From 9a1ba0b642ab2c89cf49ac0859c6ae3c07eeba32 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 10 Oct 2021 13:24:21 +0200 Subject: yggdrasil-wg: ... --- modules/yggdrasil-wg/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 60a153cf..573791bf 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix @@ -54,7 +54,7 @@ let in { allowedIPs = hostIPs.${other} ++ concatMap (rArgs: if rArgs.from != hostName || rArgs.via != to then [] else hostIPs.${rArgs.to}) routes; publicKey = trim (readFile (mkPublicKeyPath other)); - } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "localhost:${toString (udp2rawPort + ix)}"; })); + } // (optionalAttrs (from == hostName) (filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])) opts // optionalAttrs (opts ? "endpointHost") { endpoint = "127.0.0.1:${toString (udp2rawPort + ix)}"; })); trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; @@ -84,12 +84,14 @@ in { }; systemd.services = listToAttrs (filter ({ value, ...}: value != null) (imap0 (ix: opts@{to, from, ...}: let other = if from == hostName then to else from; in nameValuePair "yggdrasil-udp2raw@${other}" (if opts ? "endpointHost" then { - requiredBy = ["wireguard-yggdrasil.service"]; - serviceConfig = { ExecStart = "${pkgs.udp2raw}/bin/udp2raw ${if from == hostName then "-c -l 127.0.0.1:${toString (udp2rawPort + ix)} -r ${opts.endpointHost}:${toString (udp2rawPort + ix)}" else "-s -l 0.0.0.0:${toString (udp2rawPort + ix)} -r 127.0.0.1:${toString listenPort}"} -k tmpkey --auth-mode hmac_sha1 --raw-mode faketcp -a"; }; } else null)) hostLinks)) // { + "wireguard-yggdrasil" = { + requires = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks); + after = filter (value: value != null) (map (opts@{to, from, ...}: let other = if from == hostName then to else from; in if opts ? "endpointHost" then "yggdrasil-udp2raw@${other}" else null) hostLinks); + }; firewall.path = optionals isRouter [pkgs.procps]; }; -- cgit v1.2.3