diff options
Diffstat (limited to 'modules/yggdrasil-wg')
| -rw-r--r-- | modules/yggdrasil-wg/default.nix | 32 |
1 files changed, 12 insertions, 20 deletions
diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 8525cea0..8b190651 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix | |||
| @@ -135,7 +135,7 @@ let | |||
| 135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; | 135 | PrivateKeyFile = "/run/credentials/systemd-networkd.service/yggdrasil-wg-${family}.priv"; |
| 136 | ListenPort = listenPort.${family}; | 136 | ListenPort = listenPort.${family}; |
| 137 | }; | 137 | }; |
| 138 | wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; | 138 | wireguardPeers = map (opts@{to, from, ...}: linkToPeer family opts) hostLinks.${family}; |
| 139 | }; | 139 | }; |
| 140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; | 140 | familyToLoadCred = family: "yggdrasil-wg-${family}.priv:${config.sops.secrets."yggdrasil-wg-${family}.priv".path}"; |
| 141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { | 141 | familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { |
| @@ -145,9 +145,7 @@ let | |||
| 145 | }; | 145 | }; |
| 146 | address = [wgHostIPs.${family}.${hostName}]; | 146 | address = [wgHostIPs.${family}.${hostName}]; |
| 147 | routes = [ | 147 | routes = [ |
| 148 | { routeConfig = { | 148 | { Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; |
| 149 | Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; | ||
| 150 | }; | ||
| 151 | } | 149 | } |
| 152 | ]; | 150 | ]; |
| 153 | linkConfig = { | 151 | linkConfig = { |
| @@ -203,25 +201,19 @@ in { | |||
| 203 | dns = ["2a03:4000:52:ada:1:1::"]; | 201 | dns = ["2a03:4000:52:ada:1:1::"]; |
| 204 | domains = ["yggdrasil"]; | 202 | domains = ["yggdrasil"]; |
| 205 | routes = [ | 203 | routes = [ |
| 206 | { routeConfig = { | 204 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
| 207 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 205 | GatewayOnLink = true; |
| 208 | GatewayOnLink = true; | ||
| 209 | }; | ||
| 210 | } | 206 | } |
| 211 | { routeConfig = { | 207 | { Destination = "${batSubnet}::/${toString batSubnetLength}"; |
| 212 | Destination = "${batSubnet}::/${toString batSubnetLength}"; | 208 | GatewayOnLink = true; |
| 213 | GatewayOnLink = true; | 209 | Table = "yggdrasil"; |
| 214 | Table = "yggdrasil"; | ||
| 215 | }; | ||
| 216 | } | 210 | } |
| 217 | { routeConfig = { | 211 | { Destination = batHostIPs.${hostName}; |
| 218 | Destination = batHostIPs.${hostName}; | 212 | GatewayOnLink = true; |
| 219 | GatewayOnLink = true; | 213 | Table = "yggdrasil"; |
| 220 | Table = "yggdrasil"; | ||
| 221 | }; | ||
| 222 | } | 214 | } |
| 223 | ] ++ (concatMap (router: map (rAddr: { routeConfig = { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); | 215 | ] ++ (concatMap (router: map (rAddr: { Destination = "::/0"; Gateway = stripSubnet rAddr; GatewayOnLink = true; Table = "yggdrasil"; }) batHostIPs.${router}) (filter (router: router != hostName) routers)); |
| 224 | routingPolicyRules = map (addr: { routingPolicyRuleConfig = { Table = "yggdrasil"; From = addr; Priority = 1; }; }) batHostIPs.${hostName}; | 216 | routingPolicyRules = map (addr: { Table = "yggdrasil"; From = addr; Priority = 1; }) batHostIPs.${hostName}; |
| 225 | linkConfig = { | 217 | linkConfig = { |
| 226 | MACAddress = "${batHostMACs.${hostName}}"; | 218 | MACAddress = "${batHostMACs.${hostName}}"; |
| 227 | RequiredForOnline = false; | 219 | RequiredForOnline = false; |