": "_unencrypted", |
24 | "version": "3.7.1" | 22 | "version": "3.7.1" |
25 | } | 23 | } |
diff --git a/modules/yggdrasil-wg/hosts/6/sif.priv b/modules/yggdrasil-wg/hosts/6/sif.priv index c2df72f7..090c67af 100644 --- a/modules/yggdrasil-wg/hosts/6/sif.priv +++ b/modules/yggdrasil-wg/hosts/6/sif.priv | |||
@@ -7,19 +7,17 @@ | |||
7 | "hc_vault": null, | 7 | "hc_vault": null, |
8 | "age": [ | 8 | "age": [ |
9 | { | 9 | { |
10 | "recipient": "age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d", | 10 | "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866", |
11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNW50elZTWklNMGZ4TDU2\nOUlxbkN3SlB3U3ZnL1NJRW9XbFBoWW5yUEFRCmQ5VE40MUVEOEFkdHJHUHJMTmR4\nVnlMdmJ1M3d3ME9HY1NCRGZyYTYrOWcKLS0tIGdCeG8vM3lIcDRPakR5d3ZKcjhl\nN0xndjlOZXdiOHovbmJPZGhLdklCaHMKQycxaXqGVYh4ghuiyTJVQuNJxbNbr2Jw\nTUKmEZFYnrU+t+5uucSar4B/sxTHEcPaFOY9UDNMLa+n3rydJzpleg==\n-----END AGE ENCRYPTED FILE-----\n" | 11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdHE5S2FwdXdXeHJGSWg4\nU0gwcThscHVwaU1henJLMzd6dFEySXJDRGw4CjJzWExUeWdPemx5U3VMSFphb0RT\nZ0E0V2VWdDRHSW40MnM2L1l5QUQ0TmsKLS0tIENFbWhVZjQ3eHI4MkFYbmhIQzF1\nTm1tWWtVRTVXU1ZQWXRDQXRrL2UxemMKB2fBISUhnkCF4yZEHNyWtFJchyQbHYzq\nQK9gUnkbYU6D/XMSvo1qoTJOuYeQPXmmHPYWaJp9ofIrK05OOY+vaQ==\n-----END AGE ENCRYPTED FILE-----\n" |
12 | }, | ||
13 | { | ||
14 | "recipient": "age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne", | ||
15 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzS3VTNEJTbFdkeXVPTFJX\ndmRqK21RZ20rS2pFN2VHcENyOU5nakl4ZWo0Ck5pWDhTcDM1NUVkYnRWbWhsejlw\nRHhYNlBTMlF4d0ptRjhIQnRETVNrbzgKLS0tIGg5N29ZTjRLZXpHWFRSMlIzT0Y5\nd2RHOFJVVlJhaUZjUzNDc2h5MnhHblkKuKb/KJE6h5jviF2+invboC2yx5YcIQUL\nHswLjbc+SGkr8aTpBnNo6xB7tavgX4IxZjB3O0OPryCkexiOhEvTqQ==\n-----END AGE ENCRYPTED FILE-----\n" | ||
12 | } | 16 | } |
13 | ], | 17 | ], |
14 | "lastmodified": "2021-11-03T22:06:48Z", | 18 | "lastmodified": "2021-11-03T22:06:48Z", |
15 | "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]", | 19 | "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]", |
16 | "pgp": [ | 20 | "pgp": null, |
17 | { | ||
18 | "created_at": "2023-01-30T10:58:16Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAitUzFTAXY988U9StftlD4hFZFBwOtA/cMEjigFuy/GYw\nnVNFcTmvW8hLny9TP3NyCSIq6jv9RI0c70ipvatw0K7P+EDxbGUyGskieoBSUU5w\n0l4BIHzI2C7Q0uOl0y57zwxd+Xc6ZqQbKxIaszZ9hZ0qA3F29hk7pKHGtKfe1Z/q\nX7T2yYcedDzG0hkfuLxCoWEBKt8luAb40vXP4Bas/NUTZfpqP2hNF+TLzqNPEpxe\n=l8qu\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | 21 | "unencrypted_suffix": "_unencrypted", |
24 | "version": "3.7.1" | 22 | "version": "3.7.1" |
25 | } | 23 | } |