mirror of
https://github.com/ellmau/nixos.git
synced 2025-12-19 09:29:36 +01:00
Further wireguard additions
This commit is contained in:
parent
7c3729693f
commit
73c929e603
GPG Key ID:
C804A9C1B7AF8256
@ -10,6 +10,10 @@ with lib; {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
peers = { };
|
peers = { };
|
||||||
|
|
||||||
|
prefix = {
|
||||||
|
ipv4 = "192.168.242.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@ -14,11 +14,6 @@ with lib; {
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
description = "local IP for the interface";
|
description = "local IP for the interface";
|
||||||
};
|
};
|
||||||
port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
description = "Port to use";
|
|
||||||
default = 51820;
|
|
||||||
};
|
|
||||||
|
|
||||||
publickey = mkOption {
|
publickey = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
@ -39,16 +34,6 @@ with lib; {
|
|||||||
type = types.str;
|
type = types.str;
|
||||||
description = "Wireguard public key for the peer";
|
description = "Wireguard public key for the peer";
|
||||||
};
|
};
|
||||||
|
|
||||||
setup = mkOption {
|
|
||||||
type = types.enum [
|
|
||||||
"none"
|
|
||||||
"key"
|
|
||||||
"wg"
|
|
||||||
"nm"
|
|
||||||
];
|
|
||||||
description = "How to setup this peer. none does nothing, key only exports the secret, wg sets up wireguard for local cloud and nm adds a tunnel option";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
@ -59,6 +44,12 @@ with lib; {
|
|||||||
description = "IPv4 prefix for wireguard address room";
|
description = "IPv4 prefix for wireguard address room";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
description = "Port to use";
|
||||||
|
default = 51820;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
@ -80,10 +71,33 @@ with lib; {
|
|||||||
mkServInterface = mkInterfaces (interface: value: builtins.hasAttr hostName value.servers);
|
mkServInterface = mkInterfaces (interface: value: builtins.hasAttr hostName value.servers);
|
||||||
interfaces = mkServInterface ++ mkPeerInterface;
|
interfaces = mkServInterface ++ mkPeerInterface;
|
||||||
|
|
||||||
mkInterfacename = interface: "wg-${interface}";
|
mkInterfaceName = interface: "wg-${interface}";
|
||||||
mkInterfaceSops = interface: {
|
mkInterfaceSops = interface: {
|
||||||
"wireguard-${interface}" = { sopsFile = secrets; };
|
"wireguard-${interface}" = { sopsFile = secrets; };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mkConfig = hostName: interface: value:
|
||||||
|
let
|
||||||
|
isServer = builtins.hasAttr hostName value.servers;
|
||||||
|
isPeer = builtins.hasAttr hostName value.peers;
|
||||||
|
curConf =
|
||||||
|
if isServer then
|
||||||
|
value.servers."${hostName}"
|
||||||
|
else
|
||||||
|
value.peers."${hostName}";
|
||||||
|
in
|
||||||
|
assert lib.asserts.assertMsg
|
||||||
|
((isServer || isPeer) && !(isServer && isPeer))
|
||||||
|
"host must be either server or peer";
|
||||||
|
lib.nameValuepair (mkInterfaceName interface) (
|
||||||
|
{
|
||||||
|
privateKeyFile = sops.secrets."wireguard-${interface}".path;
|
||||||
|
listenPort = value.listenPort;
|
||||||
|
} // (if isServer then { } else if isPeer then {
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{ })
|
||||||
|
);
|
||||||
in
|
in
|
||||||
mkIf cfg.wireguard.enable {
|
mkIf cfg.wireguard.enable {
|
||||||
sops.secrets = lib.mkMerge (map mkInterfaceSops interfaces);
|
sops.secrets = lib.mkMerge (map mkInterfaceSops interfaces);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user