From c47b09353f424eed1ef99bb41a9285ac87b051f2 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 3 Nov 2021 22:45:35 +0100 Subject: yggdrasil: sif to surtr v6? --- modules/yggdrasil-wg/default.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'modules') diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index 49acb76e..cef1ce4e 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix @@ -19,7 +19,7 @@ let } { from = "sif"; to = "surtr"; - endpointHost = "202.61.241.61"; + endpointHost = "2a03:4000:52:ada::"; PersistentKeepalive = 25; } { from = "sif"; @@ -57,19 +57,19 @@ let publicKeyPath = mkPublicKeyPath hostName; privateKeyPath = mkPrivateKeyPath hostName; inNetwork = pathExists privateKeyPath && pathExists publicKeyPath; - hostLinks = filter ({ from, to, ... }: from == hostName || to == hostName) links; + hostLinks = filter ({ from, to, ... }: thisHost from || thisHost to) links; linkToPeer = opts@{from, to, ...}: let - other = if from == hostName then to else from; + other = if thisHost from then to else from; in { AllowedIPs = wgHostIPs.${other}; PublicKey = trim (readFile (mkPublicKeyPath other)); - } // (optionalAttrs (from == hostName) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); + } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); - linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && from == hostName) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; + linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; linkToGreDev = opts@{from, to, ...}: let - other = if from == hostName then to else from; + other = if thisHost from then to else from; in nameValuePair "yggre-${other}" { netdevConfig = { Name = "yggre-${other}"; @@ -82,7 +82,7 @@ let }; linkToGreNetwork = ix: opts@{from, to, ...}: let - other = if from == hostName then to else from; + other = if thisHost from then to else from; in nameValuePair "yggre-${other}" { matchConfig = { Name = "yggre-${other}"; @@ -97,6 +97,7 @@ let }; }; + thisHost = host: builtins.match "^(ipv(4|6)\.)?${hostName}$" host != null; trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; optIx = optName: xs: let @@ -116,7 +117,7 @@ in { { assertion = !inNetwork || (wgHostIPs ? "${hostName}"); message = "yggdrasil-wg: Entry in wgHostIPs must exist."; } - ] ++ map ({from, to, ...}: let other = if from == hostName then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; + ] ++ map ({from, to, ...}: let other = if thisHost from then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; systemd.network = mkIf inNetwork { enable = true; @@ -157,7 +158,7 @@ in { RequiredForOnline = false; }; networkConfig = { - Tunnel = map (opts@{from, to, ...}: let other = if from == hostName then to else from; in "yggre-${other}") hostLinks; + Tunnel = map (opts@{from, to, ...}: let other = if thisHost from then to else from; in "yggre-${other}") hostLinks; }; }; yggdrasil = { -- cgit v1.2.3