gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/config/modules/nixos/wireguard.nix
kat witch 027c0012de
modules/nixos/wireguard-dns: Init
2021-09-07 04:14:08 +01:00

85 lines
2.6 KiB
Nix
Raw Blame History

{ config, lib, pkgs, nodes, name, ... }:
with lib;
let
cfg = config.network.wireguard;
hcfg = _: h: h.network.wireguard;
netHostsSelf = mapAttrs hcfg (filterAttrs (_: x: x.network.wireguard.enable or false) nodes);
netHosts = filterAttrs (n: x: n != name) netHostsSelf;
in
{
options.network.wireguard = {
enable = mkEnableOption "semi-automatic wireguard mesh";
magicNumber = mkOption { type = types.ints.u8; };
prefixV4 = mkOption {
type = types.str;
default = "10.42.69";
};
prefixV6 = mkOption {
type = types.str;
default = "fe80:";
};
keyPath = mkOption {
type = types.str;
default = "/etc/wireguard/mesh";
};
pubkey = mkOption {
type = with types; nullOr str;
default = null;
};
publicAddress4 = mkOption {
type = with types; nullOr str;
default = null;
};
publicAddress6 = mkOption {
type = with types; nullOr str;
default = null;
};
fwmark = mkOption {
type = with types; nullOr ints.u16;
default = null;
};
mtu = mkOption {
type = types.ints.u16;
default = 1500;
};
};
config = mkIf cfg.enable {
networking.wireguard.interfaces = mapAttrs'
(hname: hconf:
let
magicPort = 51820 + hconf.magicNumber + cfg.magicNumber;
iname = "wgmesh-${substring 0 8 hname}";
in
nameValuePair iname {
allowedIPsAsRoutes = false;
privateKeyFile = cfg.keyPath;
ips = [
"${cfg.prefixV4}.${toString cfg.magicNumber}/24"
"${cfg.prefixV6}:${toString cfg.magicNumber}/64"
];
listenPort = magicPort;
peers = optional (hconf.pubkey != null) {
publicKey = hconf.pubkey;
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
endpoint = with hconf; mkIf (publicAddress4 != null || publicAddress6 != null) (
if (publicAddress4 != null)
then "${publicAddress4}:${toString magicPort}"
else "[${publicAddress6}]:${toString magicPort}"
);
persistentKeepalive = with hconf; mkIf (publicAddress4 == null && publicAddress6 == null) 25;
};
postSetup = ''
ip route add ${cfg.prefixV4}.${toString hconf.magicNumber}/32 dev ${iname}
${optionalString (cfg.fwmark != null) "wg set ${iname} fwmark ${toString cfg.fwmark}"}
ip link set ${iname} mtu ${toString cfg.mtu}
'';
}
)
netHosts;
networking.firewall.allowedUDPPorts =
mapAttrsToList (_: hconf: 51820 + hconf.magicNumber + cfg.magicNumber) netHosts;
};
}
Reference in a new issue View git blame Copy permalink