ellmau/nixos
1
0
Fork 0
mirror of https://github.com/ellmau/nixos.git synced 2025-12-19 09:29:36 +01:00
Code Issues Projects Releases Wiki Activity

Add extraAllowedIps option to wireguard module

Browse Source
This commit is contained in:
Stefan Ellmauthaler 2022-08-02 11:06:43 +02:00
parent 4bce59f602
commit 28d583c43c
Failed to extract signature
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
modules/wireguard.nix
View File

@ -59,6 +59,12 @@
type = types.str; type = types.str;
description = "Wireguard public key for this peer"; description = "Wireguard public key for this peer";
}; };
additionalAllowedIps = mkOption{
type = types.listOf types.str;
description = "Additional IPs to add to allowedIPs ";
default = [ ];
};
}; };
}); });
}; };
@ -128,9 +134,9 @@
inherit (peer) publicKey; inherit (peer) publicKey;
}; };
mkPeerPeer = prefixes: peer: { mkPeerPeer = prefixes: peers: peer: {
allowedIPs = (mkAddresses prefixes peer.localIp) allowedIPs = (mkAddresses prefixes peer.localIp)
++ (lib.concatMap (mkAddresses prefixes) peer.extraIps); ++ (lib.concatMap (mkAddresses prefixes) peer.extraIps) ++ (if lib.hasAttr hostName peers then peers.${hostName}.additionalAllowedIps else [ ]);
persistentKeepalive = 25; persistentKeepalive = 25;
inherit (peer) publicKey endpoint; inherit (peer) publicKey endpoint;
}; };
@ -172,7 +178,7 @@
} // (if isServer then { } // (if isServer then {
peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers; peers = lib.mapAttrsToList (_: mkServerPeer value.prefixes) value.peers;
} else if isPeer then { } else if isPeer then {
peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes) value.servers; peers = lib.mapAttrsToList (_: mkPeerPeer value.prefixes value.peers) value.servers;
postSetup = mkPostSetup interface value.prefixes value.servers; postSetup = mkPostSetup interface value.prefixes value.servers;
} else } else
{ })); { }));